If you want to get a sense of the error, just do something like:
$qry = "INSERT INTO trabalhe (id, nome, email, cpf, telefone, cidade,
interesse, mensagem, nome_arquivo, arquivo, tipo) VALUES (0, '$interessado','$email','$cpf','$telefone','$cidade','$interesse','$mensagem','$nome','$conteudo','$tipo')";
mysql_query($qry) or die( mysql_error() );
It will probably return some syntax error or it will state that id equal to zero 0
is wrong, yes id can not be zero, alias if id
is AUTOINCREMENT
this field should be omitted, like this:
$qry = "INSERT INTO trabalhe (nome, email, cpf, telefone, cidade,
interesse, mensagem, nome_arquivo, arquivo, tipo) VALUES ('$interessado','$email','$cpf','$telefone','$cidade','$interesse','$mensagem','$nome','$conteudo','$tipo')";
Another important thing to say, addslashes
is not used to escape in mysql, the purpose of it is another, als none of its variables has been escaped:
$interessado = $_POST["nome"];
$email = $_POST["email"];
$cpf = $_POST["cpf"];
$telefone = $_POST["telefone"];
$cidade = $_POST["cidade"];
$interesse = $_POST["interesse"];
$mensagem = $_POST["msg"];
Any character in this may cause the syntax error in the mysql INSERT.
I strongly recommend that you upgrade your scripts to MYSQLI , ie the database is still mysql, but the access API is now MYSQLI or PDO you choose, I believe mysqli will be easier and more familiar.
Then following the examples from the doc: link
<?php
$link = mysqli_connect("localhost", "my_user", "my_password", "world");
if (!$link) {
printf("Can't connect to localhost. Error: %s\n", mysqli_connect_error());
exit;
}
//Escapa as variaveis conforme as configurações de conexão
$interessado = mysqli_real_escape_string($link, $_POST["nome"]);
$email = mysqli_real_escape_string($link, $_POST["email"]);
$cpf = mysqli_real_escape_string($link, $_POST["cpf"]);
$telefone = mysqli_real_escape_string($link, $_POST["telefone"]);
$cidade = mysqli_real_escape_string($link, $_POST["cidade"]);
$interesse = mysqli_real_escape_string($link, $_POST["interesse"]);
$mensagem = mysqli_real_escape_string($link, $_POST["msg"]);
//Se o arquivo estiver ok o erro é igual a constante UPLOAD_ERR_OK
if ($_FILES['userfile']['error'] == UPLOAD_ERR_OK) {
$arquivo = $_FILES["arquivo"]["tmp_name"];
$tamanho = $_FILES["arquivo"]["size"];
$tipo = $_FILES["arquivo"]["type"];
$nome = $_FILES["arquivo"]["name"];
$fp = fopen($arquivo, "rb");
$conteudo = fread($fp, $tamanho);
$conteudo = mysqli_real_escape_string($link, $conteudo);
fclose($fp);
$qry = "INSERT INTO trabalhe (nome, email, cpf, telefone, cidade,
interesse, mensagem, nome_arquivo, arquivo, tipo) VALUES ('$interessado','$email','$cpf','$telefone','$cidade','$interesse','$mensagem','$nome','$conteudo','$tipo')";
//Se funcionar informa quantas linhas foram inseridas (vai retornar "1" sempre/provavelmente)
if (mysqli_query($link, "CREATE TABLE Language SELECT * from CountryLanguage")) {
echo 'linhas atualizadas: ', mysqli_affected_rows($link));
} else {
//Se falhar informa o erro
echo 'Erro:', mysqli_error($link)
}
} else {
echo 'Erro no upload';
}
Of course I do not really recommend saving the data from an image directly to the database, it would be better to save it to the disk and put the image path in the database.
I think this question answers why I do not find a good way to write directly to the bank:
I'm not saying it's totally wrong, but in most cases it's not a good way.
If you intend to block external access to documents you can limit access to the folder by using a
.htaccess
allowing only a php to get the content or if the goal is to only block google and bing from indexing it would be enough to use
robots.txt
:
Disallow: /imagens/*