This is my code for upload.php, i want to upload the image in a directory and save its path to mysql database.
The image is successfully uploaded to the directory, but its entry doesn't get inserted into the database.
<?php
require("connect.php");
if (isset($_FILES["userfile"]) && !empty($_FILES["userfile"])) {
$image = $_FILES['userfile']['tmp_name'];
$imageName = $_FILES['userfile']['name'];
$about = $_POST['about'];
$title = $_POST['title'];
$place = $_POST['place'];
$date = $_POST['date'];
$time = $_POST['time'];
$link = $_POST['link'];
$details = $_POST['details'];
$con = $_POST['con'];
$email = $_POST['email'];
$number = $_POST['number'];
$len = count($image);
$path = "admin/news/";
for ($i = 0; $i < $len; $i++) {
if (isset($imageName[$i]) && $imageName[$i] !== NULL) {
if(move_uploaded_file($image[$i], $path.$imageName[$i])) {
mysqli_query($con,"insert into tblnews (newsid, about, date_of_event, time, link, event_place, title, details, image, date, contactperson, email, number) values('','$about','$date','$time','$link','$place','$title','$details','$imageName[1]',NOW(),'$con','$email','$number')");
echo"<script>alert('The news had been successfuly uploaded.')
window.location='index.php?pg=homepage'</script>";
}
}
}
}
?>
<form enctype="multipart/form-data" method="post" action="upload.php">
<table>
<tr>
<th>About</th>
<td>
<select name="about">
<option disabled selected>Select</option>
<option value="Taal">Taal Volcano</option>
<option value="Malarayat">Mt. Malarayat Forest Reserve</option>
<option value="vip">Verde Island Passage</option>
</select>
</td>
</tr>
<tr>
<th>Title</th>
<td><input type="text" name="title" required ></input></td>
</tr>
<tr>
<th>Event's Place</th>
<td><input type="text" name="place" required ></input></td>
</tr>
<tr>
<th>Event Date</th>
<td><input type="date" name="date" required></input></td>
</tr>
<tr>
<th>Event Time</th>
<td><input type="time" name="time"></input></td>
</tr>
<tr>
<th>Image</th>
<td><input name="userfile[]" type="file" multiple='multiple' />
</td>
</tr>
<tr>
<th>Link on Facebook</th>
<td><input type="text" name="link"></input></td>
<td><span>Go to the facebook page of the event and copy the url and paste it in the textbox.</span></td>
</tr>
<tr>
<th>Details</th>
<td><textarea name="details" style="height:250px;" ></textarea></td>
</tr>
<tr>
<th>Contact Person</th>
<td><input type="text" name="con" required ></input></td>
</tr>
<tr>
<th>Email</th>
<td><input type="email" name="email" required ></input></td>
</tr>
<tr>
<th>Number</th>
<td><input type="text" name="number" ></input></td>
</tr>
<tr>
<th></th>
<td><input type="submit" name="add_news" value="Upload"></input></td>
</tr>
</table>
</form>
Try using prepared statement instead of inserting variable
directly into your query.
And as @ajaykumartak pointed out newsid is likely an auto-increment key and do not need to be set in insertion.
Modification to your code:
if(move_uploaded_file($image[$i], $path.$imageName[$i])) {
$stmt = mysqli_stmt_init($con);
$query = <<<END
insert into tblnews (
about,
date_of_event,
time,
link,
event_place,
title,
details,
image,
date,
contactperson,
email,
number
)
values(?,?,?,?,?,?,?,?,?,?,?,?);
END;
mysqli_stmt_prepare($stmt,$query);
mysqli_stmt_bind_param($stmt,'ssssssssssss',
$about, $date, $time, $link,
$place, $tile, $details, $imageName[$i],
$date, $contactperson, $email, $number
);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
}
Of course you should also check for the return values of the function call to verify that they execute correctly, because I only inferred your table structure. You would need to check the error with mysqli_error
:
echo ( mysqli_error($con) );
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.