Home/ Questions/Q 9034673
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T08:32:55+00:00

Here is the issue: The file name is not being saved into the database.

  • 0

Here is the issue: The file name is not being saved into the database. Files are being uploaded to the server just fine, yet the file name will not save at all. I can echo the file name once the file is uploaded successfully but it does want to save the filename to the database for whatever reason. I’m sure this is an easy fix and I’m just missing something (I hope).

Thanks in advance.

(p.s. yes, I know I should be using mysqli)

HTML:

<form action="" name="loa" method="post" enctype="multipart/form-data">
    <input type="hidden" name="size" value="350000">
    <input type="file" name="loa"> 
    <input type="submit" name="loasub" value="Upload Letter of     Authorization">
</form>

PHP:

<?php
    if (!empty($_POST['loasub'])) {
        $target = "loa/";
        $target = $target . basename( $_FILES['loa']['name']);
        $theloa = ($_FILES['loa']['name']);
        mysql_connect("localhost", "user", "pass") or die(mysql_error()) ;
        mysql_select_db("mydb") or die(mysql_error()) ;

        //Writes the information to the database
        mysql_query("UPDATE customers SET loa='$theloa' WHERE id='30'") ;
        if(move_uploaded_file($_FILES['loa']['tmp_name'], $target))
        {
            echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
            echo $theloa;
        }
        else {
            echo "Sorry, there was a problem uploading your file.";
        }
    }
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    A couple of things to consider:

    1. mysql_* functions are deprecated. Use mysqli or PDO instead.
    2. Your query can break if the variable $theloa has a single quote in it. Use prepared statements to prevent such errors and prevent (siren sounds and red lights flashing) SQL injection.

    Consider doing a var_dump($_FILES['loa']['name']) and pasting it in with your question for more clarity.

    Try using the following modified mysqli version of your file (you need to have the mysqli extension enabled in your PHP installation). It should (ideally) work.

    <?php
    if (!empty($_POST['loasub'])) {

        $theloa = ($_FILES['loa']['name']);
        $target = "loa/";
        $target = $target . basename($theloa);

        $mysqli = new mysqli("localhost", "user", "password", "mydb");
        if (mysqli_connect_errno()) {
            die(mysqli_connect_error());
        }


        //Writes the information to the database
        if ($preparedStatement = $mysqli->prepare("UPDATE customers SET loa=? WHERE id=30")) {
            $preparedStatement->bind_param("s", $theloa);
            $executionResult = $preparedStatement->execute();
            if (!$executionResult) {
                die("Query execution failed!");
            }
            //$preparedStatement->bind_result($sqlOutput); // bind mysql output to an output variable
            //$preparedStatement->fetch(); // fetch mysql output
            //var_dump($sqlOutput); // dump the sql output

            $preparedStatement->close();
        }
        $mysqli->close();

        if(move_uploaded_file($_FILES['loa']['tmp_name'], $target))
        {
            echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
            echo $theloa;
        }
        else {
            echo "Sorry, there was a problem uploading your file.";
        }
    }
?>
    • 0