Skip to content
Advertisement

Problem with identifying index in php html

My website must consist of a page with table where admin must upload some file. Later that file is saved by php as a blob in mysql, however, $_FILES cannot find and index of my file input. Please help finding a mistake.

    <tr>
    <th>ID</th>
    <th>Genre</th>
    <th>Extension</th>
    <th>Description</th>
    <th>Demo-art</th>
    <th>Price</th>
    <th>Upload</th>
    <th>Delete</th>
    </tr>";
    $array=array();
    for($m=0; $row=mysqli_fetch_array($full); $m++)
    {
        $array[$m]=$row['ArtID'];
        echo "<form method='POST' action='checker.php'>";
        echo "<tr>";
        echo "<td><input class='asd' value='$array[$m]' readonly name='name'></td>";
        echo "<td>".$row['Genre']."</td>";
        echo "<td>".$row['Extension']."</td>";
        echo "<td>".$row['Description']."</td>";
        echo "<td><input type='file' name='arts'></td>";
        echo "<td><input class='priceinput' name='price' placeholder='Price'></td>";
        echo "<td><input type='submit' name='Upload' value='Upload'></td>";
        echo "<td><input type='submit' name='Delete' value='Delete'></td>";
        echo "</tr>";
        echo "</form>";
        }
        echo "</table>";
        ;}

PHP code

session_start();
$conn= new mysqli("127.0.0.1", "root", "","projectwork") or die ("Can't connect to db");
if($_POST["Upload"]) {
$price=$_POST["price"];
$id=$_POST["name"];
    if ($price!=NULL) {
            if (is_uploaded_file($_FILES['arts']['tmp_name'])) {
                $imgData = addslashes(file_get_contents($_FILES['arts']['tmp_name']));
                $imageProperties = getimageSize($_FILES['arts']['tmp_name']);
                $sql = "Update arts SET imageData='".$imgData."', imageType='".$imageProperties['mime']."' WHERE ArtID=".$id."";
                $current_id = mysqli_query($conn, $sql) or die("<b>Error:</b> Problem on Image Insert<br/>" . mysqli_error($conn));
                    }
        $insert="UPDATE arts SET Price='".$price."', Is_Done='1' WHERE ArtID=".$id."";
        $finalquery=$conn->query($insert);
        echo $price." ".$id;
    }

Advertisement

Answer

Apart from security flaws in your code you are missing enctype='multipart/form-data' inside the form element.

Try:

echo "<form method='POST' action='checker.php' enctype='multipart/form-data'>";

It will tell the browser you’re sending a file.

Advertisement