<html> <head> ... </head> <body> <form id="upload" act

1. <html>
2. <head>
3. ...
4. </head>
5. <body>
6. <form id="upload" action="./upload.php" method="POST" enctype="multipart/form-data">
7. <input type="file" name="file">
8. <input type="submit" value="Upload">
9. </form>
10. </body>
11. </html>
12.  
13. <? php
14.  
15. if(isset($_POST['upload']) && $_FILES['file']['size'] > 0)
16. {
17. $file_name = $_FILES['file']['name'];
18. $file_size = $_FILES['file']['size'];
19. $file_tmp = $_FILES['file']['tmp_name'];
20. $file_type = $_FILES['file']['type'];
21.  
22. $parser = fopen($file_tmp, 'r');
23. $content = fread($parser, filesize($file_tmp));
24. $content = addslashes($content);
25. fclose($parser);
26.  
27. if(!get_magic_quotes_gpc())
28. {
29. $file_name = addcslashes($file_name);
30. }
31.  
32. $user = "root";
33. $host = "localhost";
34. $pass = "";
35. $db = "filemeup";
36.  
37. try
38. {
39. $conn = new PDO("mysql:host=$host;dbname=$db;", $user, $pass);
40. }
41. catch(PDOException $e)
42. {
43. echo "Error: ".$e->getMessage();
44. exit;
45. }
46. $conn->query("SET NAMES utf8");
47.  
48. $query="INSERT INTO files (name, size, type, content)"."VALUES (:name, :size, :type, :content) ";
49. $stmt = $this->conn->prepare($query);
50. $stmt->bindParam(':name', $file_name);
51. $stmt->bindParam(':size', $file_size);
52. $stmt->bindParam(':type', $file_type);
53. $stmt->bindParam(':content', $content);
54. $stmt->execute();
55. ?>