Home/ Questions/Q 9189761
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T20:18:28+00:00

I’ve looked at many other posts about this same problem, but I still can’t

  • 0

I’ve looked at many other posts about this same problem, but I still can’t seem to find out what is wrong with my code. Mind you, I started learning PHP and SQL this week, so please excuse me if I made a stupid mistake. Also, I’m sure it’s worth noting that before the error message that is posted in the title appeared, there was another error (defined in my code). That error was:

” already exists.”

That tells me that the $_POST["file"]["name"] variable is not set for whatever reason. Any help is appreciated. However, if you are going to tell me that my code is vulnerable to SQL injection, I know that. The upload script is only accessible through my (secure) login script. Again, all help is welcome!

<?php
  /* Process uploaded file */

if ($_FILES["file"]["size"] < 2097152)
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Error: " . $_FILES["file"]["error"] . "<br>";
    }
  else
    {
      if (file_exists($_POST["class"] . "/" . $_FILES["file"]["name"]))
      {
      echo $_FILES["file"]["name"] . " already exists.";
      }
    else
      {
      move_uploaded_file($_FILES["file"]["tmp_name"],
        $_POST["class"] . "/" . $_FILES["file"]["name"]);
        $newpath = mysql_real_escape_string("uploads/" . $_POST['class'] . "/" . $_FILES['file']['name']);
        $filename = mysql_real_escape_string($_FILES['file']['name']);
        $description = mysql_real_escape_string($_POST["description"]);
        echo "Stored in: " . $newpath;
      }
    }
  }
else
  {
  echo "File must be less than two megabytes.";
  }

  /* Create and store information in MySQL Database */

  $con = mysql_connect("localhost","user","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
mysql_select_db("1169030_dsp", $con);

$sql="INSERT INTO $_POST[class] (Description, Filename, File)
VALUES
  ('$description','$filename','$newpath')";


if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "Your file was successfully uploaded.";

mysql_close($con);
?>

Here is my input form HTML:

  <center>
    <form action="uploadfile.php" method="post" style="background-color:#009933;color:#FFFFFF;width:320px;text-align:left;">
  Description: <input type="text" name="description"><br>
  File:        <input type="file" name="file"><br>
      Class:<br>
  <Select name="Class">
    <option value="period1">APES : period1</option>
    <option value="period2">Chemistry I : period2</option>
    <option value="period3">Lab Assist/Sci : period 3</option>
    <option value="period4">Lab Assist/Sci : period 4</option>
    <option value="period4">APES : period 4</option>
    <option value="period5">APES : period 5</option>
    <option value="period6">Lab Assist/Sci : period 6</option>
    <option value="period7">Chemistry I : period 7</option>
  </Select><br>
      <input type="submit" name="Upload">
</form>
  <center>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your problem is that your form does not have the enctype attribute set. It should be:

    <form action="uploadfile.php" method="post" enctype="multipart/form-data" style="background-color:#009933;color:#FFFFFF;width:320px;text-align:left;">

    enctype="multipart/form-data" is required for $_FILES to be populated.

    • 0