this is the form being used also

<form method="post" action="parseVideo.php" enctype="multipart/form-data"> 
 <p><strong>Title:</strong><br> 
   <input type="text" name="title" id="title" size="80">
 </p>
 <p><strong>Description:</strong><br> 
   <input type="text" name="description" id="description" size="100">  

   </p>
 <p><strong>Time (format hh:mm:ss):</strong><br> 
   <input name="runtime" id="runtime" type="text" size="20">  

   </p>
 <p><strong>Keywords:</strong><br> 
   <input name="keywords" id="keywords" type="text" size="80">  </p>
 </p>
 <p>&nbsp;</p>
 <h2></h2> 
<p><strong>Thumbnail Image:</strong><br>
   <input type="file" name="image" id="image" size="50" class="textfield2"/>
 </p>
 <p>&nbsp;</p>
 <p><h2></h2>   </p>
 <p><br>
   <strong><font color="#FF0000">Video (flv only):</font></strong><br> 
   <input type="file" name="video" id="video" size="50" class="textfield3"> 
 </p>
 <p><input type="submit" name="submit" value="submit" class="medium awesome"> 
 </form>

Hm..

Have your added a print_r($FILES); and print_r($POST); to the top of your processing script so you can see what is actually send to your server? I think that would help you. You try to add things to the database that do not exists. You probably should adjust your error reporting as you should have a screenm full of errors which are there to help you debug your script.

To start off:
You are moving two video files, but you have one video and one image, I think:
move_uploaded_file($FILES['video']['tmp_name'], '../media/videos/');
move_uploaded_file($FILES['video']['tmp_name'], '../media/videos/');

Where do you set these:
$image = $POST["image"]["name"];
$video = $POST["video"]["name"];

leatherback,

"""To start off:
You are moving two video files, but you have one video and one image, I think:
move_uploaded_file($FILES['video']['tmp_name'], '../media/videos/');
move_uploaded_file($FILES['video']['tmp_name'], '../media/videos/');"""

 you are correct, I am trying to upload an image and a video (along with the title,       desc, and length, but that part works).

"""Where do you set these:
$image = $POST["image"]["name"];
$video = $POST["video"]["name"];"""

 the image and the video I would like in the same directory, which is '../media/videos/'

also,

""""- Use: or die(mysql_error()) after each query and safe a headache
- use print_r($variable) to see the values in an array""""

 im new to php and programming, im kind of trying to teach myself as I go so I dont really know how to do all  that. if you can show how you would change this script to work and make more sense I would more than gladly appreciate it.

Based on the code you show, the moving of image & video cannot work, because you move the video twice, and the image 0 times.

What I meant was: the variable $_POST["image"]["name"], where do you set this? You do not seem to set these anywhere (There is no such field in the form you use).

If you are trying to learn, then read what people write to you.

add

print_r($FILES);
print_r($POST);

on top of your script, and see what that gives you (View source is usually best). Then you will have much better insight in your variables.

$results=mysql_query($query) or die(mysql_error());

As pointed out previously, you need to turn on error reporting. Edit php.ini to set this up. All the information you need is found at php.net, in this case php.ini directives. If you have several php.ini files in different places and don't know which is being used, you can run a php script containing simply

phpinfo();

and it will tell you the location of php.ini, among lots of other things.

You need to specify what errors should be reported, such as

error_reporting = E_ALL

In a development environment, you will most likely want

# php version >= 5.2.4
display_errors = std_err
# php < 5.2.4
display_errors = 1

# file to be used for logging errors. The web server user must have write access for
# this to work
error_log = /path/to/logfile

# enable logging
log_errors = 1

In a production environment, you should definitely turn off displaying errors. I.e. display_errors = 0

leatherback;10984971 wrote:

print_r($FILES);
print_r($POST);

on top of your script, and see what that gives you (View source is usually best).

I prefer using

printf('<pre>%s</pre>', print_r($_POST,1));
# and corresponding code for any other array I need to inspect

Since the pre element preserves whitespaces, which means the array is displayed with indented output right in the web page.

As for this part

$image = $_POST["image"]["name"];
$video = $_POST["video"]["name"];

With error reporting turned on, you'd get errors for both these lines. Perhaps they should be $_FILES[...][...].

According to the documentation of [man]move_uploaded_file[/man], the second parameter is the destination file, while you provide a directory. I'm just guessing, but I believe the OS won't allow you to overwrite a directory with a file, and move_uploaded_file will overwrite the destination if it exists, so you will probably get errors here as well.
Also, you do not check if the move was successful, so you have no idea if the files are actually saved in a permanent location.

$dir = '../media/videos/';

# Creates a new file, automatically generating a unique filename for this directory
$filename = tempnam($dir);
if (!move_uploaded_file($_FILES['video']['tmp_name'], $dir.$filename))
{
	# Failure
	# Don't store information in the database since the file hasn't been saved.
	# Inform the user that the upload has failed.
}
else
{
	# Success
}

The same goes for the execution of your sql query. You have no idea if it succeeded

$result = mysql_query();

if (!$result)
{
	# error
	# You should probably remove the recently saved file(s) since you won't be able
	# to find a corresponding entry in the db later on.
	# Obviously, also inform the user that the upload failed.
}

Part 14.30 of the HTTP 1.1 specification states that

The field value consists of a single absolute URI.

   Location       = "Location" ":" absoluteURI

An example is:

   Location: [url]http://www.w3.org/pub/WWW/People.html[/url]

This means that what you have,

header('Location: success.php');

is incorrect and has to be 'Location: http://example.com/success.php'. And you should obviously only perform a redirect to success.php if the file uploads, including database inserts, were successful.

One very important thing I forgot to mention is that you always have to sanitize data from external sources, since there is no telling what it might contain.

# Any string that is to be inserted into the database has to be properly escaped for this purpose,
# and that's done like this
$runtime = mysql_real_escape_string($_POST['runtime']);

# integers can simply be typecase
$count = (int) $_POST['count'];

# and same with float
$f = (float) $_POST['decimal_number'];

ok, thanks for the responses I greatly appreciate it. but now I think this is the most confused i've ever been my whole life lol... here is where that led me,

<?php
//connect to database
include_once "../include/connect_to_mysql.php";

//turn on error reporting
print_r($_FILES); 
print_r($_POST);

//where the file is stored
$dir = '../media/videos/'; 

//then
$imgtempname = $_FILES["image"]["tmp_name"];
$vidtempname = $_FILES["video"]["tmp_name"];
# Creates a new file, automatically generating a unique filename for this directory 
$vidtempname = tempnam($dir); 
if (!move_uploaded_file($_FILES['video']['tmp_name'], $dir.$vidtempname)) 
{ 
    echo"file cannot be uploaded";
	die;
} 
else 
{ 

//moves file into directory
move_uploaded_file($_FILES['video']['tmp_name'], '../media/videos/');

//then you have to add the names of these files and two other fileds to database
$runtime = mysql_real_escape_string($_POST['runtime']);
$keywords = mysql_real_escape_string($_POST['keywords']);
$title = mysql_real_escape_string($_POST['title']);
$description = mysql_real_escape_string($_POST['description']);
$image = $_POST($_FILES["image"]["tmp_name"]);
$video = $_POST($_FILES["video"]["tmp_name"]);
//ad all the details to database
$query = "INSERT INTO videos (dateAdded, title, runtime, keywords, image, description, video) VALUES (now(), '$title', '$runtime', '$keywords', '$image', '$description', '$video')";
$results=mysql_query($query) or die(echo "files could not be added to the database, please try again later");

}
//redirect user
header('Location: success.php'); die;
?>

this is another script I tried writing but this one just doesnt work at all, it doesnt even throw any errors?@!? :mad:

<?php
require ("../include/connect_to_mysql.php");

function savedata(){
	global $_FILES, $_POST;	
	$sql = "INSERT INTO `hhu`.`videos` (`id`, `dateAdded`, `title`, `description`, `video`, `runtime`, `keywords`) VALUES (NULL, now(), '".mysql_real_escape_string($_POST['title'])."', '".mysql_real_escape_string($_POST['description'])."', '".mysql_real_escape_string($target )."', '', '".mysql_real_escape_string($_POST['runtime'])."', '".mysql_real_escape_string($_POST['keywords'])."');"
	mysql_query ($sql);

}
//see if the file is uploaded
$target = "../media/videos/".basename($_FILES['uploadedfile']['name']);
//make sure they're not uploading a php file to hack the server ot something
$putItAd = str_replace("php","txt", $target);
if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'].$target)){
	savedata();
	//if success, redirect user to somewhere else
	header("location: success.php");
}else{
	//trying copying file instead of moving it it that didnt work
	if (copy($_FILES['uploadedfile']['tmp_name'].$target)){
		savedata();
		//so if that was successfull
		header("location: success.php");
	}else{
	echo 'there is a problem with upload the file, please try again. <a href="../videoUpload.php">CLICK HERE</a> to go back and try again.'	;
	}
}

?>

Erm... yikes, where to start. :o Here's an overall critique of your most recent version of the first script (post #14), with one for your most recent post to follow in a separate post:

1. //turn on error reporting 
   print_r($_FILES); 
   print_r($_POST);

   Seems like the code comment is out-of-sync with what the code is actually doing. Also note that this is going to output something (e.g. break any header() calls that might happen afterwards).

2. What is the purpose of these two variables:

   //then 
   $imgtempname = $_FILES["image"]["tmp_name"]; 
   $vidtempname = $_FILES["video"]["tmp_name"];  

   ? Also, why do you immediately overwrite the value of one of them with something else:

   # Creates a new file, automatically generating a unique filename for this directory 
   $vidtempname = tempnam($dir);

   yet not the other?

   Also also, why are you using [man]tempnam/man at all?

3. The logic here doesn't make sense:

   if (!move_uploaded_file($_FILES['video']['tmp_name'], $dir.$vidtempname)) 
   { 
       echo"file cannot be uploaded"; 
       die; 
   } 
   else 
   { 
   
   //moves file into directory 
   move_uploaded_file($_FILES['video']['tmp_name'], '../media/videos/'); 

   "If the call to move_uploaded_file() is not successful, output an error message; otherwise call move_uploaded_file()." Notice the repetition? Furthermore, the second call isn't even correct (for the reasons already noted above), making me suspect it was supposed to be removed altogether?

4. This:

   $image = $_POST($_FILES["image"]["tmp_name"]); 
   $video = $_POST($_FILES["video"]["tmp_name"]); 

   makes no sense. What you're doing is attempting to call a function whose name is held in the variable $_POST, passing it the temporary name of those two files as the first (and only) parameter.

5. This:

   die(echo "files could not be added to the database, please try again later");

   doesn't make any sense either, and what's worse it's going to cause a parse error (why didn't you mention that in your post or, even better, fix it first?).

6. You attempt to redirect the user via a header() call unconditionally, yet one of the conditional branches before that call might output some data (which would break future calls to header() and similar functions).

And here's the critique for the newest code:

1. There's no need to use [man]global[/man] on $FILES or $POST; they're called superglobal variables for a reason.

2. Inside that same function - savedata() - you attempt to use a variable $target that does not exist.

3. This:

   move_uploaded_file($_FILES['uploadedfile']['tmp_name'].$target)

   is missing a second parameter; perhaps that period was meant to be a comma?

4. Same comment as above as for this:

   copy($_FILES['uploadedfile']['tmp_name'].$target)

5. Speaking of that, why on earth are you doing that anyway? If move_uploaded_file() fails to move the uploaded file, copy() is surely going to fail as well.

6. Overall, neither of the scripts does much checking to make sure things were POST'ed and/or uploaded correctly before blindly referencing external values.

   For example, you never use [man]isset/man or [man]empty/man to verify that the external data exists before attempting to access/use it.

   For another, you never check to see if the file(s) is/were actually uploaded successfully. I tend to wrap all of the uploaded file processing code in if() statements that looks like:

   if(isset($_FILES['foo']))
   {
   	if($_FILES['foo']['error'] == UPLOAD_ERR_OK)
   	{
   		// attempt to process file upload here.
   	}
   	else
   	{
   		// upload error occured; see manual page linked below for info
   
   	// often I'll incorporate a switch/case structure (or if/elseif)
   	//     in order to output a meaningful error message to the user,
   	//     depending upon which error has occured
   }
   }
   else
   {
   	// oops - user didn't even try to upload a file
   }

EDIT: Woops, almost forgot...

The link mentioned in the last item above would be: [man]features.file-upload.errors[/man]. That man page shows you the possible values the 'error' index can take on, letting you know whether or not the file upload was successful and, if not, why it wasn't.