php mysql inserting file details but not the file name itself during uploading

Question

I have a problem with my file upload form. The form uploads all the file details but not the file name itself. The $file variable is not sent with the rest of the form, this is where most of my problems reside.

<?php   
if(isset($_POST['submit'])=="Submit") //check whether the form was submitted
    {

        $etablissement = cleanData($_POST['etablissement']);     
        $classe = cleanData($_POST['classe']);   
        $session = cleanData($_POST['session']);     
        $matiere = cleanData($_POST['matiere']);     
        $annee_scolaire = cleanData($_POST['anescolaire']);
        //$dossier = '../../assnet/uploads/'; //chemin absolu(vers la racine assnet)
        //$fichier = basename($_FILES['epreuve']['name']);

        //$file = basename($_FILES['epreuve']['name']);

        //print "Data cleaned";  
        addData($etablissement, $classe, $session, $matiere, $annee_scolaire);   
    }    
else
    {    
        printForm();     
    }    

function checkUpload() //check whether everything is OK before uploading the file
{
    //check for an uploaded file
    if(isset($_FILES['epreuve'])){
        //Validate the type 

        $allowed_extensions = array('application/pdf','application/pdf','application/doc','application/docx','application/ppt','application/pptx');
        if(in_array($_FILES['epreuve']['type'], $allowed_extensions)){
            print "Uploading files...";

            //move the file over
            if(move_uploaded_file($_FILES['epreuve']['tmp_name'], "../../assnet/uploads/{$_FILES['epreuve']['name']}")){
                echo "<p><em>The file has been uploaded</em></p>";

                $file = "{$_FILES['epreuve']['name']}";
                print "$file"; //the file name is normally displayed here
            } //End of move... IF
        } else{ //invalid type
            echo '<p class="error">Please upload a pdf, doc, docx, ppt or pptx document</p>';

            if($_FILES['epreuve']['error'] > 0){
                echo '<p class="error">The file could not be uploaded because : </strong>';
                //Print a message upon the error. NB: There is no error message 5

                switch($_FILES['epreuve']['error']){
                case 1:
                    print 'The file exceeds the upload_max_file_size setting in php.ini.';
                    break;
                case 2:
                    print 'The file exceeds the MAX_FILE_SIZE setting in the HTML form';
                    break;
                case 3:
                    print 'The file was only partially uploaded';
                    break;
                case 4:
                    print 'No file was uploaded';
                    break;
                case 6:
                    print 'No temporary folder was available';
                    break;
                case 7:
                    print 'Unable to write to disk';
                    break;
                case 8: 
                    print 'File upload stopped';
                    break;
                default:
                    print 'A system error occured';
                    break;
                } //End of switch
            }//End of Error... IF

            //Delete the file if it still exists
            if(file_exists($_FILES['epreuve']['tmp_name']) && is_file($_FILES['epreuve']['tmp_name'])){
                print 'File already exists';
                unlink($_FILES['epreuve']['tmp_name']); //delete the file from the temporary folder if it still exists
            }   
            return $file; //returns the file from where it comes from
            //i.e from the addData function "[$image=checkUpload()]"

        }
    }
}

function cleanData($data){ //this fxn prevents us from sql injection
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    $data = strip_tags($data);
    return $data;
}

function addData($etablissement, $classe, $session, $matiere, $annee_scolaire) //adding the data     
{    
    //print "Ready to add data";     
    include("dbinfo.php");   

    $file = checkUpload(); //the variable $file isn't been inserted with the rest of the form

    $sql="INSERT INTO cours VALUES(null, '$etablissement', '$classe', '$session', '$matiere', '$annee_scolaire', '$file', NOW())";
    $result=mysql_query($sql) or die(mysql_error());

    //print <<<HERE

    echo "
        <h1>The following has been added:</h1>  
        <ul>     
        <li>Etablissement: $etablissement</li>   
        <li>Classe: $classe</li>     
        <li>Session: $session</li>   
        <li>Matiere: $matiere</li>
        <li>Annee scolaire: $annee_scolaire</li>     
        <li>Fichier:  $file </li>
        </ul>
        ";  

    //HERE;

}    

function printForm() //printing the form
{    
    //displays the html form     
    $pageTitle = "Add a Document";   
    //include("header.php");     

    //print <<<HERE  

    //<form id = "myForm" method="POST" enctype="multipart/form-data">

    echo "
        <h2>Add a Document</h2> 

        <form id=myForm method=POST enctype=multipart/form-data>     

        <fieldset>
                                <legend>Formulaire d'enregistrement</legend>
                                <table class=formulaire_document_admin>     
                                <tr>
                         <td><label for=etablissement>Etablissement:</label></td><br />
                         <td><select class=alignement_etab name=etablissement id=etablissement tabindex=10>
                   <optgroup label=Lycee>
                                   <option value=>Selectionnez ici</option>
                       <option value=biyemassi>Lycee de Biyem-assi</option>
                       <option value=leclerc>Lycee General Leclerc</option>
                       <option value=techobala>Lycee Technique d'Obala</option>
                       <option value=etougebe>Lycee d'Etoug-ebe</option>
                                    <option value=efoulan>Lycee d'Efoulan</option>
                   </optgroup>
                   <optgroup label=College>
                       <option value=sagesse>College de la sagesse</option>
                       <option value=ebanda>College Ebanda</option>
                                   <option value=victorhugo>College vigtor hugo</option>
                                   <option value=mvolye>College St joseph de mvolye</option>
                                   <option value=rosiere>College de la rosiere</option>
                   </optgroup>
                           <optgroup label=Autres>
                                <option value=autre>Autres</option>
                           </optgroup>
                        </select></td>
                                </tr>

                                <tr>
                         <td><label for=matiere>Classe:</label></td><br />
                         <td><select class=alignement_classe name=classe id=classe tabindex=20>
                   <optgroup label=Général>
                               <option value=>Selectionnez ici</option>
                       <option value=sixieme>Sixième</option>
                       <option value=cinquieme>Cinquième</option>
                       <option value=quatrieme>Quatrième</option>
                       <option value=troisieme>Troisième</option>
                                   <option value=seconde>Seconde</option>
                                   <option value=premiere>Première</option>
                                   <option value=terminale>Terminale</option>
                   </optgroup>
                   <optgroup label=Technique>
                       <option value=annee1>Première année</option>
                                   <option value=annee2>Deuxième année</option>
                                   <option value=annee3>Troisième année</option>
                                   <option value=annee4>Quatrième année</option>
                                   <option value=annee5>Seconde technique</option>
                                   <option value=annee6>Première technique</option>
                       <option value=annee7>Terminale technique</option>
                   </optgroup>
                           <optgroup label=Autres>
                                <option value=autre>Autres</option>
                           </optgroup>
                        </select></td>
                                </tr>

                                <tr>
                         <td><label for=matiere>Session:</label></td><br />
                         <td><select class=alignementetabinscription1 name=session id=session tabindex=30>
                                   <option value=>Selectionnez ici</option>
                       <option value=examen_officiel>Examen Officiel</option>
                   <optgroup label=Mini session>
                       <option value=session1>1ère session</option>
                                   <option value=session2>2ème session</option>
                                   <option value=session3>3ème session</option>
                                   <option value=session4>4ème session</option>
                                   <option value=session5>5ème session</option>
                                   <option value=session6>6ème session</option>
                                   <option value=session7>7ème session</option>
                                   <option value=session8>8ème session</option>
                                   <option value=session9>9ème session</option>
                                   <option value=examen_blanc>Examen blanc</option>
                   </optgroup>
                        </select></td>
                                </tr>


                <tr>
                 <td><label for=matiere>Matière:</label></td><br />
                 <td><select class=alignement_matiere name=matiere id=matiere tabindex=50>
               <optgroup label=Scientifique>
                   <option value=>Selectionnez ici</option>
                   <option value=mathematique>Mathématiques</option>
                   <option value=physique>Physique</option>
                   <option value=chimie>Chimie</option>
                   <option value=biologie>Biologie</option>
                    <option value=informatique>Informatique</option>
               </optgroup>
               <optgroup label=Littéraire>
                   <option value=dictee>Dictée</option>
                   <option value=redaction>Rédaction</option>
                   <option value=etude_de_texte>Etude de texte</option>
                   <option value=litterature>Littérature</option>
                   <option value=dissertation>Dissertation</option>
                   <option value=philosophie>Philosophie</option>
                   <option value=anglais>Anglais</option>
                   <option value=espagnol>Espagnol</option>
                   <option value=allemand>Allemand</option>
                   <option value=histoire>Histoire</option>
                   <option value=geographie>Géographie</option>
                   <option value=ec>Education Civique</option>
               </optgroup>
               <optgroup label=Autres>
                <option value=autre>Autres</option>
               </optgroup>
                </select></td>
                </tr>

                <tr>
                 <td><label for=matiere>Année scolaire:</label></td><br />
                 <td><select class=alignementannee_sco name=anescolaire id=anescrolaire tabindex=50>
                   <option value=2005/2006>2005/2006</option>//different values given
                   <option value=2006/2007>2006/2007</option>
                   <option value=2007/2008>2007/2008</option>
                   <option value=2008/2009>2008/2009</option>
                   <option value=2009/2010>2009/2010</option>
                   <option value=2010/2011>2010/2011</option>
                   <option value=2011/2012>2011/2012</option>
                   <option value=2012/2013>2012/2013</option>
                   <option value=2013/2014>2013/2014</option>
                </select></td>
                </tr>

                <tr>
                <p>
                <td><label for=nom>Epreuve:</label></td>
                <td><input type=file name=epreuve id=epreuve size=50 value= tabindex=60 class=alignement_epreuve/></td>
                <br/><small>Must be less than 1Mo. Only pdf, doc, docx, ppt or pptx documents allowed. </small>
                </p>
                </tr>
                </table>
                </fieldset>
                <tr>
                <div id=mySubmit>
                    <p>
                    <td><input type=submit name=submit value=Submit> <input type=reset value=Cancel></td>
                    </p>
                </div>
                </tr>   

    </form> ";


    //HERE;  

}
?>

You should try to figure out where is the problem in your code. Not post million lines of it. — Phantom, Jul 12 '14 at 06:16
Your `cleanData` function does not prevent SQL injections. Have a look at [how to prevent them properly](http://stackoverflow.com/q/60174/53114). — Gumbo, Jul 12 '14 at 06:16
What Gers printed ? We cannot huées the problem AND the solution — Lorenz Meyer, Jul 12 '14 at 06:27

score 0 · Answer 1 · answered Jul 12 '14 at 06:32

In checkUpload, return $file is in the wrong place. It's in the else block, so it only gets executed when the file type is invalid. Also, if the function detects an error, it needs to exit, since there's no file to return to the caller.

function checkUpload() //check whether everything is OK before uploading the file
{
    //check for an uploaded file
    if(isset($_FILES['epreuve'])){
        //Validate the type 

        $allowed_extensions = array('application/pdf','application/pdf','application/doc','application/docx','application/ppt','application/pptx');
        if(in_array($_FILES['epreuve']['type'], $allowed_extensions)){
            print "Uploading files...";

            //move the file over
            if(move_uploaded_file($_FILES['epreuve']['tmp_name'], "../../assnet/uploads/{$_FILES['epreuve']['name']}")){
                echo "<p><em>The file has been uploaded</em></p>";

                $file = "{$_FILES['epreuve']['name']}";
                print "$file"; //the file name is normally displayed here
            } //End of move... IF
        } else{ //invalid type
            echo '<p class="error">Please upload a pdf, doc, docx, ppt or pptx document</p>';
            exit;
        }
        if($_FILES['epreuve']['error'] > 0){
            echo '<p class="error">The file could not be uploaded because : </strong>';
            //Print a message upon the error. NB: There is no error message 5

            switch($_FILES['epreuve']['error']){
            case 1:
                print 'The file exceeds the upload_max_file_size setting in php.ini.';
                break;
            case 2:
                print 'The file exceeds the MAX_FILE_SIZE setting in the HTML form';
                break;
            case 3:
                print 'The file was only partially uploaded';
                break;
            case 4:
                print 'No file was uploaded';
                break;
            case 6:
                print 'No temporary folder was available';
                break;
            case 7:
                print 'Unable to write to disk';
                break;
            case 8: 
                print 'File upload stopped';
                break;
            default:
                print 'A system error occured';
                break;
            } //End of switch
            exit;
        }//End of Error... IF

        //Delete the file if it still exists
        if(file_exists($_FILES['epreuve']['tmp_name']) && is_file($_FILES['epreuve']['tmp_name'])){
            print 'File already exists';
            unlink($_FILES['epreuve']['tmp_name']); //delete the file from the temporary folder if it still exists
        }   
        return $file; //returns the file from where it comes from
        //i.e from the addData function "[$image=checkUpload()]"

    }
}

php mysql inserting file details but not the file name itself during uploading

1 Answers1