Heatrepeat
New Member
Sorry I'm a newbie, I think that there's something wrong in this code, or something that can be improved.This code was designed to upload files from a flash javascript uploader plugin.It doesn't give me an error but sometimes it does not insert the mysql query.P.s: every posted variable is cleaned up via javascript (just alphanumeric text) Thank you. \[code\]<?phpinclude 'a/inc/db.php';if (!empty($_FILES)) { $tempFile = $_FILES['Filedata']['tmp_name']; if (substr($_FILES['Filedata']['name'],-3)!='mp3') { echo 'ERROR: your file was not an mp3'; die(); } $targetPath = $_SERVER['DOCUMENT_ROOT'] . $_POST['folder'] . '/'; $titlepost = $_POST['title']; $tagspost = $_POST['tag']; $artist= $_POST['artist']; $i= $_POST['i']; $targetFile = str_replace('//','/',$targetPath) .time().".mp3"; $targetFilea = $targetFile; $targetFilea = substr($targetFilea , strrpos($targetFilea , 'music') -1); move_uploaded_file($tempFile,$targetFile); mysql_query('set names utf8'); $sql = mysql_query("INSERT INTO `Music` (`filename`, `title`, `tags`, `rating`, `click`, `rand`, `album`, `i`, `artist`) VALUES ('".$targetFilea."', '".$titlepost."', '".$tagspost."', '0', '1', '".$ras."', '1', '".$i."', '".$artist."');") or die(mysql_error()); $sqli = mysql_query("INSERT INTO `activity` (`from`, `what`, `text`) VALUES ('".$i."', 'upload', '".$titlepost."');") or die(mysql_error()); $click = mysql_query("SELECT * FROM `Music` WHERE `filename`='".$targetFilea."' ;"); while($row = mysql_fetch_array( $click )) { $mid=$row['id']; echo "<id>".$row['id']."</id>"; } mysql_close($connection);}echo "1";?>\[/code\]