View previous topic :: View next topic |
Author |
Message |
sblade46 -
Joined: 11 Dec 2009 Posts: 1
|
Posted: Fri Dec 11, 2009 8:18 pm Post subject: Trouble Uploading to mySQL with PHP |
|
|
So I am trying to upload to a blob in mySQL using PHP and I keep getting the error built into my script... I am running abyss on a windows box, and have php-5. Please let me know what I am doing wrong? Is there a setting I need? I have cut and pasted my code and I have the items set up right as far as I know in MySQL. When ran I get the error "File binary data insert failed!" Please help cause I have looked forever and cant find anything. Starting to wonder if Abyss isn't setup to handle this but that would be surprising... Thank you!
<?php
ob_start("ob_gzhandler");
$con = mysql_connect("localhost","myroot","mypassword");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("mydb", $con);
foreach ($_REQUEST as $key => $value) {
${$key} = mysql_escape_string($value);
}
//special file upload array:
$userfile_name = $_FILES['userfile']['name'];
$userfile = $_FILES['userfile']['tmp_name'];
if ($action == 2) {
if ($userfile <> "") {
//gathering data:
$filedate = time();
$userfile_name = mysql_escape_string($userfile_name);
$data = "";
//get file
$fp = fopen($userfile, "rb");
while(!feof($fp)) {
$data .= fread($fp, 1024);
}
fclose($fp);
$data = addslashes($data);
$data = addcslashes($data, "\0");
$query = "INSERT INTO loanfiledata VALUES(\"\",\"{$data}\")";
mysql_query($query)
or die("File binary data insert failed!");
$query = "select LAST_INSERT_ID() as dataid";
$result = mysql_query($query)
or die("New contact ID fetch failed!");
if (!mysql_data_seek($result, 0)) {
echo "cannot seek to the new ID!";
continue;
}
if (!($row = mysql_fetch_object($result)))
continue;
$dataid = $row->dataid;
mysql_free_result($result);
$query = "INSERT INTO loanfiles VALUES(\"\", \"{$userfile_name}\", \"{$ffiletype}\", \"{$filedate}\", \"{$dataid}\", \"{$note}\", \"0\")";
mysql_query($query)
or die("File header insert failed!");
}
}
?>
<HTML>
<HEAD>
<TITLE>Add File:</TITLE>
</HEAD>
<BODY BGCOLOR="#ffffff" TEXT="#000000" LINK="#000000" ALINK="#000000" VLINK="#000000">
<form action="uploadthom.php" method="post" enctype="multipart/form-data">
<input type="hidden" name="action" value="2">
<!-- change this to the size that you want to allow for uploads, this must be <= the allowed packet size in your SQL server setup (default 8MB) -->
<input type="hidden" name="MAX_FILE_SIZE" value="7000000">
<table cellspacing="2" cellpadding="2" border="0">
<tr>
<td><b>File to attach:</b> <input type="file" name="userfile" size="20" maxlength="255"></td>
<td><b>Description:</b> <input type="text" name="note" size="40" maxlength="255"></td>
</tr>
<tr>
<td>
<b>File type:</b> <select name="ffiletype" size="1">
<option value="0">General Document</option>
<option value="1">Resume</option>
<option value="1">Background Check</option>
</select>
</td>
</tr>
<tr>
<td><input type="submit" value="add >>"></td>
<td></td>
</tr>
</table>
</form>
</BODY>
</HTML>
<?php
ob_end_flush();
?> |
|
Back to top |
|
|
DonQuichote -
Joined: 24 Dec 2006 Posts: 68 Location: The Netherlands
|
Posted: Fri Dec 11, 2009 11:08 pm Post subject: |
|
|
First, use standard quotes in SQL. These are single quotes for strings. Also, do not use addslashes, but mysql_escape_string(). And implement some error handling that makes sure that the errors are logged while the user is not bothered by technical messages (and hackers do not get to know too many details). On your development machine, for testing, you can use die(mysql_error($con)). |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|