I am PHP beginner and building my own practice project (I have thought it something like used car sale online site)
My problem is very similar to multiple file upload sql/php and Multiple file upload in php
Here are list of my problems
I want to upload image in a directory and store it's name in database. So far below code is working fine (if I upload 1 file). I am trying to add 3 more file input option so that user can upload upto 4 images.
So far trying different codes available in stackoverflow and other online sites, I have been able to atleast upload the multiple files in my directory. But the real problem is that I don't know how I would store the name of the file in database .
(In most of the tutorials and suggestions, I found I should use 1 input file type with multiple attributes or name equals array like file[] and run foreach loop. But I couldn't figure out how would go ahead and get the file name of each input and store it in database.
Below are my code for the reference.
//this is my form.addVehicle.php file to process the form
<?php
define("UPLOAD_DIR", "../uploads/");
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
$name = "default.jpg";
if (is_uploaded_file($_FILES["myFile"]['tmp_name'])) {
$myFile = $_FILES["myFile"];
if ($myFile["error"] !== UPLOAD_ERR_OK) {
echo "<p>An error occurred.</p>";
exit;
}
// ensure a safe filename
$name = preg_replace("/[^A-Z0-9._-]/i", "_", $myFile["name"]);
// don't overwrite an existing file
$i = 0;
$parts = pathinfo($name);
while (file_exists(UPLOAD_DIR . $name)) {
$i++;
$name = $parts["filename"] . "-" . $i . "." . $parts["extension"];
}
// preserve file from temporary directory
$success = move_uploaded_file($myFile["tmp_name"],
UPLOAD_DIR . $name);
if (!$success) {
echo "<p>Unable to save file.</p>";
exit;
}
// set proper permissions on the new file
chmod(UPLOAD_DIR . $name, 0644);
}
include_once ('../class/class.Vehicle.php');
$vehicle = new Vehicle(
$_POST['make_id'],
$_POST['yearMade'],
$_POST['mileage'],
$_POST['transmission'],
$_POST['price'],
$_POST['zone_name'],
$name,
$_POST['description']
);
}
?>
//To give a try, tested is_uploaded_file condition four different times with //different file name id like myFile1,myFile2...and path variable as $name1, //$name2...and it works as I want it to be...but I'm sure that' not the correct //way to do it..
//This is my class file with name class.Vehicle.php
include_once('class.pdoDbConnnection.php');
class Vehicle{
private $make_id;
private $yearMade;
private $mileage;
private $transmission;
private $price;
private $zone_name;
private $image_path;
private $description;
public function __construct($make_id, $yearMade, $mileage, $transmission, $price, $zone_name, $image_path, $description){
$this->make_id = $make_id;
$this->yearMade = $yearMade;
$this->mileage = $mileage;
$this->transmission= $transmission;
$this->price = $price;
$this->zone_name = $zone_name;
$this->image_path = $image_path;
$this->description = $description;
try{
$sql = "INSERT INTO cars (car_id, make_id, yearmade, mileage, transmission, price, zone_name,image_path, description) VALUES (?,?,?,?,?,?,?,?,?)";
$pdo = new DBConnection();
$stmt = $pdo->prepare($sql);
$stmt->execute(array(NULL,$this->make_id,$this->yearMade,$this->mileage,$this->transmission,$this->price,$this->zone_name,$this->image_path,$this->description));
}
catch (PDOException $e)
{
echo $e->getMessage();
}
}
}
Here are my mySql table columns (I want to insert file names in the column..while displaying it in the client side, I'm using it this way: <img alt="image" class="img-responsive" src="../uploads/<?php echo $row['image_path'] ?>">
car_id , make_id , zone_id, yearmade, mileage, transmission, price, image_path, image_path1, image_path2, image_path3, description
This is my client side form to add new cars....
..................
<form class="form-horizontal" role="form" method="post" action="../includes/form.addVehicle.php" enctype="multipart/form-data">
.....................
<div class="form-group">
<label for="description" class="col-sm-2 control-label">Upload Image</label>
<div class="col-sm-4">
<input type="file" class="form-control" id="myFile" name="myFile">
</div>
</div>
<div class="form-group">
<label for="description" class="col-sm-2 control-label">Upload Image</label>
<div class="col-sm-4">
<input type="file" class="form-control" id="myFile1" name="myFile2">
</div>
</div>
<div class="form-group">
<label for="description" class="col-sm-2 control-label">Upload Image</label>
<div class="col-sm-4">
<input type="file" class="form-control" id="myFile3" name="myFile3">
</div>
</div>
..............
Finally I ended up with the following code.
P.S. Thanks to #Andy-Brahman insight at Multiple file upload in php
<?php
if(isset($_POST['submit'])){
$uploads_dir = '../test_uploads';
foreach ($_FILES["pictures"]["error"] as $key => $error) {
if ($error == UPLOAD_ERR_OK) {
$tmp_name = $_FILES["pictures"]["tmp_name"][$key];
$name = $_FILES["pictures"]["name"][$key];
// I don't want to overwrite the existing file
$i = 0;
$parts = pathinfo($name);
while (file_exists($uploads_dir . "/" . $name)) {
$i++;
$name = $parts["filename"] . "-" . $i . "." . $parts["extension"];
}
move_uploaded_file($tmp_name, "$uploads_dir/$name");
}
}
// Test to see if I get the uploaded file name which i want to insert into database table column.
echo "<pre>";
print_r($_FILES['pictures']['name'][0]);
echo"</br></br>";
print_r($_FILES['pictures']['name'][1]);
echo"</br></br>";
print_r($_FILES['pictures']['name'][2]);
echo"</br></br>";
print_r($_FILES['pictures']['name'][3]);
echo"</br></br>";
echo "</pre>";
// test succeeds . Now I guess I can do something like $picture0 = $_FILES['pictures']['name'][0]);
// and insert $picture0,$picture1...into database..
// Am I doing everything correctly?
}
I will make example, you just adapt it for yourself.
<form action="file_reciever.php" enctype="multipart/form-data" method="post">
<input type="file" name="files[]" multiple/>
<input type="submit" name="submission" value="Upload"/>
</form>
the PHP goes (file_reciever.php):
<?php
if (isset($_POST['submission'] && $_POST['submission'] != null) {
for ($i = 0; $i < count($_FILES['files']['name']); $i++) {
//Get the temp file path
$tmpFilePath = $_FILES['files']['tmp_name'][$i];
//Make sure we have a filepath
if ($tmpFilePath != "") {
//Setup our new file path
$newFilePath = "./uploadFiles/" . $_FILES['files']['name'][$i];
//Upload the file into the temp dir
if (move_uploaded_file($tmpFilePath, $newFilePath)) {
//Handle other code here
}
}
}
}
?>
Related
I' m not a PHP specialist and I'd like to set up an image hosting service.
Currently, all the images in the folder are displayed to all visitors, I would like to add a condition that only allows the user who hosted his images to find them. I thought about using the Internet user's IP address but I don't know how to make such a system work?
Could you show me a functional example so I can apply it to the existing script?
Thank you in advance for your help!
Here is the current PHP script:
<?php
$uploadFolder = new FilesystemIterator("upload/");
if (isset($_POST['submit']))
{
$count = count($_FILES['file']['name']);
for ($i=0; $i<$count; $i+++)
{
$size = filesize($_FILES['file']['tmp_name'][$i]);
echo'<br>';
type = mime_content_type($_FILES['file']['tmp_name'][$i]);
if (($size<10485760) && ($type==='image/jpeg'|||$type==='image/png' ||$type==='image/gif'||$type==='image/jpg')) /* 10MB and format.jpeg,.jpg,.png and.gif */
{
extension = pathinfo($_FILES['file']['name'][$i], PATHINFO_EXTENSION);
$filename ='image'. uniqid() .'...'. $extension;
$uploadDir ='upload/';
$uploadFile = $uploadDir . $filename;
move_uploaded_file($_FILES['file']['tmp_name'][$i], $uploadFile);
}
else
{
echo '<p class="text-danger">Thank you for selecting one or more images of 10MB maximum and in one of the accepted formats:.jpeg,.jpg,.png or.gif.</p>';
}
}
}
foreach ($_POST as $key => $value)
{
$path= strtr($key,' _', '...');
if ($value ===='Delete this image')
{
if (file_exists($path))
{
unlink($path);
}
}
}
?>
and the display of hosted images:
<?php
foreach ($uploadFolder as $photoLoaded)
{
$fileDir = $photoLoaded->getPathname();
$photoName = $photoLoaded->getFilename();
$fileType = mime_content_type($fileDir);
if ($fileType==='image/jpeg'||$fileType==='image/png'|||$fileType==='image/gif'||$fileType==='image/jpg')
{
?>
<div class="card col-md-4">
<b><?php echo $photoName ?></b><br />
<img class="card-img-top img-thumbnail" src="<?php echo $fileDir; ?>" alt="">
<div class="card-body">
View this image in real size
</div>
</div>
<?php
}
}
?>
there are many solutions can implemented for this verification.
one of them(not the best) is to add users ids to images names then in display process split image name to get its user id.compare user id(from db) with user id(from image name) if equal then this photo belongs to user otherwise skip it.
I cant figure out how how zip a file in PHP with password. The password will be the time and filename.
This is what i have done so far.
HTML Code for upload.
<form enctype="multipart/form-data" action="http://localhost/CSS/addfile.php" method="POST">
<div id="label">
<label>Upload File</label>
</div>
<input name="doc" type="file" placeholder="Upload File Here" accept="files/topsecret/*" required>
<input type="submit" value="Upload" name="submit">
</form>
PHP code
function GetImageExtension($filetype)
{
if(empty($filetype)) return false;
switch($filetype)
{
case 'files/topsecret/bmp': return '.bmp';
case 'files/topsecret/gif': return '.gif';
case 'files/topsecret/jpeg': return '.jpg';
case 'files/topsecret/png': return '.png';
case 'files/topsecret/txt': return '.txt';
case 'files/topsecret/doc': return '.doc';
case 'files/topsecret/docx': return '.docx';
case 'files/topsecret/pdf': return '.pdf';
default: return false;
}
}
$upFile = $_FILES['doc']['name'];
$tmp_name = $_FILES['doc']['tmp_name'];
$ftype = $_FILES['doc']['type'];
$fileExt = GetImageExtension($ftype);
$filename = $upFile.$fileExt;
$target_path="files/topsecret/".$filename;
move_uploaded_file($tmp_name,$target_path);
date_default_timezone_set('Asia/Kuala_Lumpur');
$timefile = date("F j, Y g:ia");
$size = filesize($target_path);
$size = number_format($size / 1024, 2) . ' KB';
try{
$sql = "INSERT INTO file(File_path,Date,Size,Name) VALUES ('".$target_path."','".$timefile."','".$size."','".$filename."')";
if ($connection->query($sql)){
echo"<script type= 'text/javascript'>alert('Upload Successfully');</script>";
header("refresh:2;index.php");
}else{
echo "<script type= 'text/javascript'>alert('Upload Not Successfully Inserted.');</script>";
}
I have research a found a few function for php but dont know how to use it.
like. ZipArchive::setEncryptionName ... but cant use it as i am using PHP version 7.1.8, in xampp.
Please help me explain on how to do it, as simple as possible. I need to encrypt the uploaded file with password using zip or rar. Plan to use hash the file name and time together and then setting it as the password.
Thanks a lot.
First, a try block needs a catch.
Secondly, you shouldn't need the GetImageExtension function, $_FILES has the extension in the uploaded array, all you needed to do was print_r($_FILES); to be able to verify.
Sadly though, from what I read you can't encrypt a file just yet, you need to wait for php 7.2 to be released to use $zip->setEncryptionName;.
I figured this out after writing out a bit of code, I figured it might be helpful nonetheless that's why I'm posting this answer.
You can look into: http://php.net/manual/en/filters.encryption.php, that's a good option to integrate into the code below, I don't have the time right now but it's fairly easy to do following their examples.
if(isset($_POST['submit'])){
upload($_FILES);
}
class Connection {
protected $db = null;
public function db(){
if($this->db === null){
try {
$this->db = new PDO('mysql:host=localhost;dbname=name; charset=utf8', user, password);
} catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}
}
return $this->db;
}
}
function upload($file_data){
// calling this statically, don't suggest it
$conn = Connetion::db();
$name = $file_data['doc']['name'];
$tmp_name = $file_data['doc']['tmp_name'];
$extension = explode('/', $file_data['doc']['type']); // $extension[1] returns file type.
$image_size = getimagesize($tmp_name);
$file_name = $name . '.' . $extension[1];
$target_path = "";
if($image_size !== false){
$zip = new ZipArchive();
if ($zip->open('uploaded_file.zip', ZipArchive::CREATE) === TRUE) {
$zip->addFromString("text.txt", "#1 This is a test string added as testfilephp.txt.\n");
$zip->setEncryptionName('text.txt', ZipArchive::EM_AES_256, 'secret'); // here we'd set the password
$zip->close();
$zip_created = true;
} else {
$zip_created = false;
}
// if zip was created and uploaded the file, then we upload it to the database
if($zip_created == true){
$sth = $conn->prepare('INSERT INTO file (file_path, `date`, size, name) VALUES (:target_path, :time_file, :size, :file_name)');
$sth->bindValue(':target_path', $target_path, PDO::PARAM_STR);
$sth->bindValue(':time_file', date('m-d-Y H:i:s'), PDO::PARAM_STR);
$sth->bindValue(':target_path', $target_path, PDO::PARAM_STR);
$sth->bindValue(':file_name', $file_name, PDO::PARAM_STR);
$sth->execute();
} else {
// here we can upload the error to the database or do nothing
}
}
}
?>
<form action="" method="post" enctype="multipart/form-data">
<input type="file" name="doc">
<input type="submit" value="Upload" name="submit">
</form>
My main issue is that I have two different file upload links and both are for different purposes.For ex: a) Is a license b)Is a photo so I need to upload both in different locations.So what I wanted is to be able to address file properties as a numeric array instead of an associative array.I am also open to suggestions as to how to distinguish between the two files.
Here is the input code sample:
<label for="file-upload" class="custom-file-upload">
<i class="fa fa-cloud-upload">
</i>Upload License
</label>
<input id="file-upload" name="files[]" type="file">
<label for="file-upload" class="custom-file-upload">
<i class="fa fa-cloud-upload">
</i>Upload Photo
</label>
<input id="file-upload" name="files[]" type="file">
Here is the upload script(NOTE-I have also tried using array_values())
<?php
$name = $_POST['name'];
$email = $_POST['email'];
$tmpname = array_values($_FILES['files']['tmp_name']);
$filename = array_values($_FILES['files']['name']);
$filesize = array_values($_FILES['files']['size']);
$filetype = array_values($_FILES['files']['type']);
$date12 = date('Y-m-d');
//for photo
$file_name2 = $filename[0];
$ext2 = pathinfo($file_name2, PATHINFO_EXTENSION);
$file_name22= $name.".".$ext2;
$file_size2 = $filesize[0];
$file_tmp2 = $tmpname[0];
$file_type2 = $filetype[0];
$extensions = array("jpg","jpeg","png","pdf","zip","rar");
$type = "photo";
$desired_dir = "user_data";
if(in_array($ext2,$extensions ) === false)
{
$errors2 = "Extension not allowed!";
}
else
{
//Added file size limit
if($file_size2 > 2097152)
{
$errors2 = 'File size must be less than 2 MB';
}
if(empty($errors2) == true)
{
// Inserting info into database for easy retrieval
$query1 = $this->pdo->prepare("
INSERT into upload_data (NAME,EMAIL,FILE_NAME,FILE_SIZE,FILE_TYPE,date1,file_ext,type)
VALUES('$name','$email','$file_name22','$file_size2','$file_type2','$date12','$ext2','$type')
");
$query1->execute();
if(is_dir($desired_dir) == false)
{
mkdir("$desired_dir", 0700); // Create directory if it does not exist
}
if(is_dir("$desired_dir/".$file_name22) == false)
{
move_uploaded_file($file_tmp,"user_data/".$type.$file_name22);
}
else
{
//rename the file if another one exist
$new_dir = "user_data/".$file_name22.time();
rename($file_tmp2,$new_dir) ;
}
echo "
<script>
Materialize.toast('Successfully Uploaded!', 8000)
</script>";
}
else
{
echo "
<script>
Materialize.toast($errors, 8000)
</script>";
}
}
Thank you
In order to upload files in a form, your form needs enctype="multipart/form-data".
name the different inputs differently, for example license and photo. Then you can access the files in php with $_FILES['license'] and $_FILES['photo'].
I have written a script to upload a file and store the path in a database table so it be downloaded. I have the following code:
<?php require("includes.php");
?><!DOCTYPE html>
<html>
<head>
</head>
<body>
<?php if(isset($_FILES["upload"])==TRUE)
{
$errors = array();
$excluded = array("exe", "zip", "js", "msi");
/* If the contents of the file are to be held in the database then checking the extension is somewhat unneccessary but, hey, lets get rid of the files we know we don't want and then check the mime type. */
$name = $_FILES["upload"]["name"];
$size = $_FILES["upload"]["size"];
$type = $_FILES["upload"]["type"];
$temp = $_FILES["upload"]["tmp_name"];
$extension = explode(".", $name);
$extension = end($extension);
if(in_array($extension, $excluded)==TRUE)
{
$errors[] ="This file may not be uploaded";
}
if(empty($errors)==FALSE)
{
foreach($errors as $error)
{
echo "<p>{$error}</p>\n";
}
}
else
{
$year = date("Y");
$month = date("m");
$day = date("d");
$name = strtolower(str_replace(" ", "_", $name));
$path = "uploads/{$day}-{$month}-{$year}";
if(file_exists($path)==FALSE)
{
mkdir($path);
}
elseif(file_exists("{$path}/{$name}")==FALSE)
{
move_uploaded_file($temp, "{$path}/{$name}");
$add = add_file_to_database($connection, "{$path}/{$name}");
if($add[0]==TRUE)
{
$url = "http://example.com/uploads.php?id={$add[1]}";
echo "<p>This file has been uploaded, it can be found at: {$url}</p>";
}
else
{
echo "<p>I'm sorry but an error happened</p>";
}
}
}
}
?>
<form action="index.php" method="post" enctype="multipart/form-data">
<label for="upload">Upload a file: </label><input type="file" name="upload" id="upload"><br>
<input type="submit" value="Upload" name="submit">
</form>
</body>
</html>
The code in uploads.php is:
<?php require("includes.php");
$file = get_uploaded_file($connection, $_GET["id"]);
header("Content-Type:{$file[0]}");
echo file_get_contents($file[1]);
?>
If I upload a jpeg file, a PDF or txt file then it displays in the browser as I want it to do but if I upload a word file or a MP3 then I want it to download as the normal file instead of being uploads.php
Not sure how I am going to achieve this. Can you give me some ideas as to how I do this so if I upload "demo.mp3" and I get an ID of 1 then I want it to download a file entitled "demo.mp3". Just thinking that MS Word doesn't recognise its own MIME type
Am doing multiple file upload in the controller but the file doesn't get uploaded
controller code: for the upload
$images = $_FILES['evidence'];
$success = null;
$paths= ['uploads'];
// get file names
$filenames = $images['name'];
// loop and process files
for($i=0; $i < count($filenames); $i++){
//$ext = explode('.', basename($filenames[$i]));
$target = "uploads/cases/evidence".DIRECTORY_SEPARATOR . md5(uniqid()); //. "." . array_pop($ext);
if(move_uploaded_file($images['name'], $target)) {
$success = true;
$paths[] = $target;
} else {
$success = false;
break;
}
echo $success;
}
// check and process based on successful status
if ($success === true) {
$evidence = new Evidence();
$evidence->case_ref=$id;
$evidence->saved_on=date("Y-m-d");
$evidence->save();
$output = [];
} elseif ($success === false) {
$output = ['error'=>'Error while uploading images. Contact the system administrator'];
foreach ($paths as $file) {
unlink($file);
}
} else {
$output = ['error'=>'No files were processed.'];
}
// return a json encoded response for plugin to process successfully
echo json_encode($output);
I have tried var_dump($images['name'] and everything seems okay the move file does not upload the file
Check what you obtain in $_FILES and in $_POST and evaluate your logic by these result...
The PHP manual say this function return false when the filename is checked to ensure that the file designated by filename and is not a valid filename or the file can be moved for some reason.. Are you sure the filename generated is valid and/or can be mooved to destination?
this is the related php man php.net/manual/en/function.move-uploaded-file.php
Have you added enctype attribute to form tag?
For example:
<form action="demo_post_enctype.asp" method="post" enctype="multipart/form-data">
First name: <input type="text" name="fname"><br>
Last name: <input type="text" name="lname"><br>
<input type="submit" value="Submit">
</form>