Home/ Questions/Q 8928821
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T08:32:07+00:00

I have put together a fairly basic local database driven website using PHP, Appache,

  • 0

I have put together a fairly basic local database driven website using PHP, Appache, and PHPMyAdmin. The site allows users to upload cad detail files in two formats. Along with the file paths, they can also upload the name of the file, the related service group, as well as the detail ID.

Basically everything is working smoothly except for a small issue when uploading a file from the upload page. Everything submits to the database just fine but the links to the files are missing the necessary backslashes.

I can however go into the database itself and enter the backslashes into the file path.

Form:

<form method="post" action="add.php">
 <table border="0">


 <tr><td>Detail ID: </td><td><input type="number" name="id" /></td></tr>

 <tr><td>Detail Name: </td><td><input type="text" name="name" /></td></tr>

 <tr><td>Service Group: </td><td><input type="text" name="service" /></td></tr>

 <tr><td>PDF: </td><td><input type="file" name="pdf" enctype="multipart/form-data"/></td></tr>

 <tr><td>DWG: </td><td><input type="file" name="dwg"/></td></tr>

 <tr><td></td><td><input type="submit" value="Submit" />
    <input type="reset" value="Reset" /></td></tr>

 </table>
 </form>

PHP:

$con=mysql_connect("localhost","root","");
 /* Select the database */
 mysql_select_db("hrg_test");

 /* Store the values submitted by form in variable */
 $id=$_POST['id'];
 $name=$_POST['name'];
 $service=$_POST['service'];
 $pdf=$_POST['pdf'];
 $dwg=$_POST['dwg'];


 /* Write a query to insert details into database */
 $insert_detail=mysql_query("INSERT INTO hrg_test (id, name, service, pdf, dwg) VALUES ('$id',      '$name',     '$service',     '$pdf',     '$dwg')");

 if($insert_detail)
 { echo "Detail Succesfully Added! <br /><br /><a href='add.html'>Add Another Detail</a>"; }
 else
 { echo "Error".mysql_error(); }

 /* closing the if else statements */

 mysql_close($con);
 ?>

I’ve read about the magic quotes and stripslashes, although i’m not sure how to tie them in if that’s the issue. Maybe i am just going about it the wrong way.

Any help would be greatly appreciated.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’ll ignore the security issues since this is on a local site (nobody ever reads that and ingests what it means apparently). You should look at the newer methods like mysqli or PDO, but try wrapping the values with mysql_real_escape_string(). That should escape the slashes and allow them to be stored if that is the problem.

    On a side note, I also develop for a closed down corporate intranet. Even though I know how, my boss begs me to forego the needless security in many cases because the only access is by staff.

    Pointing out that there are security issues is fine if you’re also going to answer the question… if not, you’re just wasting yours and everyone else’s time.

    • 0