I am trying to create a login system where users can upload file in the existing database. First require the user to login then upload file. Here is my database:
Now I want to update cv (blob). So I have created the following page.
<!-- Form -->
<h1>Pease Login to Upload CV</h1>
<form method="POST" enctype="multipart/form-data">
Username:
<input type="text" name="username"><br>
Password:
<input type="password" name="password"><br><br>
<input type="submit" value="Submit" name="submit" /> <br>
</form>
Above is the initial form. Then I used the following script:
<!-- Script -->
<?php
if (isset($_POST['submit'])) {
// make connection
$conn = mysqli_connect('localhost','root','','users');
// if fails show error
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
echo "Error Connecting to DB";
}
$usrName = ($_POST['username']);
$paswrd = ($_POST['password']);
if($usrName!='' && $paswrd!=''){
$sql ="SELECT username, password FROM credentials WHERE username = '$usrName'";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_row($result);
$dbUsname = $row[0];
$dbPassword = $row[1];
if ($usrName == $dbUsname && $paswrd == $dbPassword) {
echo "Hello ".$usrName." upload your CV now <br>";
echo
"<form method='POST' enctype='multipart/form-data'>
<input type = 'file' value= 'upload' name = 'file'>
<input type='submit' value='Upload' name='upload' /> <br>
</form>";
if(isset($_POST['upload'])){
$cv = mysqli_real_escape_string($conn, $_POST['file']);
mysql_query("UPDATE credentials SET cv=$cv WHERE username=$usrName");
if (!mysqli_query($conn,$UpdateQuery)) {
die('Error: ' . mysqli_error($conn));
}
}
}
else{
echo "<h1>Incorrect Username and/or password!</h1>";
}
}else{
echo "Please make sure username and password is not empty";
}
}
?>
I have tested out the script for the most part. The problem occurs when I try to update the cv file. On the code below.
The Script executes but I can not see any file uploaded in my database. Can someone please point out where am I making the error.