[RESOLVED] Pload file into folder and store file name in db

pnarendran

Hi Friends:
I wanted to upload a pic to a folder and that worked fine. But then I wanted to replace that pic with another based on logged in user so I thought best would be to store the new upload file name in userprofile db and then retrieve that stored filename to display the pic stored in folder. When I added the additional code to store file name into db I get this error:

Success! Picture Uploaded.

Upload: file_151438.gif
Type: image/gif
Size: 22.447265625 Kb
Temp file: D:\Temp\php\php2BD2.tmp
Stored in: upload/file_151438.gif

Notice: Undefined variable: pic in D:\Hosting\7520570\html\india\uploadfile.php on line 49

My working original code:

<?php 
session_start();
require_once 'config.php';

ini_set('display_errors', 1); error_reporting(~0);

 if ((($_FILES["file"]["type"] == "image/gif")
 ||($_FILES["file"]["type"] == "image/png")
 ||($_FILES["file"]["type"] == "image/jpeg")
 ||($_FILES["file"]["type"] == "image/pjpeg"))
 && ($_FILES["file"]["size"] < 716800))
   {
   if ($_FILES["file"]["error"] > 0)
     {
     echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
     }
   else
     {
     echo "<h2>"."Success! Picture Uploaded."."</h2>"."<br />";
     echo "Upload: " . $_FILES["file"]["name"] . "<br />";
     echo "Type: " . $_FILES["file"]["type"] . "<br />";
     echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
     echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

if (file_exists("upload/" . $_FILES["file"]["name"]))
   {
    move_uploaded_file($_FILES["file"]["tmp_name"],
   "upload/" . $_FILES["file"]["name"]);

echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
   }
 else
   {
   move_uploaded_file($_FILES["file"]["tmp_name"],
   "upload/" . $_FILES["file"]["name"]);
   echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
   }
 }
   }
 else
   {
   echo "Invalid file. <br /> Please ensure file extention is gif, jpeg or png and file size <= 700KB. Thanks for your understanding and co-operation.";
   }


?>

<a href="profile2.php"><input type="button" value="Upload another file"></a> 
 </form>

My not working modified code:

<?php 
session_start();
require_once 'config.php';

$pic==$_FILES["file"]["name"];

ini_set('display_errors', 1); error_reporting(~0);

 if ((($_FILES["file"]["type"] == "image/gif")
 ||($_FILES["file"]["type"] == "image/png")
 ||($_FILES["file"]["type"] == "image/jpeg")
 ||($_FILES["file"]["type"] == "image/pjpeg"))
 && ($_FILES["file"]["size"] < 716800))
   {
   if ($_FILES["file"]["error"] > 0)
     {
     echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
     }
   else
     {
     echo "<h2>"."Success! Picture Uploaded."."</h2>"."<br />";
     echo "Upload: " . $_FILES["file"]["name"] . "<br />";
     echo "Type: " . $_FILES["file"]["type"] . "<br />";
     echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
     echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

if (file_exists("upload/" . $_FILES["file"]["name"]))
   {
    move_uploaded_file($_FILES["file"]["tmp_name"],
   "upload/" . $_FILES["file"]["name"]);

echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
   }
 else
   {
   move_uploaded_file($_FILES["file"]["tmp_name"],
   "upload/" . $_FILES["file"]["name"]);
   echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
   }
 }
   }
 else
   {
   echo "Invalid file. <br /> Please ensure file extention is gif, jpeg or png and file size <= 700KB. Thanks for your understanding and co-operation.";
   }

if (isset($_SESSION['user'])){
$user=$_SESSION['user'];
$query = ("UPDATE userprofile set picture=$pic WHERE username=$user");}
else {}


?>

<a href="profile2.php"><input type="button" value="Upload another file"></a> 
 </form>

What 'm I doing wrong? Is there a better way to do this? Please help. Thanks in advance.🙂

Weedpacket

$pic==$_FILES["file"]["name"];

You've accidentally used a comparison operator instead of assignment.

pnarendran

When I replaced the == with = the error is gone, but the db is not updated with the file name in the picture field.

Weedpacket

Because the syntax of your SQL query is wrong; you haven't quoted the string fields (and you haven't escaped the variables you're embedding in it).

pnarendran

Weedpacket;10990790 wrote:
Because the syntax of your SQL query is wrong; you haven't quoted the string fields (and you haven't escaped the variables you're embedding in it).

But I did this to the code and it still gives no error - in fact it even echoes db updated, but it doesn't update the table. And one more problem I noticed right from beginning is that png files are not getting uploaded even to the folder, whereas gif and jpeg upload to folder but file name doesn't get updated in picture field in the table.

Modified Code:

<?php
session_start();
require_once 'config.php';



ini_set('display_errors', 1); error_reporting(~0);

if ((($_FILES["file"]["type"] == "image/gif")
||($_FILES["file"]["type"] == "image/png")
||($_FILES["file"]["type"] == "image/jpeg")
||($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 716800))
   {
   if ($_FILES["file"]["error"] > 0)
     {
     echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
     }
   else
     {
     echo "<h2>"."Success! Picture Uploaded."."</h2>"."<br />";
     echo "Upload: " . $_FILES["file"]["name"] . "<br />";
     echo "Type: " . $_FILES["file"]["type"] . "<br />";
     echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
     echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

if (file_exists("upload/" . $_FILES["file"]["name"]))
   {
   	$pic=($_FILES["file"]["name"]);
 move_uploaded_file($_FILES["file"]["tmp_name"],
   "upload/" . $_FILES["file"]["name"]);

echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
   }
 else
   {
   $pic=($_FILES["file"]["name"]);
move_uploaded_file($_FILES["file"]["tmp_name"],
   "upload/" . $_FILES["file"]["name"]);
   echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
   }
 }
   }
else
   {
   echo "Invalid file. <br /> Please ensure file extention is gif, jpeg or png and file size <= 700KB. Thanks for your understanding and co-operation.";
   }

if (isset($_SESSION['user'])){
$user=$_SESSION['user'];
$pic=($_FILES["file"]["name"]);
$query = "UPDATE `userprofile` SET `picture` = '$pic' WHERE `username` ='$user'";
echo "db updated";
}
else {echo "no records";}


?>

<a href="profile2.php"><input type="button" value="Upload another file"></a>
</form>

bradgrafelman

First note that you still aren't sanitizing those string inputs before placing them in a SQL query - see [man]mysql_real_escape_string/man (or similar, depending upon which PHP library/extension you're using) for that.

Next, note that you aren't actually executing any SQL queries. You define a variable called $query but never do anything with it.

pnarendran

Sorry I don't seem to understand. I only want to update the field in the databse. I don't want to do anything else with it. Whatever I need to be done is already done.... Is my brain fried?

pnarendran

Friends ...please give me some clues. My brain seems to be really fried on this one. Should I do the data thingy? I'm really really going in circles with this one ...Please help.

bradgrafelman

I already told you two important things you were missing in my previous post. Which part(s) don't you understand?

pnarendran

I modified the code based on what I understood and I get this error:

<?php

Success! Picture Uploaded.

Upload: hello_logo.jpg
Type: image/jpeg
Size: 13.2509765625 Kb
Temp file: D:\Temp\php\php1FE.tmp
Stored in: upload/hello_logo.jpg
Notice: Undefined index: pic in D:\Hosting\5530520\html\test\uploadfile.php on line 55

Notice: Undefined index: user in D:\Hosting\5530520\html\test\uploadfile.php on line 55

My modified code reads like this:

<?php
session_start();
require_once 'config.php';



ini_set('display_errors', 1); error_reporting(~0);

if ((($_FILES["file"]["type"] == "image/gif")
||($_FILES["file"]["type"] == "image/png")
||($_FILES["file"]["type"] == "image/jpeg")
||($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 716800))
   {
   if ($_FILES["file"]["error"] > 0)
     {
     echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
     }
   else
     {
     echo "<h2>"."Success! Picture Uploaded."."</h2>"."<br />";
     echo "Upload: " . $_FILES["file"]["name"] . "<br />";
     echo "Type: " . $_FILES["file"]["type"] . "<br />";
     echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
     echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

if (file_exists("upload/" . $_FILES["file"]["name"]))
   {
   	$pic=($_FILES["file"]["name"]);
 move_uploaded_file($_FILES["file"]["tmp_name"],
   "upload/" . $_FILES["file"]["name"]);

echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
   }
 else
   {
   $pic=($_FILES["file"]["name"]);
move_uploaded_file($_FILES["file"]["tmp_name"],
   "upload/" . $_FILES["file"]["name"]);
   echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
   }
 }
   }
else
   {
   echo "Invalid file. <br /> Please ensure file extention is gif, jpeg or png and file size <= 700KB. Thanks for your understanding and co-operation.";
   }

if (isset($_SESSION['user'])){
$user=$_SESSION['user'];
$pic=($_FILES["file"]["name"]);
$query = "SELECT * FROM userprofile";
$result = mysql_query($query)or die(mysql_error());
while ($line = mysql_fetch_assoc($result)) {
mysql_query("UPDATE userprofile SET picture = '".$line['pic']."' where username = '".$line['user']."'")or die(mysql_error());}

echo "";
}

else {echo "no records";}


?>

<a href="profile2.php"><input type="button" value="Upload another file"></a>
</form>

I have been going in circles with this I'm not even able to think straight. Please help with a pinpointed answer of where the error is. Thanks much.🙂

pnarendran

pnarendran;10990922 wrote:
Friends ...please give me some clues. My brain seems to be really fried on this one. Should I do the data thingy? I'm really really going in circles with this one ...Please help.

Based on my understanding of what you all told me I went ahead and furtehr modified the code as follows:

<?php
session_start();
require_once 'config.php';

ini_set('display_errors', 1); error_reporting(~0);

if ((($_FILES["file"]["type"] == "image/gif")
||($_FILES["file"]["type"] == "image/png")
||($_FILES["file"]["type"] == "image/jpeg")
||($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 716800))
   {
   if ($_FILES["file"]["error"] > 0)
     {
     echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
     }
   else
     {
     echo "<h2>"."Success! Picture Uploaded."."</h2>"."<br />";
     echo "Upload: " . $_FILES["file"]["name"] . "<br />";
     echo "Type: " . $_FILES["file"]["type"] . "<br />";
     echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
     echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

if (file_exists("upload/" . $_FILES["file"]["name"]))
   {
   	$pic=($_FILES["file"]["name"]);
 move_uploaded_file($_FILES["file"]["tmp_name"],
   "upload/" . $_FILES["file"]["name"]);

echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
   }
 else
   {
   $pic=($_FILES["file"]["name"]);
move_uploaded_file($_FILES["file"]["tmp_name"],
   "upload/" . $_FILES["file"]["name"]);
   echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
   }
 }
   }
else
   {
   echo "Invalid file. <br /> Please ensure file extention is gif, jpeg or png and file size <= 700KB. Thanks for your understanding and co-operation.";
   }

if (isset($_SESSION['user'])){
$user=(isset($_POST($_SESSION['user']));
$pic=(isset($_POST($_FILES["file"]["name"])));
$query = "SELECT * FROM userprofile";
$result = mysql_query($query)or die(mysql_error());
while ($line = mysql_fetch_assoc($result)) {
mysql_query("UPDATE userprofile SET picture = '".$line['pic']."' where username = '".$line['user']."'")or die(mysql_error());}

echo "";
}

else {echo "no records";}


?>

<a href="profile2.php"><input type="button" value="Upload another file"></a>
</form>

and now I get this error. Can you please help?🙂


Fatal error: Can't use function return value in write context in D:\Hosting\5520320\html\test\uploadfile.php on line 50

pnarendran

Hello friends:

I have been working on all your ideas and now I'm getting this error. Seems like I'm close to fixing it. Can you please help me with a pair of extra eyes?🙂

Parse error: syntax error, unexpected ';' in D:\Hosting\4530520\html\test\uploadfile.php on line 50

Here is the modified code for uploadfile.php

<?php
session_start();
require_once 'config.php';



ini_set('display_errors', 1); error_reporting(~0);

if ((($_FILES["file"]["type"] == "image/gif")
||($_FILES["file"]["type"] == "image/png")
||($_FILES["file"]["type"] == "image/jpeg")
||($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 716800))
   {
   if ($_FILES["file"]["error"] > 0)
     {
     echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
     }
   else
     {
     echo "<h2>"."Success! Picture Uploaded."."</h2>"."<br />";
     echo "Upload: " . $_FILES["file"]["name"] . "<br />";
     echo "Type: " . $_FILES["file"]["type"] . "<br />";
     echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
     echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

if (file_exists("upload/" . $_FILES["file"]["name"]))
   {
   	$pic=($_FILES["file"]["name"]);
 move_uploaded_file($_FILES["file"]["tmp_name"],
   "upload/" . $_FILES["file"]["name"]);

echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
   }
 else
   {
   $pic=($_FILES["file"]["name"]);
move_uploaded_file($_FILES["file"]["tmp_name"],
   "upload/" . $_FILES["file"]["name"]);
   echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
   }
 }
   }
else
   {
   echo "Invalid file. <br /> Please ensure file extention is gif, jpeg or png and file size <= 700KB. Thanks for your understanding and co-operation.";
   }

if (isset($_SESSION['user'])){
$user=(isset($_POST[$_SESSION['user']]);
$pic=(isset($_POST[$_FILES["file"]["name"]]));
$query = "SELECT * FROM userprofile";
$result = mysql_query($query)or die(mysql_error());
while ($line = mysql_fetch_assoc($result)) {

mysql_query("update userprofile set `picture`='$line['pic']  where username=='$user'") or die(mysql_error());

}

else {echo "no records";}


?>

<a href="profile2.php"><input type="button" value="Upload another file"></a>
</form>

Derokorian

$user=(isset($POST[$SESSION['user']]);

2 opening parenthesis and only 1 closing.

pnarendran

when I took care of that here is the new error:

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in D:\Hosting\7520570\html\india\uploadfile.php on line 56

johanafm

# Indent your code properly (see ** below)
if (isset($_SESSION['user']))
{
	# isset() returns true or false.
	# Since you allready check this above, $user will always be true.
	# Most likely not what you want
	$user=(isset($_POST[$_SESSION['user']]);
	# $pic will be true or false...
	$pic=(isset($_POST[$_FILES["file"]["name"]]));
	$query = "SELECT * FROM userprofile";
	# Not a good idea to display mysql_error() to the end user
	$result = mysql_query($query)or die(mysql_error());

# This update assigns userprofile.pic to userprofile.picture
# Do you really want to store the exact same data twice for all users?
# Also, why are you executing this query once per user when you also specify that it should be
# done only for one particular user (except that $user is boolean true, so you will have no match
# for username=='true'
# Here's your T_ENCAPSED... error. Inside a doublequoted string, you access
# array elements like this "$line[pic]" or "{$line['pic']}"
# Which will make your code
# 		picture = '$line[pic] where username=='
# which also isn't what you want. Keep your quotes straight.
while ($line = mysql_fetch_assoc($result))
{
	mysql_query("update userprofile set `picture`='$line['pic']  where username=='$user'") or die(mysql_error());
}

# **
# There is no if preceeding this else. You lack a closing bracket
else
{
	echo "no records";
}

pnarendran

I changed the code over again as seen below:

<?php 
session_start();
require_once 'config.php';

ini_set('display_errors', 1); error_reporting(~0);
if (isset($_SESSION['user']))
{
$user=$_SESSION['user'];
$res = mysql_query("SELECT username,picture FROM userprofile WHERE 

username = '$user'") or die (mysql_error());
$data = mysql_fetch_assoc($res);

$username = htmlspecialchars($data['username']);
$pic = htmlspecialchars($data['picture']);



if ((($_FILES["file"]["type"] == "image/gif")
||($_FILES["file"]["type"] == "image/png")
||($_FILES["file"]["type"] == "image/jpeg")
||($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 716800))
   {
   if ($_FILES["file"]["error"] > 0)
     {
     echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
     }
   else
     {
     echo "<h2>"."Success! Picture Uploaded."."</h2>"."<br />";
     echo "Upload: " . $_FILES["file"]["name"] . "<br />";
     echo "Type: " . $_FILES["file"]["type"] . "<br />";
     echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br 

/>";
     echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

if (file_exists("upload/" . $_FILES["file"]["name"]))
   {
    move_uploaded_file($_FILES["file"]["tmp_name"],
   "upload/" . $_FILES["file"]["name"]);

echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
$result = mysql_query($res)or die(mysql_error());
while ($line = mysql_fetch_assoc($result)) {

mysql_query("update userprofile set `picture`="$line[pic]"  where 

username=='$user'") or die(mysql_error());

  }}

 else
   {
   move_uploaded_file($_FILES["file"]["tmp_name"],
   "upload/" . $_FILES["file"]["name"]);
   echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
   }
 }
   }
else
   {
   echo "Invalid file. <br /> Please ensure file extention is gif, 

jpeg or png and file size <= 700KB. Thanks for your understanding 

and co-operation.";
   }


?>

<a href="profile2.php"><input type="button" value="Upload another 

file"></a>
</form>

Now I have this error:

Parse error: syntax error, unexpected T_VARIABLE in D:\Hosting\7520570\html\india\uploadfile.php on line 44

I'm not sure if I'm even close or not. I'm so confused.

johanafm

As indicated by php, this is the line

mysql_query("update userprofile set `picture`="$line[pic]"  where

You can always start by chopping that line to smaller parts to get less code to look at. First off, make that line a complete statement in itself, without needed the rest found two lines below.

mysql_query("update userprofile set `picture`="$line[pic]"  where");

Then you can do things like

mysql_query(
"update userprofile set `picture`="
$line[pic]
"  where"
);

But you really do have to learn to understand the parser errors messages. Else you will have to post every single error message here and have others do the work for you.

Now, then the parser tells you that the line with $line[pic] matches the unexpected T_VARIABLE, ask yourself what things PHP should expect after the end of a string, since that's the last thing you have before it

# The last " is ending delimiter for the string. What things can follow a string literal?
"... `picture`="