phpmysqlfile-uploadfile-link

properly save file upload contents to MySQL DB to retrieve as a link


I am trying to build an upload component that saves the file information to a MySQL DB table. My first issue is that each time a user uploads a file, two entries are added to the database.

My next issue is that I was to grab an uploaded file and display it as a link for the user to click on to view in a new tab. Right now, the upload saves the file's server directory path. When I go to click on the file, I get an error message saying the directory path could not be found.

My biggest issue is the link problem to view the uploads. Then, if someone also has a suggestion for the double entry problem, that would also be appreciated.

My Code:

HTML: File upload feature - Successfully uploads all variables twice...

  <form id="sgFileUpload" action='sg_addupload.php' target='hiddenFrame' method="POST" enctype="multipart/form-data">

<fieldset id='uploadBtnField'>

  <input type="hidden" name="MAX_FILE_SIZE" value="50000000"/> 

  <input type='hidden' name='sgRef' id='sgRef' value='<?php echo $sgref ?>'>

  <input type='file' name='searchFile' id='searchFile' multiple>

  <input type='submit' name='startUpload' id='startUpload' value='Upload'>


</fieldset>

</form> <!-- End Form Input -->

My PHP: File upload to DB

if(isset($_POST['sgRef'])) {

$sgref=$_POST['sgRef'];

}

$fileName = $_FILES['searchFile']['name'];

    $fSize = $_FILES['searchFile']['size'];
    $fType = $_FILES['searchFile']['type'];

    $target = "../bms/uploads/";        
    $fileTarget = $target.$fileName;    
    $tempFileName = $_FILES["searchFile"]["tmp_name"];
    //$docType = $_POST['docType']; 
    $result = move_uploaded_file($tempFileName,$fileTarget);

if ($result) {

  //run DB Connection code...

  //Writes the information to the database
        $sql="INSERT sg_uploads(sgref,file,type,size,content,doctype) VALUES('$sgref','$fileName','$fType','$fSize','$fileTarget','Other')";

        $conn->query($sql);

        if($conn->query($sql)) {
            echo 'Your file <html><b><i>'.$fileName.'</i></b></html> has been successfully uploaded!';
        } else {
            //Gives an error if its not
            echo "Sorry, there was a problem uploading your file.";
        }


        //Free the result variables. 
         $sql->free();


         $result->free();


        //Close the Database connection.
         $conn->close();


    }//End If Statement.

PHP CODE: To display links from DB (PHP CODE FOR RETRIEVAL IS SUCCESSFUL)

    <?php
while ($row = $result->fetch_array()) {

              echo "<tbody>";
              echo "<tr>";
              echo "<td>" . "<a href=".$row['content']."' >".$row['file']."</a>". "</td>";
              echo "<br/>";
              echo "<br/>";
              }//end while.
              echo "</tr>";
              echo "</tbody>"; 

$filename = $row[0];
    echo "<p></p>";


?>

All help is appreciated! Thank you!

NOTE: the 'file' column in the database is a datatype of 'blob'.


Solution

  • "@Fred, yes it was a directory issue. Upon fixing this issue, I was able to successfully link the the page and view it. If you summarize your two suggestions as an answer, I will mark your response as the correct answer. Thank you!"

    As I stated in comments:

    The duplicate entries are caused by $conn->query($sql); if($conn->query($sql))

    where there were two instances of query() being used.

    You can just use the conditional statement and omit $conn->query($sql);.

    For the path issue, this was also stated in comments that the folder's path wasn't properly indexed.


    Footnotes:

    You're presently open to an SQL injection. Best you use a prepared statement.