I'm using PHP to create a service to accept a file and then enter information into a MySQL database. I'm not generating any errors (at least not in the directory error_log). The file uploads fine, however the information is not entered into the database, and as I said there are no errors that I see listed, there very well may be, and I'm unsure of where to look.
include("connect.php");
$type = "jpg";
foreach ($_GET as $key => $value) { eval("\$" . $key . " = \"" . $value . "\";");}
$filename = isset($_REQUEST["filename"]) ? $_REQUEST["filename"] : "jjj";
$append = $_REQUEST["append"];
if($code == "XXX")
{
try
{
mysql_query("INSERT INTO `images-table` (`file-name`, `file-type`) VALUES (`". $filename . "`, `" . $type . "`)");
if(!$append)
$file = fopen("uploads/" . $filename,"w");
else
$file = fopen("uploads/" . $filename,"a");
$input = file_get_contents ("php://input");
fwrite($file,$input);
fclose($file);
echo "OK";
}
catch (Exception $e)
{
echo 'Caught exception: ', $e->getMessage(), "\n";
}
}
else
{
echo 'You do not have permission to do this.';
}
because the values of your INSERT statement were wrap with backticks. It should be single quote. Backticks are identifier, single quote are for string.
mysql_query("INSERT INTO `images-table` (`file-name`, `file-type`)
VALUES ('". $filename . "', '" . $type . "')");
As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.
Others