Always, rather. :glare:
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
// The upload form
<form method="post" enctype="multipart/form-data">
<table width="350" border="0" cellpadding="1" cellspacing="1" class="box">
<tr>
<td width="246">
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
<input name="title" value="Give your file a title" class="textfield">
<input name="userfile" type="file" id="userfile" class="textfield">
<textarea rows="8" name="desc" cols="40" class="textfield"></textarea>
</td>
<td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "><input type="reset" value="Reset" name="B2"></td>
</tr>
</table>
</form>
<?php
// upload process
if(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0)
{
$fileName = $_FILES['userfile']['name'];
$title = $_POST['title'];
$desc = $_POST['desc'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$fp = fopen($tmpName, 'r');
$content = fread($fp, filesize($tmpName));
$content = addslashes($content);
fclose($fp);
// Security
if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$title = addslashes($title);
$desc = addslashes($desc);
}
// SQL Connection line
-Removed-
// Inserts into table
$query = "INSERT INTO upload (name, size, type, content, title, desc)
VALUES ('$fileName', '$fileSize', '$fileType', '$content', '$title', '$desc')";
mysql_query($query) or die(mysql_error());
mysql_close;
echo "<br>File $fileName uploaded<br>";
}
?>
And what do I get on upload?
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc) VALUES ('Water lilies.jpg', '83794', 'image/jpeg', 'ÿØÿà\0JFIF\0\0`\0' at line 1
