Before you look at the code know that this will not become live so there will be no need to protect against mysql injection or use PDO or mysqli
Hi I'm really confused about how I'm supposed to get this section of my site to work this is the simple version of my problem. To start off with I have a form that a user will enter the details of a video then they can also upload the video, when they click the send button all of the details will be posted to a second page, at the moment it just echos the selected details that was from the form.
this is the SQL query that I want the value to be inserted into using the variables this is currently working.
INSERT INTO careersintheclassroom.media
(media_id
,subject_id
,section_id
,principle_id
,jobrole_id
,career_id
,title
,blurb
,verified
) VALUES
(NULL
,'$Subject'
,'$Section'
,'$Principle'
,'$Job'
,'$Career'
,'$Title'
,'$Blurb'
, 0);
This is the page that the details are posted to.
<html>
<head>
<!--<meta http-equiv="refresh" content="10; URL=/classroom/contributors.php">-->
</head>
</html>
<?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.
$uploaddir = 'Downloads./';//
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
$Title = $_POST['Title'];
$Blurb = $_POST['Blurb'];
$Subject = $_POST['cat'];
$Section = $_POST['typ'];
$Principle = $_POST['princ'];
$Verify = $_POST['verification'];
$Career = $_POST['career'];
$Job = $_POST['Job'];
echo "<br />";
echo "<pre>";
echo " <b>Your media has been uploaded</b><br /><br /> ";
echo "Title : "; echo $Title;
echo "<br/>";
echo "Blurb : "; echo $Blurb;
echo"<br />";
echo "catergory : "; echo $Subject;
echo"<br />";
echo "section : "; echo $Section;
echo"<br />";
echo"principle : "; echo $Principle;
echo"<br />";
echo "job : "; echo $Job;
echo"<br />";
echo "Career : "; echo $Career;
echo "<br />";
echo "Verify : "; echo $Verify;
echo "<br />";
echo "<br />";
echo"INSERT INTO `careersintheclassroom`.`media` (`media_id`, `subject_id`, `section_id`, `principle_id`, `jobrole_id`, `career_id`, `title`, `blurb`, `verified`)
VALUES (NULL, '".$Subject."', '".$Section."', '".$Principle."', '".$Job."', '".$Career."', '".$Title."', '".$Blurb."', '0');";
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.
";
echo "This is where I need to reference the function that runs the sql `INSERT`";
}
else
{
echo "Possible file upload attack!
";
}
echo 'Here is some more debugging info:';
print_r($_FILES);
print "</pre>";
?>
my problem is i need to run the sql query on another page and then reference it to run from where i have stated and every time i try i get this echoed to my screen:
INSERT INTO `careersintheclassroom`.`media` (`media_id`, `subject_id`, `section_id`, `principle_id`, `jobrole_id`, `career_id`, `title`, `blurb`, `verified`)
VALUES (NULL, '', '', '', '', '', '', '', '0');
which I know means it cannot find the $_POST values because they are not within this page but everytime I put the $_POST on there then it makes the page break as in white screen nothing is displayed not even errors
any help would be much appreciated
