Upload file to server, but file name does not save to database

Question

Here is the issue: The file name is not being saved into the database. Files are being uploaded to the server just fine, yet the file name will not save at all. I can echo the file name once the file is uploaded successfully but it does want to save the filename to the database for whatever reason. I'm sure this is an easy fix and I'm just missing something (I hope).

Thanks in advance.

(p.s. yes, I know I should be using mysqli)

HTML:

<form action="" name="loa" method="post" enctype="multipart/form-data">
    <input type="hidden" name="size" value="350000">
    <input type="file" name="loa"> 
    <input type="submit" name="loasub" value="Upload Letter of     Authorization">
</form>

PHP:

<?php
    if (!empty($_POST['loasub'])) {
        $target = "loa/";
        $target = $target . basename( $_FILES['loa']['name']);
        $theloa = ($_FILES['loa']['name']);
        mysql_connect("localhost", "user", "pass") or die(mysql_error()) ;
        mysql_select_db("mydb") or die(mysql_error()) ;

        //Writes the information to the database
        mysql_query("UPDATE customers SET loa='$theloa' WHERE id='30'") ;
        if(move_uploaded_file($_FILES['loa']['tmp_name'], $target))
        {
            echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
            echo $theloa;
        }
        else {
            echo "Sorry, there was a problem uploading your file.";
        }
    }
?>

Answer 1

A couple of things to consider:

1. mysql_* functions are deprecated. Use mysqli or PDO instead.
2. Your query can break if the variable $theloa has a single quote in it. Use prepared statements to prevent such errors and prevent (siren sounds and red lights flashing) SQL injection.

Consider doing a var_dump($_FILES['loa']['name']) and pasting it in with your question for more clarity.

Try using the following modified mysqli version of your file (you need to have the mysqli extension enabled in your PHP installation). It should (ideally) work.

<?php
    if (!empty($_POST['loasub'])) {

        $theloa = ($_FILES['loa']['name']);
        $target = "loa/";
        $target = $target . basename($theloa);

        $mysqli = new mysqli("localhost", "user", "password", "mydb");
        if (mysqli_connect_errno()) {
            die(mysqli_connect_error());
        }


        //Writes the information to the database
        if ($preparedStatement = $mysqli->prepare("UPDATE customers SET loa=? WHERE id=30")) {
            $preparedStatement->bind_param("s", $theloa);
            $executionResult = $preparedStatement->execute();
            if (!$executionResult) {
                die("Query execution failed!");
            }
            //$preparedStatement->bind_result($sqlOutput); // bind mysql output to an output variable
            //$preparedStatement->fetch(); // fetch mysql output
            //var_dump($sqlOutput); // dump the sql output

            $preparedStatement->close();
        }
        $mysqli->close();

        if(move_uploaded_file($_FILES['loa']['tmp_name'], $target))
        {
            echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
            echo $theloa;
        }
        else {
            echo "Sorry, there was a problem uploading your file.";
        }
    }
?>

Answer 2

 mysql_query("UPDATE customers SET loa='$theloa' WHERE id='30'") ;

run or die(mysql_error());

 mysql_query("UPDATE customers SET loa='$theloa' WHERE id='30'") or die(mysql_error()) ;

maybe there is an error in the query, even if not syntax error it could be wrong field names. Other than that it seems fine as long as the variable $theloa is populated. mysql_error will tell if query is even being executed?

Answer 3

php values cannot be into quotes- (remove single quote from $loa)

Try this :

mysql_query("UPDATE customers SET loa=$theloa WHERE id='30'") ;

Debugging

$conn = mysql_connect($dbhost, $dbuser, $dbpass);

$sql = mysql_query("UPDATE customers SET loa=$theloa WHERE id='30'") ;

mysql_select_db('customers ');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
  die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
?>

Answer 4

try to run qurety like this- (remove single quote from id='30')

mysql_query("UPDATE customers SET loa='$theloa' WHERE id=30") ;