I am working on a project where you have to upload all files on a server in JPEG format but this following code in upload.php is not working, like it is not checking the condition whether there is a name to album or not.
Following file is upload.php with database connect to it with 4 fields in table... id, name, album_id, url.
<html>
<head>
<title>PHP file upload</title>
<link rel="stylesheet" href="style.css" />
</head>
<body>
<?php include 'connect.php'; ?>
<div id="body">
<?php include 'title_bar.php'; ?>
<div id="container">
<h3>Upload</h3>
<form enctype="multipart/form-data" method="POST">
<?php
if (isset($_POST['upload'])) {
$name = $_POST['name'];
$album_id = $_POST['album'];
$file = $_FILES['file']['name'];
$file_type = $_FILES['file']['type'];
$file_size = $_FILES['file']['size'];
$file_tmp = $_FILES['file']['tmp_name'];
if(empty($name) || empty($file)){
echo "Please Fill ALL THE FUIELD ";
}else{
echo "working";
}
}
?>
Name : <br />
<input type="text" name="name" />
<br /> <br />
Select Folder : <br />
<select>
<?php
$query = mysql_query("SELECT id , name FROM albums");
while($run = mysql_fetch_array($query)){
$album_id = $run['id'];
$album_name = $run['name'];
echo "<option value='$album_id'> $album_name </option>";
}
?>
</select>
<br /><br />
Select File : <br />
<input type="file" name="file" />
<br /> <br />
<input type="submit" name="Upload" value="Upload" />
</form>
</div>
</div>
</body>
</html>
file type and size haven't defined and upload config array did not initialize
The keys in $_POST are case-sensitive, you're checking for Upload but your input name is upload.
You should either change your input to :
<input type="submit" name="upload" value="Upload" />
Or your first PHP check to :
if (isset($_POST['Upload'])) {
Also, you should set a name attribute for your select or it won't be sent.
Related
Hello and Thanks for the help!
I have Html and PHP file (2 different file):
html:
<html>
<head>
<title>File Uploading Form</title>
</head>
<body>
<form enctype="multipart/form-data" action="Upload_File.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="10000000" />
<input name="uploadedfile" id="uploadedfile" type="file" /><br />
<br>
<input type="submit" value="Process File" Onclick="__set(document.getElementById('uploadedfile').value);" style="background-color: hsla(240, 100%, 75%,0.3);font-weight: bold;"/>
</form>
</body>
</html>
Php:
<html>
<head>
<title>File Uploading Form</title>
</head>
<body>
<form enctype="multipart/form-data" action="Upload_File.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="10000000" />
<input name="uploadedfile" id="uploadedfile" type="file" /><br />
<br>
<input type="submit" value="Upload File" Onclick="__set(document.getElementById('uploadedfile').value);" style="background-color: hsla(240, 100%, 75%,0.3);font-weight: bold;"/>
</form>
</body>
</html>
<?php
$uploadOk = 1;
$target_path_file = "Upload_Files_All/";
$N=$_FILES['uploadedfile']['name'];
$target_path = $target_path_file . basename($N);
$size=$_FILES['uploadedfile']['size'];
$FileTypeExt = pathinfo($target_path,PATHINFO_EXTENSION);
if (isset($N))
{
if (empty($N))
{
echo "<p style='color:#ff0000;' >Please choose a file to Upload</p>";
}
else
{
if ($uploadOk==1)
{
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path))
{
echo "<strong>The file ". basename( $_FILES['uploadedfile']['name'])." is ready to upload</strong>";
}
else
{
echo "<p style='color:#ff0000;' >There was an error uploading the file, please Contact Administrator</p>";
}
}
}
}
?>
Now I want to upload files to the system
files name:
sample.xlsx
sample1.xlsx
How I modify the code that only files with the same name (sample.xlsx or sample1.xlsx) will be uploaded.
and file with different name give the user message "please change file name"
There is a not so secure method using HTML5 and input/accept.
You can use it in a Intranet Application where security is not so important.
Such Things should always be checked by the server in production.
DO NOT USE IT ON INTERNET
Only combined with a server check.
Using XLSX Mime application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
AND/OR XLS Mime, application/msexcel
<input name="uploadedfile" id="uploadedfile" type="file" accept="application/msexcel,application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" /><br />
<html>
<head>
<title>File Uploading Form</title>
</head>
<body>
<form enctype="multipart/form-data" action="Upload_File.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="10000000" />
<input name="uploadedfile" id="uploadedfile" type="file" accept="application/msexcel,application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" /><br />
<br>
<input type="submit" value="Process File" Onclick="__set(document.getElementById('uploadedfile').value);" style="background-color: hsla(240, 100%, 75%,0.3);font-weight: bold;"/>
</form>
</body>
</html>
THE BETTER WAY
Is using the $_FILES variable
$_FILES['uploadedfile']['type'];
You can check the Mime Type
<?php
$uploadOk = 1;
$target_path_file = "Upload_Files_All/";
$accepted_mime1 = "application/msexcel";
$accepted_mime2 = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet";
$T=$_FILES['uploadedfile']['type'];
$N=$_FILES['uploadedfile']['name'];
if($T != $accepted_mime1 && $T != $accepted_mime2){
// We do not accept it and we unset the $_FILES
unset($_FILES);
}
$target_path = $target_path_file . basename($N);
$size=$_FILES['uploadedfile']['size'];
$FileTypeExt = pathinfo($target_path,PATHINFO_EXTENSION);
if (isset($N))
{
if (empty($N))
{
echo "<p style='color:#ff0000;' >Please choose a file to Upload</p>";
}
else
{
if ($uploadOk==1)
{
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path))
{
echo "<strong>The file ". basename( $_FILES['uploadedfile']['name'])." is ready to upload</strong>";
}
else
{
echo "<p style='color:#ff0000;' >There was an error uploading the file, please Contact Administrator</p>";
}
}
}
}
?>
I am trying to upload a pdf file and an image in php mysql but it seems that the move_uploaded_file function can only work with one file. I have tried to make it work with both files but it doesn't seem to me working. It moves just the images to the target folder and adds both image name and pdf name to the database but it doesn't move the pdf to target folder. This is the code. pls help
<?php
session_start();
require_once("includedfunctions.php");
include 'dbh.php';
if (isset($_POST['submit'])){
$title=$_POST['title'];
$author=$_POST['author'];
$target = "img/pic_book/";
$target2 = "img/pdf/";
$imgname = basename($_FILES["cphoto"]["name"]);
$bookname = basename($_FILES["book"]["name"]);
$newname = $target.basename($_FILES["cphoto"]["name"]);
$newname2 = $target2.basename($_FILES["book"]["name"]);
$img_type = pathinfo($newname,PATHINFO_EXTENSION);
$book_type = pathinfo($newname2,PATHINFO_EXTENSION);
if($img_type!='jpg' && $img_type!='JPG' && $img_type!='png' && $img_type!='PNG'){
$message="Please ensure you are entering an image";
}else{
if($book_type != 'pdf'){
$message="books must be uploaded in pdf format";
}else{
if(!preg_match("/^[a-zA-Z'-]+$/",$author)){
$message = "<p style='color:red'>Please enter the real name of the author; not a nickname.</p>";
}else{
if (move_uploaded_file($_FILES["cphoto"]["tmp_name"], $newname)) {
if(move_uploaded_file($_FILES["book"]["tmp_name"], $newname2));{
$sql = "INSERT INTO books (Title, Author, pathtopdf, pathtoimage) VALUES ('$title', '$author', '$bookname', '$imgname')";
$result = mysqli_query($conn, $sql);
if($result){
$message = "upload successful";
}else{
$message = "upload failed1";
}
}
}else{
$message = "upload failed";
}
}
}
}
}
else{
$message="";
$title="";
}
?>
<html>
<head>
<title>Libraria</title>
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="css/contactcss.css" rel="stylesheet">
<script src="js/respond.js"></script>
</head>
<body>
<br><br><br><br><br>
<!-- content -->
<div class="container">
<?php
echo '<p>Welcome ' . $_SESSION['name']. '</p><br>';
echo '<p>' . $message. ' </p>';
?>
<br><br>
<!--form-->
<div class="row">
<form action="admin2.php" method = "post" enctype="multipart/form-data">
<label for="Title">Title</label><br>
<input type="text" id="fname" value ="<?php echo $title; ?>" name="title" placeholder="Title of the book" required><br>
<label for="author">Author</label><br>
<input type="text" id="lname" name="author" placeholder="Author of the book" required><br>
<label for="Cover photo">Cover photo</label><br>
<input type="file" id="cphoto" name="cphoto" required><br>
<label for="book">Book</label>
<input type="file" id="book" name="book" required><br>
<button class="submit" type="submit" name="submit"><b>Upload</b></button>
</form>
</div>
</div>
</body>
</html>
Code is all correct. just check pdf size. if size is more than 4MB than it will not allowed to upload. you need to increase upload file size in php.ini file or apache config settting file.
Have a great day :)
application/pdf is the mime type for pdf not just pdf.
I created a page that can add new records to my database, everything is working fine but when I'm trying to upload a pdf file, it doesn't store to the correct folder. It should be stored in my "uploads". When I check my database, it doesnt link properly it should be ../uploads/example.pdf instead of example.pdf only
<?php
require('db.php');
include("auth.php");
$status = "";
if(isset($_POST['new']) && $_POST['new']==1)
{
$trn_date = date("Y-m-d H:i:s");
$fname =$_REQUEST['fname'];
$lname = $_REQUEST['lname'];
$memo = $_REQUEST['memo'];
$file = $_REQUEST['file'];
$submittedby = $_SESSION["username"];
$ins_query="insert into user (`trn_date`,`fname`,`lname`,`memo`,`submittedby`,`file`) values ('$trn_date','$fname','$lname','$memo','$submittedby','$file')";
mysqli_query($con,$ins_query) or die(mysql_error());
$status = "New Record Inserted Successfully.</br></br><a href='view.php'>View Inserted Record</a>";
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Insert New Record</title>
<link rel="stylesheet" href="css/style.css" />
</head>
<body>
<div class="form">
<p>Dashboard | View Records | Logout</p>
<div>
<h1>Insert New Record</h1>
<form name="form" method="post" action="">
<input type="hidden" name="new" value="1" />
<p><input type="text" name="fname" placeholder="Enter Date" required /></p>
<p><input type="text" name="memo" placeholder="Enter Memorandum" required /></p>
<p><input type="text" name="lname" placeholder="Enter Title" required /></p>
<form action="" method="POST" enctype="multipart/form-data">
<input type="file" name="file" />
<input type="submit"/>
</form>
<?php
if(isset($_FILES['file'])){
$errors= array();
$file_name = $_FILES['file']['name'];
$file_size =$_FILES['file']['size'];
$file_tmp =$_FILES['file']['tmp_name'];
$file_type=$_FILES['file']['type'];
$file_ext=strtolower(end(explode('.',$_FILES['file']['name'])));
$expensions= array("pdf");
if(in_array($file_ext,$expensions)=== false){
$errors[]="extension not allowed, please choose a pdf file.";
}
if($file_size > 2097152){
$errors[]='File size must not exceed 2 MB';
}
if(empty($errors)==true){
move_uploaded_file($file_tmp,"../uploads/".$file_name);
echo "Success";
}else{
print_r($errors);
}
}
?>
<p><input name="submit" type="submit" value="Submit" /></p>
</form>
<p style="color:#FF0000;"><?php echo $status; ?></p>
</div>
</div>
</body>
</html>
That's because you set only to save file name
$file = $_REQUEST['file'];
Instead it should be
$file = "../uploads/".$_REQUEST['file'];
There are quite a few logical errors in your code.
You are inserting a record into the MySQL database before you do your check on the file extension and file size.
You just insert the file name into MySQL ($file = $_REQUEST['file'];), hence only the file name appears there. The correct code would be:
$file = "../uploads/".$_FILES['file']['name'];
A bit more down you need to adjust the file move part:
move_uploaded_file($file_tmp, $file);
In the error checking after the sql insert you use mysql_error(), not mysqli_error($con)
You do not check if the move_uploaded_file($file_tmp,"../uploads/".$file_name); call was successful and the file was moved to its final location.
Also pls consider using prepared statements to prevent sql injection attacks.
I try upload image to mysql database and display it along with the description of image using php. After i upload the image and display it , a broken image was displayed but the description of the image was displayed without any error. How can I solve this problem ? Appreciate your help
<?php
$msg = "";
//if upload button is pressed
if(isset($_POST['upload']))
{
// the path to store the uploaded image
$target = "images/".basename($_FILES['image']['name']);
// connect to database
$db = mysqli_connect("localhost","root","","product");
// Get all the submitted data from the form
$image = $_FILES['image']['name'];
$text = $_POST['text'];
$sql = "INSERT INTO product_list (image, text) VALUES ('$image','$text')";
mysqli_query($db,$sql); // stores the submitted data into the database table : product_list
// move uploaded image to the folder : image
if (move_uploaded_file($_FILES['image']['tmp_name'],$target))
{
$msg = "Image and text uploaded successfully";
}else
{
$msg = "There was a problem uploading image";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Image Upload With Description</title>
<link rel="stylesheet" type="text/css" href="formstyle.css">
</head>
<body>
<div id="content">
<?php
$db = mysqli_connect("localhost","root","","product");
$sql = "SELECT * FROM product_list";
$result = mysqli_query($db, $sql);
while ($row = mysqli_fetch_array($result))
{
echo "<div id='img_div'>";
echo "<img src='".$row['image']."'>";
echo "<p>".$row['text']."</p>";
echo "</div>";
}
?>
<form method="post" action="try.php" enctype="multipart/form-data">
<input type="hidden" name="size" value="1000000">
<div>
<input type="file" name="image">
</div>
<div>
<textarea name="text" cols="40" rows="4" placeholder="Details of product"></textarea>
</div>
<div>
<input type="submit" name="upload" value="Upload Image">
</div>
</form>
</div>
</body>
</html>
This is my result :
You are storing it in the DB without the images directory. You either need to store it with that, or always remember to call it that way in your image calls.
echo "<img src='images/".$row['image']."'>";
or make your the record you are writing the same as the filesystem location.
$image = 'images/' . $_FILES['image']['name'];
Note you are open to SQL injections and file inclusion injections with this code.
try this
<?php
$msg = "";
//if upload button is pressed
if(isset($_POST['upload']))
{
// the path to store the uploaded image
$destination_path = getcwd().DIRECTORY_SEPARATOR;
$target_path = $destination_path . basename( $_FILES["image"]["name"]);
// connect to database
$db = mysqli_connect("localhost","root","","product");
// Get all the submitted data from the form
$image = $_FILES['image']['name'];
$text = $_POST['text'];
$sql = "INSERT INTO product_list (image, text) VALUES ('$image','$text')";
mysqli_query($db,$sql); // stores the submitted data into the database table : product_list
//#move_uploaded_file($_FILES['image']['tmp_name'], $target_path)
// move uploaded image to the folder : image
if (move_uploaded_file($_FILES['image']['tmp_name'],$target_path))
{
$msg = "Image and text uploaded successfully";
}else
{
$msg = "There was a problem uploading image";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Image Upload With Description</title>
<link rel="stylesheet" type="text/css" href="formstyle.css">
</head>
<body>
<div id="content">
<?php
$db = mysqli_connect("localhost","root","","product");
$sql = "SELECT * FROM product_list";
$result = mysqli_query($db, $sql);
while ($row = mysqli_fetch_array($result))
{
echo "<div id='img_div'>";
echo "<img src='".$row['image']."'>";
echo "<p>".$row['text']."</p>";
echo "</div>";
}
?>
<form method="post" action="index.php" enctype="multipart/form-data">
<input type="hidden" name="size" value="1000000">
<div>
<input type="file" name="image">
</div>
<div>
<textarea name="text" cols="40" rows="4" placeholder="Details of product"></textarea>
</div>
<div>
<input type="submit" name="upload" value="Upload Image">
</div>
</form>
</div>
</body>
</html>
I just made a file upload code and I was wondering why the file upload wasn't working? I checked the permission of my image folder in localhost and that seems to be ok. I don't know where the problem exactly is. Any ideas?
<?php
require "config.php";
require "functions.php";
require "database.php";
if(isset($_FILES['fupload'])){
$filename = addslashes($_FILES['fupload']['name']);
$source = $_FILES['fupload']['tmp_name'];
$target = $path_to_image_directory . $filename;
$description = addslashes($_POST['description']);
$src = $path_to_image_directory . $filename;
$tn_src = $path_to_thumbs_directory . $filename;
if (strlen($_POST['description'])<4)
$error['description'] = '<p class="alert">Please enter a description for your photo</p>';
if($filename == '' || !preg_match('/[.](jpg)|(gif)|(png)|(jpeg)$/', $filename))
$error['no_file'] = '<p class="alert">Please select an image, dummy! </p>';
if (!isset($error)){
move_uploaded_file($source, $target);
$q = "INSERT into photo(description, src, tn_src)VALUES('$description', '$src','$tn_src')";
$result = $mysqli->query($q) or die (mysqli_error($myqli));
if ($result) {
echo "Succes! Your file has been uploaded";
}
createThumbnail($filename);
}
}
?><!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Upload</title>
<link rel="stylesheet" href="css/styles.css">
</head>
<body>
<h1>My photos</h1>
<ul><?php getPhotos(); ?></ul>
<h2>Upload a photo</h2>
<form enctype="multipart/form-data" action="index.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="30000" />
<input type="file" name="fupload" /><br/>
<textarea name="description" id="description" cols="50" rows="6"></textarea><br/>
<input type="submit" value="Upload photo" name="submit" />
</form>
<?php
if (isset($error["description"])) {
echo $error["description"];
}
if (isset($error["no_file"])) {
echo $error["no_file"];
}
?>
</body>
</html>
Please make sure that you appended directory separator in $path_to_thumbs_directory.
And you don't need to use addslashes to $filename.