Add more custom variables to mysql insert on blueimp/jquery-file-upload

Question

I am currently inserting a title and description, via mysql, inside of the blueimp/jquery-file-upload script. I used this tutorial to get me there, however, i need to add another variable. The variable is the session of the current logged in user's ID $_SESSION["userid"], and i want to insert it into a column i added called uid. Usually it's simple to impliment another column into the insert, however this script is very touchy and anytime i mess with it, even the slightest bit, i get "SyntaxError: Unexpected token <". Any help would be greatly appreciated.

/server/php/index.php

$options = array(
    'delete_type' => 'POST',
    'db_host' => 'localhost',
    'db_user' => 'fpform_fanuser',
    'db_pass' => '*****',
    'db_name' => 'fpform_fandata',
    'db_table' => 'files'
);

error_reporting(E_ALL | E_STRICT);
require('UploadHandler.php');

class CustomUploadHandler extends UploadHandler {

    protected function initialize() {
        $this->db = new mysqli(
            $this->options['db_host'],
            $this->options['db_user'],
            $this->options['db_pass'],
            $this->options['db_name']
        );
        parent::initialize();
        $this->db->close();
    }

    protected function handle_form_data($file, $index) {
        $file->title = @$_REQUEST['title'][$index];
        $file->description = @$_REQUEST['description'][$index];
    }

    protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
            $index = null, $content_range = null) {
        $file = parent::handle_file_upload(
            $uploaded_file, $name, $size, $type, $error, $index, $content_range
        );
        if (empty($file->error)) {
            $sql = 'INSERT INTO `'.$this->options['db_table']
                .'` (`name`, `size`, `type`, `title`, `description`)'
                .' VALUES (?, ?, ?, ?, ?)';
            $query = $this->db->prepare($sql);
            $query->bind_param(
                'sisss',
                $file->name,
                $file->size,
                $file->type,
                $file->title,
                $file->description,
            );
            $query->execute();
            $file->id = $this->db->insert_id;
        }
        return $file;
    }

    protected function set_additional_file_properties($file) {
        parent::set_additional_file_properties($file);
        if ($_SERVER['REQUEST_METHOD'] === 'GET') {
            $sql = 'SELECT `id`, `type`, `title`, `description` FROM `'
                .$this->options['db_table'].'` WHERE `name`=?';
            $query = $this->db->prepare($sql);
            $query->bind_param('s', $file->name);
            $query->execute();
            $query->bind_result(
                $id,
                $type,
                $title,
                $description
            );
            while ($query->fetch()) {
                $file->id = $id;
                $file->type = $type;
                $file->title = $title;
                $file->description = $description;
            }
        }
    }

    public function delete($print_response = true) {
        $response = parent::delete(false);
        foreach ($response as $name => $deleted) {
            if ($deleted) {
                $sql = 'DELETE FROM `'
                    .$this->options['db_table'].'` WHERE `name`=?';
                $query = $this->db->prepare($sql);
                $query->bind_param('s', $name);
                $query->execute();
            }
        } 
        return $this->generate_response($response, $print_response);
    }

}


$upload_handler = new CustomUploadHandler($options);

Answer 1

Assuming you want to change your INSERT query (there is only one INSERT query in the code that you posted), this is what you need to change:

if (empty($file->error)) {
    $sql = 'INSERT INTO `'.$this->options['db_table']
            .'` (`name`, `size`, `type`, `title`, `description`, `uid`)'
            .' VALUES (?, ?, ?, ?, ?, ?)';
    $query = $this->db->prepare($sql);
    $query->bind_param(
            'sisss',
            $file->name,
            $file->size,
            $file->type,
            $file->title,
            $file->description,
            $_SESSION['userid']
        );
    $query->execute();
    $file->id = $this->db->insert_id;
}

Answer 2

I think you have to add another entry into the first parameter of bind_param:

$query->bind_param(
        **'sisss',**
        $file->name,
        $file->size,
        $file->type,
        $file->title,
        $file->description,
        $_SESSION['userid']

should be

$query->bind_param(
        **'sissss',**
        $file->name,
        $file->size,
        $file->type,
        $file->title,
        $file->description,
        $_SESSION['userid']

Minus the asterisks, of course, or whatever the correct data type is (see the parameter types section at http://us.php.net/manual/en/mysqli-stmt.bind-param.php).

One oddity, I tried passing a literal string as the last param, and it threw this error:

"PHP Fatal error: Cannot pass parameter 7 by reference in /var/www/html/jqfileuploadertest/server/php/index.php on line 66"

But when I changed 'mystring' to $file->name it worked fine. This will take some wrestling because I want to timestamp these...I have a feeling just adding "NOW()" isn't going to work...

---

Updated: I wanted to add two fields for each file, the ID of who uploaded it (which I think is what the OP is looking to do) as well as a timestamp. I added those as hidden inputs in the form:

<input name="contributor[]" type="hidden" value="myuserid" />
<input name="uploadedOn[]" type="hidden" value="2014-03-28 10:00:00" />

If your form is a php script you can dynamically generate both.

Then added this to index.php line ~44:

    $file->contributor = @$_REQUEST['contributor'][$index];
    $file->uploadedOn = @$_REQUEST['uploadedOn'][$index];

And modified this part of index.php where the sql statement is prepared:

if (empty($file->error)) {
        $sql = 'INSERT INTO `'.$this->options['db_table']
            .'` (`name`, `size`, `type`, `title`, `description`,`contributor`, `dateUploaded`)'
            .' VALUES (?, ?, ?, ?, ?, ?, ?)';
        $query = $this->db->prepare($sql);
        $query->bind_param(
            'sisssss',
            $file->name,
            $file->size,
            $file->type,
            $file->title,
            $file->description,
            $file->contributor,
            $file->uploadedOn
        );

And it worked.

Answer 3

protected function handle_file_upload($uploaded_file, $name, $size, $type, $error,
            $index = null, $content_range = null, $uid) {
        $file = parent::handle_file_upload(
            $uploaded_file, $name, $size, $type, $error, $index, $content_range, $uid
        );
        $uid=$_SESSION['userid'];
        if (empty($file->error)) {
            $sql = 'INSERT INTO `'.$this->options['db_table']
                .'` (`name`, `size`, `type`, `title`, `description`,`uid`)'
                .' VALUES (?, ?, ?, ?, ?,?)';
            $query = $this->db->prepare($sql);
            $query->bind_param(
                'sisssi',
                $file->name,
                $file->size,
                $file->type,
                $file->title,
                $file->description,
                $file->uid
            );
            $query->execute();
            $file->id = $this->db->insert_id;
        }
        return $file;
    }`

Answer 4

The error you're getting is in the javascript console when you upload the file right? I seems to me that one of the files thats being loaded is 404 not found, and its trying to parse the received 404 page as a script file when really its an html file that starts with <... I had this happen once before. Check under network and view all the resources that are being loaded when it happens. Its likely that the correct 404 headers are not being returned either which is why it would be attempting to parse it.