File Upload with Image Upload Script

Question

I'm trying to make a simple upload script that has an image upload section and a file upload section i want to try and store both the image and file in the same database along with some other variables and I'm having trouble accomplishing this i wonder if anyone can help with my dilemma.

Index:

<body>
    <form method="post" action="insert_file.php">
        <table>
            <tr><td>Title:</td><td><input type="text" name="title" /></td></tr>
            <tr><td>Author:</td><td><input type="text" name="author"/></td></tr>
            <tr><td>Description:</td><td><textarea cols="30" rows="10" name="description"></textarea></td></tr>
            <tr><td>Category:</td>
                <td>
                    <select name="category">
                        <option value="poker">Poker</option>
                        <option value="sportsbetting">Sports Betting</option>
                        <option value="financialbetting">Financial Betting</option>
                        <option value="casino">Casino</option>
                        <option value="bingo">Bingo</option>
                        <option value="socialgaming">Social Gaming</option>
                        <option value="affiliatemarketing">Affiliate Marketing</option>
                    </select>
                </td>
            </tr>
            <tr><td>Publication Date:</td><td><input type="text" name="pub_date" id="datepicker"/></td></tr>
            <tr><td>Tags:</td><td><input type="text" name="tags"/></td></tr>
            <tr><td>Price:</td><td><input type="text" name="price"/></td></tr>
            <tr><td>Image:</td><td><input type="file" name="image"/></td></tr>
            <tr><td>Website:</td><td><input type="text" name="website"/></td></tr>
            <tr><td>Contact Email:</td><td><input type="text" name="email"/></td></tr>
            <tr><td>File:</td><td><input type="file" name="uploaded_file"/></td></tr>
            <tr><td></td><td><input type="submit" value="Submit"/></td></tr>
        </table>
    </form>
</body>

Insert:

<?php
// Check if a file has been uploaded
if(isset($_FILES['uploaded_file'])) {
    // Make sure the file was sent without errors
    if($_FILES['uploaded_file']['error'] == 0) {
        // Connect to the database
        include('../config.inc');
        // Connect to the database
        $dbLink = $con;     

        // Gather all required data
        $username       = $_SESSION['username'];            
        $title          = $_POST['title'];
        $author         = $_POST['author'];
        $description    = $_POST['description'];
        $category       = $_POST['category'];
        $pub_date       = $_POST['pub_date'];
        $tags           = $_POST['tags'];
        $price          = $_POST['price'];
        $website        = $_POST['website'];
        $email          = $_POST['email'];
        $name           = $title;
        $mime           = $dbLink->real_escape_string($_FILES['uploaded_file']['type']);
        $data           = $dbLink->real_escape_string(file_get_contents($_FILES  ['uploaded_file']['tmp_name']));
        $size           = intval($_FILES['uploaded_file']['size']);

        // Create the SQL query
        $query = "
            INSERT INTO `file2` (
               `username`, 
               `title`, 
               `author`,
               `description`, 
               `category`, 
               `pub_date` ,
               `tags`, 
               `price`, 
               `website`,
               `email`,  
               `name`, 
               `mime`, 
               `size`, 
               `data`, 
               `created`
            )
            VALUES (
               '{$username}', 
               '{$title}',
               '{$author}', 
               '{$description}',
               '{$category}',
               '{$pub_date}',
               '{$tags}',
               '{$price}',
               '{$website}',
               '{$email}',
               '{$name}', 
               '{$mime}', 
               '{$size}', 
               '{$data}',
                NOW()
            )";

        // Execute the query
        $result = $dbLink->query($query);

        // Check if it was successfull
        if($result) {
            echo '<center>Success! Your file was successfully added!';
        }
        else {
            echo '<center>Error! Failed to insert the file'
               . "<pre>{$dbLink->error}</pre>";
        }
    }
    else {
        echo 'An error accured while the file was being uploaded. '
           . 'Error code: '. intval($_FILES['uploaded_file']['error']);
    }

    // Close the mysql connection
    $dbLink->close();
}
else {
    echo 'Error! A file was not sent!';
}

// Echo a link back to the main page
echo '<center><font face=arial>';
echo 'You file has been uploaded successfully, please allow upto 24 Hours for your report to be approved by administration. ';
echo '<p>Click <a href="index.php">here</a> to go back</p>';
?>

Database - http://postimg.org/image/n0loned2v/

any help on solving this would be greatly appreciated :)

Answer 1

 <form method="post" action="insert_file.php" enctype='multipart/form-data'>

Reason: When you make a POST request, you have to encode the data that forms the body of the request in some way.

HTML forms provide two methods of encoding. The default is application/x-www-form-urlencoded, which is more or less the same as a query string on the end of the URL. The other, multipart/form-data, is a more complicated encoding but one which allows entire files to be included in the data. (HTML 5 introduces the text/plain encoding which is useful only for debugging … and even then the others are better given sensible debugging tools).

Answer 2

To get the file input to work you need to specify the enctype of the form. You'll need enctype="multipart/form-data". See PHP POST uploads for more information.