1. <?php
  2. if ($action == "upload") {
  3.   // ok, let's get the uploaded data and insert it into the db now
  4.   include "opendb.php";
  5.  
  6.   if (isset($binFile) && $binFile != "none") {
  7.     $data = addslashes(fread(fopen($binFile, "r"), filesize($binFile)));
  8.     $strDescription = addslashes(nl2br($txtDescription));
  9.     $sql = "INSERT INTO tbl_Files ";
  10.     $sql .= "(description, bin_data, filename, filesize, filetype) ";
  11.     $sql .= "VALUES ('$strDescription', '$data', ";
  12.     $sql .= "'$binFile_name', '$binFile_size', '$binFile_type')";
  13.     $result = mysql_query($sql, $db);
  14. //    mysql_free_result($result); // it's always nice to clean up!
  15.     echo "Thank you. The new file was successfully added to our database.<br><br>";
  16.     echo "<a href='main.php'>Continue</a>";
  17.   }
  18.   mysql_close();
  19.  
  20. } else {
  21. ?>
  22. <HTML>
  23. <BODY>
  24. <FORM METHOD="post" ACTION="add.php" ENCTYPE="multipart/form-data">
  25.  <INPUT TYPE="hidden" NAME="MAX_FILE_SIZE" VALUE="1000000">
  26.  <INPUT TYPE="hidden" NAME="action" VALUE="upload">
  27.  <TABLE BORDER="1">
  28.   <TR>
  29.    <TD>Description: </TD>
  30.    <TD><TEXTAREA NAME="txtDescription" ROWS="10" COLS="50"></TEXTAREA></TD>
  31.   </TR>
  32.   <TR>
  33.    <TD>File: </TD>
  34.    <TD><INPUT TYPE="file" NAME="binFile"></TD>
  35.   </TR>
  36.   <TR>
  37.    <TD COLSPAN="2"><INPUT TYPE="submit" VALUE="Upload"></TD>
  38.   </TR>
  39.  </TABLE>
  40. </FORM>
  41. </BODY>
  42. </HTML>
  43. <?php
  44. }
  45. ?>
  46.  
  47.