I haven't coded in well over a year so please be gentle!
I have wrote a form that sends an e-mail to the admin, using a sendmail script, and uploads any images to a folder in a website and records the path into a database table. The sendmail script works and images are stored in the uploads folder of my website but the path isn't recorded and the insert query records the following error :
Query was: INSERT INTO englisharabicimages VALUES ('','uploads/milkshake.png'). Error:
I know I'm probably missing something very basic but it's been a long time since I dabbled with php. I can't figure out what I'm doing wrong.
<?php
//connect to database, check login credentials, declare message variables
include "connect.php";
error_reporting(E_ERROR);
require_once('sendmail.php');
$message = $_GET['message'];
//function to check for valid image formats
function upload($file_upload, $dir){
$url ='';
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$file = finfo_file($finfo, $file_upload["tmp_name"]);
$allowedExts = array("gif", "jpeg", "jpg", "png", "pdf", "PDF", "doc", "DOC", "docx", "DOCX", "JPG", "JPEG", "PNG", "GIF");
$temp = explode(".", $file_upload["name"]);
$extension = end($temp);
if ((($file == "image/gif")
|| ($file == "image/jpeg")
|| ($file == "image/jpg")
|| ($file == "image/pjpeg")
|| ($file == "image/x-png")
|| ($file == "image/png"))
|| ($file == "application/pdf")
|| ($file == "application/msword")
|| ($file == "application/vnd.openxmlformats- officedocument.wordprocessingml.document")
&& ($file_upload["size"] < 7000000)
&& in_array($extension, $allowedExts))
{
if ($file_upload["error"] > 0){
$message = "An error occurred: " . $file_upload["error"] . "<br>";
}
else{
$path = $dir . $file_upload["name"];
move_uploaded_file($file_upload["tmp_name"],$path);
}
}
else
{
$message = "Wrong format";
}
return $path;
}
$projectdetailsErr = $emailErr = $dateErr = "";
$projectdetails = $email = $date = "";
function validate_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if (isset($_POST['Submit']))
{
$has_errors = false;
if (!empty($_POST["projectdetails"])) {$projectdetails = validate_input($_POST["projectdetails"]);}
if (!empty($_POST["email"])) {$email = validate_input($_POST["email"]);}
if (!empty($_POST["date"])) {$date = validate_input($_POST["date"]);}
if (!$has_errors)
{
$Link = mysql_connect($Host, $User, $Password);
$path = upload($dir);
if(!empty($_FILES) && is_array($_FILES)){
$path = upload($_FILES["image"], "uploads/");
}
$Query = "INSERT INTO englisharabicimages VALUES ('','".mysql_escape_string($path)."')";
} else {
die("Query was: $Query. Error: ".mysql_error($Link));
}
if($sql = mysql_db_query ($DBName, $Query, $Link)) {
$message = "Thank you for your enquiry.";
header("Location: index.php?message=".urlencode($message));
} else {
die("Query was: $Query. Error: ".mysql_error($Link));
}
}
?>