Why I couldn't get the file path and write into db?

Question

$allowedMimeTypes = array( 
'image/jpeg',
'image/png'
);
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
if ( 500000 < $_FILES["file"]["size"]  ) 
{
    echo"Please provide a smaller file [E/1].";
}
if ( in_array( $_FILES["file"]["type"], $allowedMimeTypes ) ) 
 {  
    $file = $_FILES["file"]["name"];
    $filePath = "../upload/" . $file;    
    move_uploaded_file($_FILES["file"]["tmp_name"],$filePath); 
}
else if(!is_uploaded_file($_FILES["file"]["tmp_name"]))
{
    $file='';
    $filePath='';
}
if(! get_magic_quotes_gpc() )
{
   $name = addslashes ($_POST['name']);
   $path = $filePath='';
}
else
{
   $name = $_POST['name'];
   $path = $filePath='';
}
$sql = "INSERT INTO slides ".
       "(name,path) ".
         "VALUES ".
       "('$name','$path')";
mysql_select_db('emtas');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
  die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
mysql_close($conn);
}
else
{
?>

I try to add image from form. It uploads the image but I couldn't write it's path to the db. It has also writes the name of the image from form. Why I couldn't get the path and write to the db?

Answer 1

You always set both $path and $filePath to empty strings before executing your query. Change your code to something like this:

$name = $_POST['name'];
if(!get_magic_quotes_gpc()) {
  $name = addslashes ($name);
}
// execute query
$sql = "INSERT INTO slides ".
       "(name,path) ".
       "VALUES ".
       "('$name','$filePath')";

Note that you shouldn't run your query if no file is uploaded. Since the mysql extension is deprecated you should use mysqli or pdo instead.