0

I want to start off with that this will be my first post on Stackoverflow, so thanks for helping me in advance.

I'm trying to make a form in which i can enter a name, artist, genre and upload an audio file into a folder.

I have it all setup except for the query doesn't work.

Here is the form:

<form action="upload" method="post" enctype="multipart/form-data">

<label for="musicName" class="col-sm-2 col-form-label col-form-label-lg">Title:</label>
    <div class="col-sm-10">
        <input type="text" class="form-control" name="musicName" id="musicName" required />
    </div>

<label for="musicArtist" class="col-sm-2 col-form-label col-form-label-lg">Artist:</label>
    <div class="col-sm-10">
        <input type="text" class="form-control" name="musicArtist" id="musicArtist" required />
    </div>

<label for="musicGenre" class="col-sm-2 col-form-label col-form-label-lg">Genre:</label>
    <div class="col-sm-10">
        <select class="form-control" name="musicGenre" id="musicGenre" required >
          <option value="hiphop">Hip Hop</option>
          <option value="trap">Trap</option>
          <option value="pop">Pop</option>
          <option value="edm">EDM/Dance</option>
          <option value="rock">Rock</option>
          <option value="rnb">RnB</option>
          <option value="jazz">Jazz</option>
          <option value="country">Country</option>
          <option value="metal">Metal</option>
          <option value="blues">Blues</option>
          <option value="reggae">Reggae</option>
          <option value="classical">Classical</option>
        </select>
    </div>

<label for="fileToUpload" class="col-sm-2 col-form-label col-form-label-lg"></label>
<div class="col-sm-10">
    <label for="fileToUpload" class="uploadArea">drop a file to upload<div id="selectedFiles"><p></p></div></label>

    <input type="file" name="fileToUpload" id="fileToUpload" class="hidden" multiple>
</div>
<label for="submitSong" class="col-sm-2 col-form-label col-form-label-lg"></label>
<div class="col-sm-10">
    <input type="submit" value="Upload Image" id="submitSong" name="submitSong" class="btn btn-primary">
</div>

Then first i do all my checks etc.

<?php
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);

$file_name = $_FILES["fileToUpload"]["name"];
$file_tmp = $_FILES["fileToUpload"]["tmp_name"];
$file_size = $_FILES["fileToUpload"]["size"];
$file_type = $_FILES["fileToUpload"]["type"];

$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image
if(isset($_POST["submitSong"])) {
    $check = filesize($_FILES["fileToUpload"]["tmp_name"]);
    if($check !== false) {
        $uploadOk = 1;
    } else {
        echo "<script>
                alert(`File is not an audio file.`);
                window.location.href=`music`;
                </script>";
        $uploadOk = 0;
    }
}
// Check if file already exists
if (file_exists($target_file)) {
    echo "<script>
                alert(`Sorry, file already exists.`);
                window.location.href=`music`;
                </script>";
    $uploadOk = 0;
}

$filesize = 5000000;

// Check file size
if ($_FILES["fileToUpload"]["size"] > $filesize) {
    echo "<script>
                alert(`Sorry, your file exceeds the limit of" . $filesize . " `);
                window.location.href=`music`;
                </script>";
    $uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "mp3" && $imageFileType != "wav" && $imageFileType != "flac" ) {
    echo "<script>
                alert(`Sorry, only Mp3, Wav & Flac files are allowed.`);
                window.location.href=`music`;
                </script>";
    $uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
    echo "<script>
                alert(`Sorry, your file was not uploaded.`);
                window.location.href=`music`;
                </script>";

And then at last i upload the file and the attributes that came with it

// if everything is ok, try to upload file
} else {
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {


        if(isset($_POST[`submitSong`]))
    {
        $song_title = mysqli_real_escape_string($mysqli, htmlentities($_POST[`musicName`]));
        $song_artist = mysqli_real_escape_string($mysqli, htmlentities($_POST[`musicArtist`]));
        $song_genre = mysqli_real_escape_string($mysqli, htmlentities($_POST[`musicGenre`]));
        $current_time = `CURRENT_TIMESTAMP`;

        $sql = "INSERT INTO songs (song_name, song_artist, song_genre, uploaded_at, song_link, user_id VALUES 
        ($song_title, $song_artist, $song_genre, $current_time, $file_tmp," . $_SESSION[`userid`] . ")";
        // ($song_title, $song_artist, $song_genre, $current_time, $file_tmp," . $_SESSION[`userid`] . ")"; 

        $result = $mysqli->query($sql);

        var_dump($result);

        // echo "<script>
                // alert(`You have succesfully uploaded: ". basename( $_FILES["fileToUpload"]["name"]). " !`);
                // window.location.href=`music`;
                // </script>";

    }


    } else {
        echo "<script>
                alert(`Sorry, there was an error uploading your file.`);
                window.location.href=`music`;
                </script>";
        // echo "Sorry, there was an error uploading your file.<br />";
    }
}?>

Any help would be appreciated!

  • What do you mean by "doesn't work"? Are you getting any errors? Have you checked the error logs? – Jay Blanchard Nov 28 '16 at 22:39
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) – Jay Blanchard Nov 28 '16 at 22:39
  • Ah im stupid i fixed the query, inside the query itself right before VALUES i forgot to put the ")". Thanks for your help i appreciate it. – Kevin Meijer Nov 28 '16 at 22:58

0 Answers0