stackoom
  简体   繁体   中英

Data is saved to the database but files are not getting uploaded to the server

 原文  2015-03-23 00:55:27       php

Question

I am having difficulties figuring out what I am doing wrong.

We have 8 different filenames as shown in the code beow.

Our goal is to give our users the ability to upload any or all of the 8 files to our server while submitting the form fields associated with uploaded file(s);

So far, the code has been able to save the completed records to the database successfully but the none of the files is getting saved to the folder called uploads.

Granted, there is a better of way of handling the file uploads but I am a php newbie.

Does anyone have any ideas what I am doing wrong? 

<form id="form1" name="form1" method="POST" action="savedeeds.php" enctype="multipart/form-data">
<input type="file" name="BidIDFile" size="50">
<input type="file" name="Addendum1" size="50">
<input type="file" name="Addendum2" size="50">
<input type="file" name="Addendum3" size="50">
<input type="file" name="Addendum4" size="50">
<input type="file" name="Addendum5" size="50">
<input type="file" name="Addendum6" size="50">
<input type="file" name="SignInSheet" size="50">
<input type="file" name="TabSheet" size="50"></form>


<?php
    error_reporting(E_ERROR | E_WARNING | E_PARSE);
    include("Connections/Connect.php");

// this function is used to sanitize code against sql injection attack.

// this function is used to sanitize code against sql injection attack.
function ms_escape_string($data) {
        if ( !isset($data) or empty($data) ) return '';
        if ( is_numeric($data) ) return $data;

        $non_displayables = array(
            '/%0[0-8bcef]/',            // url encoded 00-08, 11, 12, 14, 15
            '/%1[0-9a-f]/',             // url encoded 16-31
            '/[\x00-\x08]/',            // 00-08
            '/\x0b/',                   // 11
            '/\x0c/',                   // 12
            '/[\x0e-\x1f]/'             // 14-31
        );
        foreach ( $non_displayables as $regex )
            $data = preg_replace( $regex, '', $data );
        $data = str_replace("'", "''", $data );
        return $data;
    }

    // Check that something has been submitted
    if(isset($_POST['nameMember'])) {

$target = "uploads/";

 $file_name = $_FILES['name']['name'];
 $file_size =$_FILES['name']['size'];
 $file_tmp =$_FILES['name']['tmp_name'];
 $file_type=$_FILES['name']['type'];

$bidDate       =  ms_escape_string($_POST['txtBidDate']);
$dueDate       =  ms_escape_string($_POST['txtDueDate']);
$dueTime       =  ms_escape_string($_POST['txtDueTime']);
$bidtitle      =  ms_escape_string($_POST['BidTitle']);
$bidid         =  ms_escape_string($_POST['BidID']);
$desc          =  ms_escape_string($_POST['Description']);
$bidFile       =  "'". ms_escape_string($_FILES['BidIDFile']['name']) ."'";
$Addendum1     =  "'". ms_escape_string($_FILES['Addendum1']['name']) ."'";
$Addendum2     =  "'". ms_escape_string($_FILES['Addendum2']['name']) ."'";
$Addendum3     =  "'". ms_escape_string($_FILES['Addendum3']['name']) ."'";
$Addendum4     =  "'". ms_escape_string($_FILES['Addendum4']['name']) ."'";
$Addendum5     =  "'". ms_escape_string($_FILES['Addendum5']['name']) ."'";
$Addendum6     =  "'". ms_escape_string($_FILES['Addendum6']['name']) ."'";
$SignInSheet   =  "'". ms_escape_string($_FILES['SignInSheet']['name']) ."'";
$TabSheet      =  "'". ms_escape_string($_FILES['TabSheet']['name']) ."'";
$dept          =  ms_escape_string($_POST['Department']);
$BidContact    =  ms_escape_string($_POST['BidContact']);
$ContactEmail  =  ms_escape_string($_POST['ContactEmail']);
$ContactPhone  =  ms_escape_string($_POST['ContactPhone']);
$NumofBids     =  ms_escape_string($_POST['NumofBids']);
$AwardDate     =  ms_escape_string($_POST['txtAwardDate']);
$AwardRecip1   =  ms_escape_string($_POST['AwardRecip1']);
$BidType       =  ms_escape_string($_POST['BidType']);
$LastUpdate    =  ms_escape_string($_POST['txtLastUpdate']);
$Notes         =  ms_escape_string($_POST['Notes']);
$BidStatus     =  ms_escape_string($_POST['BidStatus']);

if(move_uploaded_file($_FILES['name']['tmp_name'], $target))
 {

 //Tells you if its all ok
                echo "The file ". $file_name. " has been uploaded to the directory and records saved to the database";
 }
 else {

 //Gives and error if its not
 echo "Sorry, there was a problem uploading your file.";
 }

//Writes the information to the database
$sql="INSERT INTO deeds (BidDate,DueDate,DueTime,BidTitle,BidID,Description,BidIDFile,Addend1,Addend2,Addend3,Addend4,Addend5,Addend6,SignInSheet,TabSheet,AliasID,Xcontract,ContactEmail,ContactPhone,NumofBids,AwardDate,AwardRecip1,BidType,LastUpdate,Notes,BidStatus)
 VALUES ('$bidDate', '$dueDate','$dueTime','$bidtitle','$bidid','$desc',$bidFile, $Addendum1,$Addendum2,$Addendum3,$Addendum4,$Addendum5,$Addendum6,$SignInSheet,$TabSheet,'$dept','$BidContact','$ContactEmail','$ContactPhone','$NumofBids','$AwardDate','$AwardRecip1','$BidType','$LastUpdate','$Notes','$BidStatus')" ;
$objQuery = sqlsrv_query($conn, $sql);
 echo "Register Completed!";
 echo "<a href='admin.php'>Admin screen</a>";

sqlsrv_close($conn);
}
?>

1 answers

solution1
 0  2015-03-23 01:00:05

you miss many things 1-miss this input <input type="text" name="nameMember" size="50"> which is you will not enter upload script if not set this input 2-you miss foreach to upload all files 3- move_uploaded_file($_FILES[$key]['tmp_name'], $target.$_FILES[$key]['name']) instead move_uploaded_file($_FILES['name']['tmp_name'], $target) 

<form id="form1" name="form1" method="POST" action="savedeeds.php" enctype="multipart/form-data">
<input type="file" name="BidIDFile" size="50">
<input type="file" name="Addendum1" size="50">
<input type="file" name="Addendum2" size="50">
<input type="file" name="Addendum3" size="50">
<input type="file" name="Addendum4" size="50">
<input type="file" name="Addendum5" size="50">
<input type="file" name="Addendum6" size="50">
<input type="file" name="SignInSheet" size="50"><br >
 <input type="text" name="nameMember" size="50"><br >
<input type="submit" name="test" value="test" size="50">
<input type="file" name="TabSheet" size="50"></form>


<?php
    error_reporting(E_ERROR | E_WARNING | E_PARSE);
    //include("Connections/Connect.php");
ms_escape_string($_POST);
// this function is used to sanitize code against sql injection attack.

// this function is used to sanitize code against sql injection attack.
function ms_escape_string($data) {

        if ( !isset($data) or empty($data) ) return '';
        if ( is_numeric($data) ) return $data;

        $non_displayables = array(
            '/%0[0-8bcef]/',            // url encoded 00-08, 11, 12, 14, 15
            '/%1[0-9a-f]/',             // url encoded 16-31
            '/[\x00-\x08]/',            // 00-08
            '/\x0b/',                   // 11
            '/\x0c/',                   // 12
            '/[\x0e-\x1f]/'             // 14-31
        );
        foreach ( $non_displayables as $regex )
            $data = preg_replace( $regex, '', $data );
        $data = str_replace("'", "''", $data );
        return $data;
    }

    // Check that something has been submitted
    if(isset($_POST['nameMember'])) {

$target = "uploads/";

 $file_name = $_FILES['name']['name'];
 $file_size =$_FILES['name']['size'];
 $file_tmp =$_FILES['name']['tmp_name'];
 $file_type=$_FILES['name']['type'];

$bidDate       =  ms_escape_string($_POST['txtBidDate']);
$dueDate       =  ms_escape_string($_POST['txtDueDate']);
$dueTime       =  ms_escape_string($_POST['txtDueTime']);
$bidtitle      =  ms_escape_string($_POST['BidTitle']);
$bidid         =  ms_escape_string($_POST['BidID']);
$desc          =  ms_escape_string($_POST['Description']);
$bidFile       =  "'". ms_escape_string($_FILES['BidIDFile']['name']) ."'";
$Addendum1     =  "'". ms_escape_string($_FILES['Addendum1']['name']) ."'";
$Addendum2     =  "'". ms_escape_string($_FILES['Addendum2']['name']) ."'";
$Addendum3     =  "'". ms_escape_string($_FILES['Addendum3']['name']) ."'";
$Addendum4     =  "'". ms_escape_string($_FILES['Addendum4']['name']) ."'";
$Addendum5     =  "'". ms_escape_string($_FILES['Addendum5']['name']) ."'";
$Addendum6     =  "'". ms_escape_string($_FILES['Addendum6']['name']) ."'";
$SignInSheet   =  "'". ms_escape_string($_FILES['SignInSheet']['name']) ."'";
$TabSheet      =  "'". ms_escape_string($_FILES['TabSheet']['name']) ."'";
$dept          =  ms_escape_string($_POST['Department']);
$BidContact    =  ms_escape_string($_POST['BidContact']);
$ContactEmail  =  ms_escape_string($_POST['ContactEmail']);
$ContactPhone  =  ms_escape_string($_POST['ContactPhone']);
$NumofBids     =  ms_escape_string($_POST['NumofBids']);
$AwardDate     =  ms_escape_string($_POST['txtAwardDate']);
$AwardRecip1   =  ms_escape_string($_POST['AwardRecip1']);
$BidType       =  ms_escape_string($_POST['BidType']);
$LastUpdate    =  ms_escape_string($_POST['txtLastUpdate']);
$Notes         =  ms_escape_string($_POST['Notes']);
$BidStatus     =  ms_escape_string($_POST['BidStatus']);

foreach($_FILES as $key=>$val)
if(move_uploaded_file($_FILES[$key]['tmp_name'], $target.$_FILES[$key]['name']))
 {

 //Tells you if its all ok
                echo "The file ". $file_name. " has been uploaded to the directory and records saved to the database";
 }
 else {

 //Gives and error if its not
 echo "Sorry, there was a problem uploading your file.";
 }

//Writes the information to the database
$sql="INSERT INTO deeds (BidDate,DueDate,DueTime,BidTitle,BidID,Description,BidIDFile,Addend1,Addend2,Addend3,Addend4,Addend5,Addend6,SignInSheet,TabSheet,AliasID,Xcontract,ContactEmail,ContactPhone,NumofBids,AwardDate,AwardRecip1,BidType,LastUpdate,Notes,BidStatus)
 VALUES ('$bidDate', '$dueDate','$dueTime','$bidtitle','$bidid','$desc',$bidFile, $Addendum1,$Addendum2,$Addendum3,$Addendum4,$Addendum5,$Addendum6,$SignInSheet,$TabSheet,'$dept','$BidContact','$ContactEmail','$ContactPhone','$NumofBids','$AwardDate','$AwardRecip1','$BidType','$LastUpdate','$Notes','$BidStatus')" ;
$objQuery = sqlsrv_query($conn, $sql);
echo "Register Completed!";
 echo "<a href='admin.php'>Admin screen</a>";

sqlsrv_close($conn);
}
?>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Trying to resize uploaded files as they are saved to server The image files is uploaded successfully to the folder but file name is not saved in database Data not getting saved in database using Laravel Getting 404 error after uploaded the data on server Files getting uploaded but values doesn't get reflected in database Ifile not getting uploaded in the database How to create a html table with database fields and respective files uploaded to server videos not getting uploaded on server Storing uploaded files on the server Uploaded file doesnt get saved in the server in php
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM