i don’t know why file is not uploaded in database.
i am tried to check this method why file is not uploaded.
this method is used a lots of time. and worked successfully at every time.
if any mistake please correct it.
<?php
//database connection successfully worked.
$manu = $_POST['manu'];
if(isset($_POST['img_submit']))
{if($_FILES['file']['name']<>"")
{$file =time().'_'.$_FILES['file']['name'];
if (!copy($_FILES['file']['tmp_name'],"file/".$manu))
{$message = "Invalid File type.Upload only JPEG and GIF files";}
if(move_uploaded_file($_FILES['file']['tmp_name'], $manu)) {$msg2 = "The file ". basename( $_FILES['file']['name']). " has been uploaded";}
else{$msg3 = "There was an error uploading the file, please try again!";} }
echo $query = "insert into upload_image (upload_img) values('".$manu."')";
mysql_query($query) or die (mysql_error());
}?>
<form name="form" action="" method="post" enctype="multipart/form-data">
<table width="100%" border="0" cellspacing="4" cellpadding="5">
<tr><td align="center" colspan="2"> <b>Upload Image</b></td></tr>
<tr>
<th width="50%"> Image Url :</th>
<td width="50%"> <input type="file" name="manu" value="" /></td>
</tr>
<tr><td align="center" colspan="2"><input type="submit" name="img_submit" value="Upload Image" /></td></tr></table></form>
You so don’t want to have this code on your server.
This basically means that if I have control of my browser (I have), I can send along a file with a fake MIME type and a full path of my choice in
$_POST['manu'], and your server will save this file in any folder I want where it has write access to, without checking.Just suppose I were to upload
evil_haxxor_skr1pt.phpwith a MIME type ofimage/jpegsomewhere where your server code might find it, and execute it on my behalf…