Problem is my images dont move to the uploads folder… There is no syntax error or get message… but all data saving to database… So Why do not the images just move… ? Here is mysql codes;
You have an even bigger problem, you’re vulnerable to SQL Injection attack with that code as it lets user submitted data near the database without any validation being done.
You’ve also got a slightly smaller problem of using the old mysql_* extension which was REMOVED from version 7 of PHP. You should now be using either the mysqli_ extension (note the i in that) or PDO
Just echo or var_dump() some values throughout the code until you see what is not working as you expect. Does it do anything at all with the uploaded files?
That’s pretty much the same exact excuse I see and hear from people who don’t really care about the quality of their codes. If you’re genuinely concerned about why your code isn’t working, you might want to change it up and actually learn different database API libraries. Then change the logic you use. Then and will only then, your codes will “work”.
First thing, if you starting to learn use PDO or Mysqli don’t tell ppls here “i use mysql just for learning on localhost i will learn this later” do it now because later you will mix mysql with mysqli or pdo and then it will be mess in your code and it will be hard to you.
Second thing, why are you overwritting same variable when you can do it in 1 row as @SpacePhonenix said ?
Here is your working script but with mysqli, and you must add some escaping to yours variables, because you don’t never trust user input ! And use a comments in script so you will know what you do and where is problem.
<?php
// turn on error reporting
error_reporting(E_ALL);
// mysqli connection
$conn = mysqli_connect("host", "user", "password", "database_name");
if (isset($_POST['addslider'])) {
// upload dir
$uploads_dir = "../uploads";
$slider_name = mysqli_real_escape_string($conn, $_POST['slider_name']);
$slider_order = mysqli_real_escape_string($conn, $_POST['slider_order']);
$slider_url = mysqli_real_escape_string($conn, $_POST['slider_url']);
// temp image name
$tmp_name = $_FILES['sliderimages']['tmp_name'];
// image name
$name = $_FILES['sliderimages']['name'];
// add random number in front of image name
$sliderrandomname = rand(10000,50000);
// full path to image
$refimgpath = substr($uploads_dir, 3)."/".$sliderrandomname."".$name;
/*
*
*
* here you need to check if image is real image
* STOP TO USE MYSQL
*
*
*/
// check if file is uploaded
if (move_uploaded_file($tmp_name, $uploads_dir."/".$sliderrandomname."".$name)) {
// if file is uploaded store image path in database
$add_slider = mysqli_query($conn, "INSERT INTO slider (slider_name, slider_imgpath, slider_order, slider_url )
VALUES ('$slider_name', '$refimgpath', '$slider_order', '$slider_url')");
// check if query is returned row inserted row
if (mysqli_insert_id($conn)) {
header("Location: ../slider.php?addslider=ok");
} else {
header("Location: ../slider.php?addslider=failed");
}
}
}
?>
<form method="post" action="" enctype="multipart/form-data">
<input type="text" name="slider_name"><br>
<input type="text" name="slider_order"><br>
<input type="text" name="slider_url"><br>
<input type="file" name="sliderimages"><br>
<input type="submit" name="addslider" value="Add slider">
</form>
This is not production script its only to see how things works !
I really want to learn and you are right. I need to use another api libraries but I want learn from start. I don’t want to be surprised when I come across MySQL code in the future
You are all right… I need to use pdo or mysqli but as I said I don’t want to be surprised when I come across MySQL code in the future… its why I started from scratch…
in same veriable case, actually I just praticising what I watch on video. I think he try to avoid the same name trouble…
A good way to learn is by doing. So why don’t you take these videos which use the outdated mysql, and while you learn from the tutorial, make a point of changing the code to the mysqli at the same time. That way you can learn the content of the video tutorial, and use correct code all at the same time. Of course, this means you have to learn about mysqli first.
If you blindly work through the tutorial using out-dated practices, that is what you are going to embed in your mind, and it will be twice as hard to unlearn it later when you decide you want to do things the right way.
And of course, the more code you write using the old-style calls, the more you will have to change when you decide to take the plunge and move to either of the later libraries.
