[skippyscage]

I have multiple pages that upload a pdf into a mysql database which can then be either downloaded or displayed. All this code works great.

I'm having issues with getting the syntax correct for uploading a new pdf to replace another pdf in the database.

For completeness I'll include all the steps that do work as well as the problem code....

The index.php page is where you initially upload a pdf and also has links to display, download and replace.

<form action="add_file.php" method="post" enctype="multipart/form-data">
<input type="file" name="uploaded_file"><br>
<input type="submit" value="Upload file">
</form>

<?php
// Connect to the database
$dbLink = new mysqli('localhost', 'userid', 'password', 'database');
if(mysqli_connect_errno()) {
    die("MySQL connection failed: ". mysqli_connect_error());
}
 
// Query for a list of all existing files
$sql = 'SELECT `id`, `name`, `mime`, `size`, `created` FROM `file`';
$result = $dbLink->query($sql);
 
// Check if it was successfull
if($result) {
    // Make sure there are some files in there
    if($result->num_rows == 0) {
        echo '<p>There are no files in the database</p>';
    }
    else {
        // Print the top of a table
        echo '<table border="0" cellspacing="10">
                <tr>
                    <th align="left">Name</th>
                    <th align="left">Size (bytes)</th>
                    <th align="left">Uploaded</th>
                    <th>&nbsp;</th>
					<th>&nbsp;</th>
					<th>&nbsp;</th>
                </tr>';
 
        // Print each file
        while($row = $result->fetch_assoc()) {
            echo "
                <tr>
                    <td>{$row['name']}</td>
                    <td>{$row['size']}</td>
                    <td>{$row['created']}</td>
                    <td><a href='get_file.php?id={$row['id']}'>Download</a></td>
					<td><a href='display.php?id={$row['id']}'>View</a></td>
					<td><a href='replace_file.php?id={$row['id']}'>Replace</a></td>
                </tr>";
        }
 
        // Close table
        echo '</table>';
    }
 
    // Free the result
    $result->free();
}
else
{
    echo 'Error! SQL query failed:';
    echo "<pre>{$dbLink->error}</pre>";
}
 
// Close the mysql connection
$dbLink->close();
?>

as you can see the form links to add_file.php:

<?php
// Check if a file has been uploaded
if(isset($_FILES['uploaded_file'])) {
    // Make sure the file was sent without errors
    if($_FILES['uploaded_file']['error'] == 0) {
        // Connect to the database
        $dbLink = new mysqli('localhost', 'userid', 'password', 'database');
        if(mysqli_connect_errno()) {
            die("MySQL connection failed: ". mysqli_connect_error());
        }
 
        // Gather all required data
        $name = $dbLink->real_escape_string($_FILES['uploaded_file']['name']);
        $mime = $dbLink->real_escape_string($_FILES['uploaded_file']['type']);
        $data = $dbLink->real_escape_string(file_get_contents($_FILES  ['uploaded_file']['tmp_name']));
        $size = intval($_FILES['uploaded_file']['size']);
 
        // Create the SQL query
        $query = "
            INSERT INTO `file` (
                `name`, `mime`, `size`, `data`, `created`
            )
            VALUES (
                '{$name}', '{$mime}', {$size}, '{$data}', NOW()
            )";
 
        // Execute the query
        $result = $dbLink->query($query);
 
        // Check if it was successful
        if($result) {
            echo 'Success! Your file was successfully added!';
        }
        else {
            echo 'Error! Failed to insert the file'
               . "<pre>{$dbLink->error}</pre>";
        }
    }
    else {
        echo 'An error accured while the file was being uploaded. '
           . 'Error code: '. intval($_FILES['uploaded_file']['error']);
    }
 
    // Close the mysql connection
    $dbLink->close();
}
else {
    echo 'Error! A file was not sent!';
}
 
// Echo a link back to the main page
echo '<p>Click <a href="index.php">here</a> to go back</p>';
?>

so far so good, all works as designed.

The code that displays and downloads the selected pdfs works also.

To replace a certain pdf I link to replace_file.php which only contains the form again, but passes the id of the pdf:

<form action="replace1_file.php" method="post" enctype="multipart/form-data">
<input type="file" name="uploaded_file"><br>
<input type="submit" value="Upload file">
</form>

this in turn goes to replace1_file.php and this is the page with the code that I'm having issues with. It's basically a copy of add-file.php but using UPDATE instead of INSERT:

 <?php
// Check if a file has been uploaded
if(isset($_FILES['uploaded_file'])) {
    // Make sure the file was sent without errors
    if($_FILES['uploaded_file']['error'] == 0) {
        // Connect to the database
        $dbLink = new mysqli('localhost', 'userid', 'password', 'database');
        if(mysqli_connect_errno()) {
            die("MySQL connection failed: ". mysqli_connect_error());
        }
 
        // Gather all required data
        $name = $dbLink->real_escape_string($_FILES['uploaded_file']['name']);
        $mime = $dbLink->real_escape_string($_FILES['uploaded_file']['type']);
        $data = $dbLink->real_escape_string(file_get_contents($_FILES  ['uploaded_file']['tmp_name']));
        $size = intval($_FILES['uploaded_file']['size']);
 
        // Create the SQL query
        $query = "
            UPDATE 'file' 
			SET `mime`, `name`, `size`, `data` 
            WHERE `id` = {$id}";
 
        // Execute the query
        $result = $dbLink->query($query);
 
        // Check if it was successful
        if($result) {
            echo 'Success! Your file was successfully added!';
        }
        else {
            echo 'Error! Failed to insert the file'
               . "<pre>{$dbLink->error}</pre>";
        }
    }
    else {
        echo 'An error accured while the file was being uploaded. '
           . 'Error code: '. intval($_FILES['uploaded_file']['error']);
    }
 
    // Close the mysql connection
    $dbLink->close();
}
else {
    echo 'Error! A file was not sent!';
}
 
// Echo a link back to the main page
echo '<p>Click <a href="index.php">here</a> to go back</p>';
?>

now it's tripping up on this part of the syntax:

 $query = "
            UPDATE 'file' 
			SET `mime`, `name`, `size`, `data` 
            WHERE `id` = {$id}";

messages such as "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' name, size, data WHERE id =' at line 2"

I've tried many variations of coding this part but all to no avail... I'm wondering if I'm missing something obvious?

I'm thinking that maybe I'm missing sending the variable of id from the replace_file.php page, three code snippets above? If so I'm lost there also. I assume the variable is getting dropped between replace_file.php and replace1_file.php -- so how do I pass that through two pages?

[skippyscage]

I screwed up one of the code tags, but can't see a way to edit the post

[codeprada]

A moderator will fix the code tags for you.

The ID was passed to replace1_file.php but never stored. Simply place $_GET['id'] into a hidden input element within the form on your replace1_file.php script. You can then read the id using $_POST['id'] when uploading.

[skippyscage]

hmm maybe I'm not quite understanding - I've been looking at this fir a coupe of days.

I amended the code in the first page, replace_file.php

<?php $_GET['id'] ?>
<form action="replace1_file.php" method="post" enctype="multipart/form-data">
<input type="file" name="uploaded_file"><br>
<input type="submit" value="Upload file">
<input type="hidden" name="id" value="<?php $_POST['id'] ?>">
</form>

now hopefully I'm retrieving the id that was already passed from the previous page and then posting it on via the form.

the replace1_file.php now shows partial code as

        $id = $_POST['id'];
        $name = $dbLink->real_escape_string($_FILES['uploaded_file']['name']);
        $mime = $dbLink->real_escape_string($_FILES['uploaded_file']['type']);
        $data = $dbLink->real_escape_string(file_get_contents($_FILES  ['uploaded_file']['tmp_name']));
        $size = intval($_FILES['uploaded_file']['size']);
		
        // Create the SQL query
        $query = " UPDATE file SET mime = '$mime', name = '$name', size = '$size', data = '$data' WHERE id = '$id' ";

I've created variable $id and used that in the update part of the $query

I get zero errors and the script works to the end with a positive result, but the record is not getting updating. I also changed POST to GET with the same result.

I'll be the first to admit that I don't quite understand the POST and GET part of the code, even after looking at lots of references on the net.

I'm usually updating via echo variables in a form, but this is the first time I've tried to upload and replace an actual file in a database.

[codeprada]

This line here

<input type="hidden" name="id" value="<?php $_POST['id'] ?>">

needs to be changed to

<input type="hidden" name="id" value="<?php $_GET['id'] ?>">

Remember you're passing the id to replace1_file.php via the URL...

Check this link out: PHP GET and POST Methods

This post has been edited by codeprada: 07 December 2011 - 10:44 PM

[skippyscage]

thanks, but still no good, although I found this in the link you posted:

Quote

GET can't be used to send binary data, like images or word documents, to the server.

as I'm trying to send and uploaded to replace a pdf, then I guess GET and POST won't work, which will explain why the code doesn't break and seems to work, and yet nothing is uploaded to the mysql database.

I'll have to think of another way to do this.

[DeWire]

Quote

GET can't be used to send binary data, like images or word documents, to the server.

Yes but you are only passing an id to the program using GET, not the actual file.

Dave

[codeprada]

skippyscage, on 08 December 2011 - 10:43 PM, said:

thanks, but still no good, although I found this in the link you posted:

Quote

GET can't be used to send binary data, like images or word documents, to the server.

as I'm trying to send and uploaded to replace a pdf, then I guess GET and POST won't work, which will explain why the code doesn't break and seems to work, and yet nothing is uploaded to the mysql database.

I'll have to think of another way to do this.

Don't worry about the PDF file being uploaded...it is. You just need to get the ID of the PDF file to be replaced over to the replace script.

<form action="replace1_file.php" method="post" enctype="multipart/form-data">
    <input type="file" name="uploaded_file"><br>
    <input type="submit" value="Upload file">
    <input type="hidden" name="id" value="<?php $_GET['id'] ?>">
</form>

Load this page and view the source. You should see the ID of the PDF file within the value of the hidden element.

[skippyscage]

thanks for all the pointers - thinking about this more I just found this http://www.dreaminco...mages-with-php/

I guessing I could modify to use pdfs instead of image files?

This way at least I'm not uploading loads of binary data an overloading the database.... or am I barking up the wrong tree?

The site I'm manipulating may end up having 100s of pdf records for multiple people as an official source for a government organisation, so I'm looking at trying to do this efficiently.