Can't insert file's path into database.(I'm New to HTML and PHP)

Question

I'm trying to upload the file's path into my database. But nothing is being inserted. My file gets uploaded to target directory successfully. I want to insert the path too, but can't do it. I believe I'm doing some mistake in the Insert Into statement. Please let me know what's wrong? My upload.php code is below:

<?php
  // variables
    $conn = mysqli_connect('localhost','root','abcdef','trademark');

    if(!$conn)  { 
    echo "Not Connected To Server";
    } 
else {


  define('UPLOAD_DIR', 'uploads/'); 
  $fileName = $_FILES['file'];



    // check for which action should be taken if file already exist

    //Rename file name
    if(file_exists(UPLOAD_DIR . $fileName['name'])) 
    {
    $updatedFileName = update_file_name(UPLOAD_DIR.$fileName['name']);
    move_uploaded_file($fileName['tmp_name'], $updatedFileName);

    echo"FILE SUCCESSFULLY UPLOADED!! " . "<br/><br/><br/>"; //after renaming
    }




    // If no such file already exists, then upload it as it is
    else
    {
    move_uploaded_file($fileName['tmp_name'], UPLOAD_DIR.$fileName['name']);

    echo " FILE SUCCESSFULLY UPLOADED!! ". "<br/><br/>";
    }


    // function to rename file
    function update_file_name($file) 
    {
    $pos = strrpos($file,'.');
    $ext = substr($file,$pos); 
    $dir = strrpos($file,'/');
    $dr  = substr($file,0,($dir+1)); 

    $arr = explode('/',$file);
    $fName = trim($arr[(count($arr) - 1)],$ext);

    $exist = FALSE;
    $i = 2;

    while(!$exist)
    {
    $file = $dr.$fName.'_'.$i.$ext;

    if(!file_exists($file))
        $exist = TRUE;

     $i++;
    }

    return $file;
    } // function to rename ends

    $sql = "INSERT INTO file (Path) VALUES (' " . mysqli_real_escape_string( UPLOAD_DIR.$fileName['name']) . " ')";
    $r = mysqli_query($conn,$sql);
  echo 'file info inserted';
}


?>

Please indent your code properly. It's pretty hard to follow the flow when it looks like this. Also, what actually happens? Errors? Wrong/empty value in DB? No row inserted at all? Checked your servers error log? — Magnus Eriksson, Feb 21 '18 at 06:51
You should look into [Prepared Statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead of concatenating your queries. Even `mysqli_real_escape_string()` has some security issues in certain situations. — Magnus Eriksson, Feb 21 '18 at 06:56
Since you are new comer, you should try to do more debugging for problems like that. i.e you have first sure that `mysqli_real_escape_string( UPLOAD_DIR.$fileName['name'])` is not empty. — SaidbakR, Feb 21 '18 at 06:59
@MagnusEriksson i've updated the question, and empty value is inserted in db — Nishant Sharma, Feb 21 '18 at 07:02
Have you checked your error log? A good idea is also to turn `display_errors` on in your local PHP environment. Read more here: [How do I get PHP errors to display?](http://stackoverflow.com/questions/1053424/how-do-i-get-php-errors-to-display) As the answer below states, you're using [mysqli_real_escape_string()](http://php.net/manual/en/mysqli.real-escape-string.php) wrong and you should get an error about that. — Magnus Eriksson, Feb 21 '18 at 07:14

score 0 · Answer 1 · edited Feb 21 '18 at 07:19

0

Check syntax for function mysqli_real_escape_string

getting warning message as,

Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in

edited Feb 21 '18 at 07:19

TarangP

2,560
5
18
35

answered Feb 21 '18 at 06:54

Vrushali

61
11

Can't insert file's path into database.(I'm New to HTML and PHP)

1 Answers1