I am having difficulties figuring out what I am doing wrong.
We have 8 different filenames as shown in the code beow.
Our goal is to give our users the ability to upload any or all of the 8 files to our server while submitting the form fields associated with uploaded file(s);
So far, the code has been able to save the completed records to the database successfully but the none of the files is getting saved to the folder called uploads.
Granted, there is a better of way of handling the file uploads but I am a php newbie.
Does anyone have any ideas what I am doing wrong?
<form id="form1" name="form1" method="POST" action="savedeeds.php" enctype="multipart/form-data">
<input type="file" name="BidIDFile" size="50">
<input type="file" name="Addendum1" size="50">
<input type="file" name="Addendum2" size="50">
<input type="file" name="Addendum3" size="50">
<input type="file" name="Addendum4" size="50">
<input type="file" name="Addendum5" size="50">
<input type="file" name="Addendum6" size="50">
<input type="file" name="SignInSheet" size="50">
<input type="file" name="TabSheet" size="50"></form>
<?php
error_reporting(E_ERROR | E_WARNING | E_PARSE);
include("Connections/Connect.php");
// this function is used to sanitize code against sql injection attack.
// this function is used to sanitize code against sql injection attack.
function ms_escape_string($data) {
if ( !isset($data) or empty($data) ) return '';
if ( is_numeric($data) ) return $data;
$non_displayables = array(
'/%0[0-8bcef]/', // url encoded 00-08, 11, 12, 14, 15
'/%1[0-9a-f]/', // url encoded 16-31
'/[\x00-\x08]/', // 00-08
'/\x0b/', // 11
'/\x0c/', // 12
'/[\x0e-\x1f]/' // 14-31
);
foreach ( $non_displayables as $regex )
$data = preg_replace( $regex, '', $data );
$data = str_replace("'", "''", $data );
return $data;
}
// Check that something has been submitted
if(isset($_POST['nameMember'])) {
$target = "uploads/";
$file_name = $_FILES['name']['name'];
$file_size =$_FILES['name']['size'];
$file_tmp =$_FILES['name']['tmp_name'];
$file_type=$_FILES['name']['type'];
$bidDate = ms_escape_string($_POST['txtBidDate']);
$dueDate = ms_escape_string($_POST['txtDueDate']);
$dueTime = ms_escape_string($_POST['txtDueTime']);
$bidtitle = ms_escape_string($_POST['BidTitle']);
$bidid = ms_escape_string($_POST['BidID']);
$desc = ms_escape_string($_POST['Description']);
$bidFile = "'". ms_escape_string($_FILES['BidIDFile']['name']) ."'";
$Addendum1 = "'". ms_escape_string($_FILES['Addendum1']['name']) ."'";
$Addendum2 = "'". ms_escape_string($_FILES['Addendum2']['name']) ."'";
$Addendum3 = "'". ms_escape_string($_FILES['Addendum3']['name']) ."'";
$Addendum4 = "'". ms_escape_string($_FILES['Addendum4']['name']) ."'";
$Addendum5 = "'". ms_escape_string($_FILES['Addendum5']['name']) ."'";
$Addendum6 = "'". ms_escape_string($_FILES['Addendum6']['name']) ."'";
$SignInSheet = "'". ms_escape_string($_FILES['SignInSheet']['name']) ."'";
$TabSheet = "'". ms_escape_string($_FILES['TabSheet']['name']) ."'";
$dept = ms_escape_string($_POST['Department']);
$BidContact = ms_escape_string($_POST['BidContact']);
$ContactEmail = ms_escape_string($_POST['ContactEmail']);
$ContactPhone = ms_escape_string($_POST['ContactPhone']);
$NumofBids = ms_escape_string($_POST['NumofBids']);
$AwardDate = ms_escape_string($_POST['txtAwardDate']);
$AwardRecip1 = ms_escape_string($_POST['AwardRecip1']);
$BidType = ms_escape_string($_POST['BidType']);
$LastUpdate = ms_escape_string($_POST['txtLastUpdate']);
$Notes = ms_escape_string($_POST['Notes']);
$BidStatus = ms_escape_string($_POST['BidStatus']);
if(move_uploaded_file($_FILES['name']['tmp_name'], $target))
{
//Tells you if its all ok
echo "The file ". $file_name. " has been uploaded to the directory and records saved to the database";
}
else {
//Gives and error if its not
echo "Sorry, there was a problem uploading your file.";
}
//Writes the information to the database
$sql="INSERT INTO deeds (BidDate,DueDate,DueTime,BidTitle,BidID,Description,BidIDFile,Addend1,Addend2,Addend3,Addend4,Addend5,Addend6,SignInSheet,TabSheet,AliasID,Xcontract,ContactEmail,ContactPhone,NumofBids,AwardDate,AwardRecip1,BidType,LastUpdate,Notes,BidStatus)
VALUES ('$bidDate', '$dueDate','$dueTime','$bidtitle','$bidid','$desc',$bidFile, $Addendum1,$Addendum2,$Addendum3,$Addendum4,$Addendum5,$Addendum6,$SignInSheet,$TabSheet,'$dept','$BidContact','$ContactEmail','$ContactPhone','$NumofBids','$AwardDate','$AwardRecip1','$BidType','$LastUpdate','$Notes','$BidStatus')" ;
$objQuery = sqlsrv_query($conn, $sql);
echo "Register Completed!";
echo "<a href='admin.php'>Admin screen</a>";
sqlsrv_close($conn);
}
?>
you miss many things 1-miss this input <input type="text" name="nameMember" size="50">
which is you will not enter upload script if not set this input 2-you miss foreach
to upload all files 3- move_uploaded_file($_FILES[$key]['tmp_name'], $target.$_FILES[$key]['name'])
instead move_uploaded_file($_FILES['name']['tmp_name'], $target)
<form id="form1" name="form1" method="POST" action="savedeeds.php" enctype="multipart/form-data">
<input type="file" name="BidIDFile" size="50">
<input type="file" name="Addendum1" size="50">
<input type="file" name="Addendum2" size="50">
<input type="file" name="Addendum3" size="50">
<input type="file" name="Addendum4" size="50">
<input type="file" name="Addendum5" size="50">
<input type="file" name="Addendum6" size="50">
<input type="file" name="SignInSheet" size="50"><br >
<input type="text" name="nameMember" size="50"><br >
<input type="submit" name="test" value="test" size="50">
<input type="file" name="TabSheet" size="50"></form>
<?php
error_reporting(E_ERROR | E_WARNING | E_PARSE);
//include("Connections/Connect.php");
ms_escape_string($_POST);
// this function is used to sanitize code against sql injection attack.
// this function is used to sanitize code against sql injection attack.
function ms_escape_string($data) {
if ( !isset($data) or empty($data) ) return '';
if ( is_numeric($data) ) return $data;
$non_displayables = array(
'/%0[0-8bcef]/', // url encoded 00-08, 11, 12, 14, 15
'/%1[0-9a-f]/', // url encoded 16-31
'/[\x00-\x08]/', // 00-08
'/\x0b/', // 11
'/\x0c/', // 12
'/[\x0e-\x1f]/' // 14-31
);
foreach ( $non_displayables as $regex )
$data = preg_replace( $regex, '', $data );
$data = str_replace("'", "''", $data );
return $data;
}
// Check that something has been submitted
if(isset($_POST['nameMember'])) {
$target = "uploads/";
$file_name = $_FILES['name']['name'];
$file_size =$_FILES['name']['size'];
$file_tmp =$_FILES['name']['tmp_name'];
$file_type=$_FILES['name']['type'];
$bidDate = ms_escape_string($_POST['txtBidDate']);
$dueDate = ms_escape_string($_POST['txtDueDate']);
$dueTime = ms_escape_string($_POST['txtDueTime']);
$bidtitle = ms_escape_string($_POST['BidTitle']);
$bidid = ms_escape_string($_POST['BidID']);
$desc = ms_escape_string($_POST['Description']);
$bidFile = "'". ms_escape_string($_FILES['BidIDFile']['name']) ."'";
$Addendum1 = "'". ms_escape_string($_FILES['Addendum1']['name']) ."'";
$Addendum2 = "'". ms_escape_string($_FILES['Addendum2']['name']) ."'";
$Addendum3 = "'". ms_escape_string($_FILES['Addendum3']['name']) ."'";
$Addendum4 = "'". ms_escape_string($_FILES['Addendum4']['name']) ."'";
$Addendum5 = "'". ms_escape_string($_FILES['Addendum5']['name']) ."'";
$Addendum6 = "'". ms_escape_string($_FILES['Addendum6']['name']) ."'";
$SignInSheet = "'". ms_escape_string($_FILES['SignInSheet']['name']) ."'";
$TabSheet = "'". ms_escape_string($_FILES['TabSheet']['name']) ."'";
$dept = ms_escape_string($_POST['Department']);
$BidContact = ms_escape_string($_POST['BidContact']);
$ContactEmail = ms_escape_string($_POST['ContactEmail']);
$ContactPhone = ms_escape_string($_POST['ContactPhone']);
$NumofBids = ms_escape_string($_POST['NumofBids']);
$AwardDate = ms_escape_string($_POST['txtAwardDate']);
$AwardRecip1 = ms_escape_string($_POST['AwardRecip1']);
$BidType = ms_escape_string($_POST['BidType']);
$LastUpdate = ms_escape_string($_POST['txtLastUpdate']);
$Notes = ms_escape_string($_POST['Notes']);
$BidStatus = ms_escape_string($_POST['BidStatus']);
foreach($_FILES as $key=>$val)
if(move_uploaded_file($_FILES[$key]['tmp_name'], $target.$_FILES[$key]['name']))
{
//Tells you if its all ok
echo "The file ". $file_name. " has been uploaded to the directory and records saved to the database";
}
else {
//Gives and error if its not
echo "Sorry, there was a problem uploading your file.";
}
//Writes the information to the database
$sql="INSERT INTO deeds (BidDate,DueDate,DueTime,BidTitle,BidID,Description,BidIDFile,Addend1,Addend2,Addend3,Addend4,Addend5,Addend6,SignInSheet,TabSheet,AliasID,Xcontract,ContactEmail,ContactPhone,NumofBids,AwardDate,AwardRecip1,BidType,LastUpdate,Notes,BidStatus)
VALUES ('$bidDate', '$dueDate','$dueTime','$bidtitle','$bidid','$desc',$bidFile, $Addendum1,$Addendum2,$Addendum3,$Addendum4,$Addendum5,$Addendum6,$SignInSheet,$TabSheet,'$dept','$BidContact','$ContactEmail','$ContactPhone','$NumofBids','$AwardDate','$AwardRecip1','$BidType','$LastUpdate','$Notes','$BidStatus')" ;
$objQuery = sqlsrv_query($conn, $sql);
echo "Register Completed!";
echo "<a href='admin.php'>Admin screen</a>";
sqlsrv_close($conn);
}
?>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.