CODEWITHSUNDEEP
phpmysqldatabasefile-uploadrename
Drew Dyer
Drew Dyer

Reputation: 23

post renamed filename from upload to database

I coule really use some help. I need to post the new name of the file to the database. Currently this code is posting the orginal name to the database? How can I post the new name to the database? Please see the code below.

<form action="" method="post" enctype="multipart/form-data">
<p>
    <label for="file">Name:</label>
    <input type="text" name="user_name" id="name" size="24"/> 
</p>
<p>
    <label for="file">Email Address:</label>
    <input type="text" name="email" id="email" size="24"/> 
</p>
<p>
    <label for="file">Phone Number:</label>
    <input type="text" name="phone" id="phoneNumber" size="24"/> 
</p>
<p>
    <label for="file">Comments:</label>
    <textarea cols="80" rows="6" name="comments"></textarea> 
</p>
<p>
    <label for="file">Filename:</label>
    <input type="file" name="fupload" id="fupload" size="24"/>
</p>
<br />
<input type="submit" name="submit" value="Submit" />
</form>
<br>
<br>
<?php
    require 'config.php';
    require 'functions.php';

    if(isset($_FILES['fupload'])) {
        if(preg_match('/[.](jpg)|(gif)|(png)$/',       $_FILES['fupload']['name'])) {
            $old_filename = $_FILES['fupload']['name'];
            $random_digit=rand(0000,9999);
            $filename=$random_digit . $old_filename;
            $source = $_FILES['fupload']['tmp_name'];
            $target = $path_to_image_directory . $filename;

            move_uploaded_file($source, $target);

            createThumbnail($filename);
        }
    }

    include "connect.php";
    $db_database = new mysqli($db_host, $db_user, $db_pass, $db_database);

    $user_name = stripslashes($_POST['user_name']);
    $email = stripslashes($_POST['email']);
    $phone = stripslashes($_POST['phone']);
    $comments = stripslashes($_POST['comments']);
    $filename = basename( $_FILES['fupload']['name']);

    $query = "INSERT into upload
          (user_name, email, phone, comments, fupload, date_added)
          values ('$user_name', '$email', '$phone', '$comments', '$filename', NOW())";
    $db_database->query($query);
?>

Upvotes: 0

Views: 406

Answers (1)

andrewsi
andrewsi

Reputation: 10732

You need to tweak the line:

$filename = basename( $_FILES['fupload']['name']);

just before you create the SQL statement; you should set the value of $filename there to the new name of your file.

Oh, and I'm sure that someone will be along shortly to point out that your script is open to SQL injections.

Upvotes: 1

Related Questions