Hi all,

I'm having a bit of trouble with working out how to save fields on my SQL database with an auto_incremented ID (key field) and then upload the files from a form so that they have the ID number as the filename. Here's what I mean:

PHP Code:

$con = mysql_connect("localhost","username","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
  
mysql_select_db("db_name", $con);

$sql="INSERT INTO animation (Name, ShortName, Width, Height, Comment, MemberID1, MemberName1, Type)
VALUES
('$_POST[name]','$_POST[shortname]','$_POST[width]','$_POST[height]','$_POST[comment]','$_POST[memberid1]','$_POST[membername1]','$_POST[type]')";

move_uploaded_file($_FILES["flash"]["tmp_name"],
"http://www.mysite.com/flash/swf/flash_id" . ['ID here'] . ".swf");
move_uploaded_file($_FILES["pic"]["tmp_name"],
"http://www.mysite.com/images/flash/animation/" . ['ID here'] . ".gif");

mysql_close($con) 


I am not sure how to do exactly what you want. But, I can tell you how to have unique file names for every uploaded file. You would use the php rand() function. It would create a random string of letters and / or numbers. If you combine that with the date() function (using a time stamp), you can be certain that you get a unique file name.

So, using rand() you would get something like this: 31578127
Using date you would get something like this: 20070516
then, you could put the user id: 36

So your final name would be 36-20070516-31578127.jpg

If you're just using this file name to display the image, this would work fine.

The rand() function is here:
http://us2.php.net/manual/en/function.rand.php
and the date() function is here:
http://us2.php.net/manual/en/function.date.php

But, if you are absolutely dead set on using an auto increment, I think there is a MySQL function to do this. But, you would have to post in the database forum for more information.

I hope this helps.

The problem with that is that is that I have another page which fetches info from the database and uses it for an image and a link. By doing this, I'm not sure if I'd get two different numbers (because I'd need to use it for the database field AND the file name).

I'll post a link to this topic in the mySQL forum, thanks

Well, you connect to the database and stick a query into $sql, but you never run the query with mysql_query($sql); After you do that, the id for the auto incremented field can be retrieved with mysql_insert_id(); See http://us2.php.net/mysql_insert_id for more info.

I'm not entirely sure I get this script. Using your advice, I've tried this and, although it's now updating the tables, it's still not saving the files to where I tell it to:

PHP Code:

  $con = mysql_connect("localhost","username","password");
  if (!$con)
    {
    die('Could not connect: ' . mysql_error());
    }
  
  mysql_select_db("mydb", $con);

  switch ( $_POST['authors'] )
    {
    case 'author1' : $sql="INSERT INTO animation (Name, ShortName, Width, Height, Comment, MemberID1, MemberName1, Type)
VALUES
('$_POST[name]','$_POST[shortname]','$_POST[width]','$_POST[height]','$_POST[comment]','$_POST[memberid1]','$_POST[membername1]','$_POST[type]')"; 
                         break; 
    case 'author2' : $sql="INSERT INTO animation (Name, ShortName, Width, Height, Comment, MemberID1, MemberName1, MemberID2, MemberName2, Type)
VALUES
('$_POST[name]','$_POST[shortname]','$_POST[width]','$_POST[height]','$_POST[comment]','$_POST[memberid1]','$_POST[membername1]','$_POST[memberid2]','$_POST[membername2]','$_POST[type]')";
                         break;
    case 'author3' : $sql="INSERT INTO animation (Name, ShortName, Width, Height, Comment, MemberID1, MemberName1, MemberID2, MemberName2, MemberID3, MemberName3, Type)
VALUES
('$_POST[name]','$_POST[shortname]','$_POST[width]','$_POST[height]','$_POST[comment]','$_POST[memberid1]','$_POST[membername1]','$_POST[memberid2]','$_POST[membername2]','$_POST[memberid3]','$_POST[membername3]','$_POST[type]')";
                         break;
    case 'author4' : $sql="INSERT INTO animation (Name, ShortName, Width, Height, Comment, MemberID1, MemberName1, MemberID2, MemberName2, MemberID3, MemberName3, MemberID4, MemberName4, Type)
VALUES
('$_POST[name]','$_POST[shortname]','$_POST[width]','$_POST[height]','$_POST[comment]','$_POST[memberid1]','$_POST[membername1]','$_POST[memberid2]','$_POST[membername2]','$_POST[memberid3]','$_POST[membername3]','$_POST[memberid4]','$_POST[membername4]','$_POST[type]')";
                         break;                       
    case 'author5' : $sql="INSERT INTO animation (Name, ShortName, Width, Height, Comment, MemberID1, MemberName1, MemberID2, MemberName2, MemberID3, MemberName3, MemberID4, MemberName4, MemberID5, MemberName5, Type)
VALUES
('$_POST[name]','$_POST[shortname]','$_POST[width]','$_POST[height]','$_POST[comment]','$_POST[memberid1]','$_POST[membername1]','$_POST[memberid2]','$_POST[membername2]','$_POST[memberid3]','$_POST[membername3]','$_POST[memberid4]','$_POST[membername4]','$_POST[memberid5]','$_POST[membername5]','$_POST[type]')";
                         break;
    case 'author6' : $sql="INSERT INTO animation (Name, ShortName, Width, Height, Comment, MemberID1, MemberName1, MemberID2, MemberName2, MemberID3, MemberName3, MemberID4, MemberName4, MemberID5, MemberName5, MemberID6, MemberName6, Type)
VALUES
('$_POST[name]','$_POST[shortname]','$_POST[width]','$_POST[height]','$_POST[comment]','$_POST[memberid1]','$_POST[membername1]','$_POST[memberid2]','$_POST[membername2]','$_POST[memberid3]','$_POST[membername3]','$_POST[memberid4]','$_POST[membername4]','$_POST[memberid5]','$_POST[membername5]','$_POST[memberid6]','$_POST[membername6]','$_POST[type]')";
                         break;
    }

  move_uploaded_file($_FILES["flash"]["tmp_name"],
  "http://www.mysite.com/swf/flash_id" . mysql_insert_id() . ".swf");
  move_uploaded_file($_FILES["pic"]["tmp_name"],
  "http://www.mysite.com/images/flash/animation/" . mysql_insert_id() . ".gif");

  if (!mysql_query($sql,$con))
    {
    die('Error: ' . mysql_error());
    }
    
  echo '1 file updated.';

mysql_close($con) 


You can't access mysql_insert_id() before the mysql_query() command. You missed when I said, "After you do that". Move those to the right areas and you should be ok.

So like this?:

PHP Code:

  if (!mysql_query($sql,$con))
    {
    die('Error: ' . mysql_error());
    }

  move_uploaded_file($_FILES["flash"]["tmp_name"],
  "http://www.mysite.com/swf/flash_id" . mysql_insert_id() . ".swf");
  move_uploaded_file($_FILES["pic"]["tmp_name"],
  "http://www.mysite.com/images/flash/animation/" . mysql_insert_id() . ".gif"); 


EDIT: Nvm, that's not working either. If you meant "Add mysql_query($sql)" before hand, I tried that... all it did was try and add the entry twice.

I just looked more closely at your line move_uploaded_file line. You can't move a file from your server to a web location - you need to move it to somewhere on the server by using the path on the server.

So,

move_uploaded_file($_FILES["flash"]["tmp_name"],"http://www.mysite.com/swf/flash_id" . mysql_insert_id() . ".swf");

should be something like

move_uploaded_file($_FILES["flash"]["tmp_name"],"swf/flash_id" . mysql_insert_id() . ".swf");

BUT, it depends on your server setup and file structure.

But wouldn't that mean that I would have to save them under a file in the same location as the uploader? I wanted to have this uploader in a password protected (using .htaccess) file:

http://www.mysite.com/admin_cpanel

then have it upload to the folders stated above. Is there anyway to do this?

I tried changing the code to this:

PHP Code:

  move_uploaded_file($_FILES["flash"]["tmp_name"],
  "home/a17roolz/public_html/swf/flash_id" . mysql_insert_id() . ".swf");
  move_uploaded_file($_FILES["pic"]["tmp_name"],
  "home/a17roolz/public_html/images/flash/animation/" . mysql_insert_id() . ".gif"); 


But still nothing. Suggestions?

Have you checked that $_FILES["flash"]["tmp_name"] and $FILES["pic"]["tmp_name"] are both populated just before you try to use the move_uploaded_file function?

Also are you getting any error message output (notices, warnings etc.) and/or same logged in whatever log file is configured (e.g. error_log)?

I would suggest (without knowing anything about your server) that your path is more likely to be something like /home/a17roolz/public_html/swf/ ...

As an aside, I hope that you're performing appropriate validation on your form inputs before executing all of this code above. You should be using things like mysql_escape_string (or the mysqli equiv.) to help avoid SQL injection attacks etc.

Since you're accepting file uploads and (I presume) making these uploads web accessible, you also need to consider validation of those files themselves very carefully - scripts like this are a great way for hackers to upload whatever they need to your server which is generally the first step in deploying a root kit etc.

Actually, I forgot to add the "/home" above, but it is actually in my script. All I'm getting is "1 record uploaded" but, although it's updating my database, it's not uploading the files.

Also I have the following script beforehand:

PHP Code:

elseif (( $_FILES['pic']['type'] != "image/gif" )
||     ( $_FILES['flash']['type'] != "application/x-shockwave-flash" ))
  {
  echo "<b>Invalid file(s).</b><br /><br />";
  echo "The file(s) specified are invalid. Please go back and try again.";
  }
elseif ($_FILES["flash"]["error"] > 0)
  {
  echo "Return Code: " . $_FILES["flash"]["error"] . "<br />";
  }
elseif ($_FILES["pic"]["error"] > 0)
  {
  echo "Return Code: " . $_FILES["pic"]["error"] . "<br />";
  } 


So the fields have to be valid in order for the script to run.

A few precautions Daren,

One, mysql_insert_id() will only work the way you need if it's called after the
mysql_query().

Two, make your life easier, and put the results of the mysql_insert_id() function in a variable.

Code:

$doc_id = mysql_insert_id();

then use $doc_id in your move_uploaded_file() calls.

Three. and please don't think this is patronizing, but you should probably re-read damien_js's comments more carefully.

It seems you two have been partially talking past each other.

jefkin