I am newish to php. But when i learned to program it was on a TI-83 Calculator. with the TI83 their was an if-then statements the could be used. I am writing some code to check if a directory is already created and if not create it. I need it to run the last half of the code either way. here is the code.
<?php
$dir = "/Applications/XAMPP/xamppfiles/htdocs/upload/$_POST[Itemid]/" ;
if (!file_exists($dir) and !is_dir($dir)) {
$upload_dir = mkdir($dir, 0777);
}else{
foreach ($_FILES["file"]["error"] as $key => $error) {
if ($error == UPLOAD_ERR_OK) {
$filename = $_FILES["file"]["name"][$key];
$filetemp = $_FILES["file"]["tmp_name"][$key];
$filetype = $_FILES["file"]["type"][$key];
$filesize = $_FILES["file"]["size"][$key];
if (file_exists($dir . $filename))
{
echo $filename . " already exists. <br><br>";
}
else
{
echo "Upload: " . $filename . "<br>";
echo "Type: " . $filetype . "<br>";
echo "Size: " . ($filesize / 1024) . " kB<br>";
echo "Temporarily Stored in: " . $filetemp . "<br>";
move_uploaded_file($filetemp,"$dir/$filename");
echo "uploaded the file \"" . $filename. "\" to the \"/Applications/XAMPP/xamppfiles/htdocs/upload/\" Directory<br>" ;
$con=mysqli_connect("localhost","root","","Inventory");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO ListPics (`1`, `Item_ItemID`)
VALUES
('$dir$filename', '$_POST[Itemid]')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo ($filename. " added to Database<br><br>");
mysqli_close($con);
}
}
}
}
?>
Yes I know this code is not secure. It will not ever see the interweb(Reverently bows head and says "Thank you Al Gore") It will sit snugly behind a VPN for personal use only. I just need to know how to execute the PHP equivalent of If Then Statements
This is simple:
if(condition) {
/* do something if condition is true */
}
else {
/* do something else if condition is false */
}
/* do other stuff either way */
You only need the else if there is something that you want to do only if the condition is false. If you want to do it either way, then don't use else at all.
Related
I have made a php code to upload a file....It uploads it sucessfully...but how do i phsicaly go and check where it is...?
NOTE : i am getting fail as output from the move_uploaded_file ()
here's my code :
<?php
$allowedExts = array("c", "cpp", "py", "java");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
if ( ($_FILES["file"]["size"] < 100000) && in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
if (file_exists("upload/" . $_FILES["file"]["name"])) {
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
mkdir ("./upload");
if (move_uploaded_file($_FILES["file"]["tmp_name"],"./upload/" . $_FILES["file"]["name"]))
{
echo "sucess";
}
else
{
echo "fail";
}
}
}
}
else
{
echo "Invalid file";
}
?>
you first check if move_uploaded_file actually able to move file or not as the directory you are moving must have write permissions otherwise move_uploaded_file fails
http://php.net/manual/en/function.move-uploaded-file.php
so must check like
if(move_uploaded_file($_FILES["file"]["tmp_name"],"./upload/" . $_FILES["file"]["name"])
//file moved
else
//error
I have two PHP documents. One that connects to my MySQL server and database (it will also create the database if it doesn't exist). This document is titled "db_connect.php". My next PHP document is titled "create.php" and it is designed to connect to a specific table within the database and create that table if it doesn't exist. There's also a javascript document involved in this which makes it so the user can type things and enter them into the table without the page being refreshed. I don't think you'll need this document and so I won't include it, but I thought you guys might find it helpful to know that this is for a message board.
Here's my db_connect.php file:
<?php
$db = "my_db";
//establish a connection with the server
$connection = mysqli_connect('localhost', 'root', 'password');
if(!$connection){
exit("<p>Could not establish a connection :" . mysqli_connect_error() . "</p>");
}
//connect to the database
$dbSelect = mysqli_select_db($connection, $db);
if(!$dbSelect){
// Create database
$sql="CREATE DATABASE " . $db;
if (mysqli_query($connection, $sql)) {
} else {
echo "<p>Error creating database: " . mysqli_error($connection) . "</p>";
}
}
?>
Here's my create.php file:
<?php
//connect to the database
include('db_connect.php');
$table = 'NDI';
//update the table if the notes are posted
if(isset($_POST['notes'])){
$notes=$_POST['notes'];
$name=$_POST['name'];
$file = $_POST['file'];
$file2 = $_FILES['file'];
echo "<p>Hello $file $file2</p>";
/////////////////////////////////////////////
//Check for file type
/////////////////////////////////////////////
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/png")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "application/x-shockwave-flash")
)
&& ($_FILES["file"]["size"] < 999000)){
/////////////////////////////////////////////
//Check for errors
/////////////////////////////////////////////
if ($_FILES["file"]["error"] > 0){
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}else{
///////////////////////////////////////////
//Set the upload
///////////////////////////////////////////
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
/////////////////////////////////////////////////////////
//Check to see if file exists already
/////////////////////////////////////////////////////////
if (file_exists("../uploads/" . $_FILES["file"]["name"])){
//echo $_FILES["file"]["name"] . " already exists. ";
$_FILES["file"]["name"] = rand(1, 1000).$_FILES["file"]["name"];
}
////////////////////////////////////////////////////////////
//If not, move to the upload folder
////////////////////////////////////////////////////////////
$path = '../uploads/';
$tmp_name = $_FILES["file"]["tmp_name"][$key];
$fn = basename( $_FILES['file']['name']);
move_uploaded_file($_FILES['file']['tmp_name'], $path.$fn);
//move_uploaded_file($_FILES["file"]["tmp_name"],
//"../uploads/" . $_FILES["file"]["name"]);
echo "Stored in: ../uploads/". $_FILES["file"]["name"];
$myImg = "../uploads/" . $_FILES['file']['name'];
//echo "\n $myImg";
}
//echo "<a href=../uploader/>Back</a>";
}else{
echo "Invalid file";
//echo $_FILES["file"]["type"];
}
if(!$myImg){
$myImg="../uploads/blank.png";
}
if(!$name){
$name="anonymous";
}
$sql= "INSERT INTO `$table` SET `name` = '$name', `notes`='$notes', `img`='$myImg'";
if (mysqli_query($sql)) {
echo '<p>Entry added</p>';
echo '<p>' . $title . ' Home </p>';
} else {
echo '<p>Error adding page: ' . mysqli_error() . '</p>';
}
}
//display results
$choices = mysqli_query("select * from " . $table);
if(!$choices){
// Create table
$sqlc="CREATE TABLE $table(`id` INT(5) AUTO_INCREMENT, `img` VARCHAR(50), `name` VARCHAR(25), `notes` TEXT(500), PRIMARY KEY (`id`))";
// Execute query
if (mysqli_query($connection, /*$db,*/ $sqlc)) {
} else {
echo "Error creating table: " . mysqli_error($connection/*, $db*/);
}
}
while($row = mysqli_fetch_array($choices)){
$img=$row['img'];
$note=$row['notes'];
$name=$row['name'];
echo "<p class='note'><img src='$img'><span class='name'>$name: </span>$note</p>";
}
?>
The problem I'm running into is that the page echos the error: "Error creating table: Table 'NDI' already exists" so my if statement if(!$choices) is returning true. This if statement is supposed to return false when the table already exists. I can't figure out what's wrong with it. Any feedback you guys could give would be greatly appreciated.
I would recommend using the PHP function mysqli_num_rows($choices) and changing if statement to:
if(mysqli_num_rows($choices) == 0) {
If you print_r the $choices variable as it is currently written, you will probably see that it is not empty. There was no error... There just were no rows returned. What you want to know is not if there was an error, but if there were any rows returned.
You were missing your $connection as the 1st parameter of mysqli_query -> $choices = mysqli_query("select * from " . $table);.
It should be -
//display results
$choices = mysqli_query($connection, "select * from " . $table);
if(!$choices){
...
}
You want to keep ! in if(!$choices) as now you are properly checking if your query failed/returned 0 rows, as mysql table $table does not exist.
Can someone please tell me what I have done wrong with this code, I am connecting to localhost to the database called video. Then I am inserting in to table location and its column location the value $videoLocation.
The result I get is when I open my browser is
<?php
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
?>
What I am trying to achieve with this code is for the video to appear on my webpage once a user has submitted it.
<?php
$allowedExts = array("jpg", "jpeg", "gif", "png", "mp3", "mp4", "wma");
$allowType = array("video/mp4","audio/mp3","audio/wma","image/png","image/gif","image/jpeg");
$maxSize = 20000000000000;
$extension = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
$pathToUpload = 'upload/';
if( in_array($_FILES["file"]["type"], $allowType) && in_array($extension, $allowedExts) && $_FILES["file"]["size"] <= $maxSize)
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
if (file_exists($pathToUpload . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"], $pathToUpload . $_FILES["file"] ["name"]);
$videoLocation = "upload/".$_FILES['file']['name'];
// now insert $videoLocation into a database table
$db = new mysqli('127.0.0.1', 'root', '', 'video');
INSERT INTO location (location)
VALUES ($videoLocation)
//so you can fetch it on whatever page you feel like
}
}
}
else
{
echo "Invalid file";
}
?>
try this
$db = new mysqli('127.0.0.1', 'root', '', 'video');
$stmt = $db->prepare("INSERT INTO location (location) VALUES (?)");
$stmt->bind_param('s', $videoLocation);
$stmt->execute();
//so you can fetch it on whatever page you feel like
I recently answer a question for someone else who wanted to store image files in the database. Here is how to do it:
1) the database column must be defined as longblob.
Next, the code uses PDO rather than mysqli.
// database connection...
$dsn = 'mysql:host=localhost;dbname=testmysql';
$username = 'test';
$password = 'test';
$options = array(
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8',
);
$connection = new PDO($dsn, $username, $password, $options);
$connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
Then you need an open file handle as follows:
$fileVideo = fopen($videoLocation,'rb');
Then you prepare your statement and bind the file:
$stmt = $connection->prepare("INSERT INTO location (location) VALUES (?)");
$stmt->bindParam(1, $fileVideo, PDO::PARAM_LOB);
$connection->beginTransaction();
$stmt->execute();
$connection->commit();
fclose($fileVideo);
I haven't test the above on your files but the original code that was like the above but with names changes worked fine.
I have a PHP script that generates an HTML form for users to upload a file. I save that file on the server using move_uploaded_file then read it using fgets() and perform database inserts based on certain check. Here's a simplified version of the code:
$cart_id = 18566;
if (empty($_POST))
{
echo "<form name=\"upload\" action=\"myscan.php\" id=\"myScan\" method=\"POST\" enctype=\"multipart/form-data\">";
echo "Choose the file to upload:<br>\r\n";
echo "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"300000\" form=\"myScan\" />";
echo "<input type=\"file\" name=\"file\" form=\"myScan\" id=\"fileUp\" /><br>";
echo "<input type=\"submit\" value=\"Upload\" name=\"sub\" form=\"myScan\" />";
echo "<input type=\"hidden\" name=\"ck\" form=\"myScan\" value=\"".$cart_id."\" />";
echo "</form><br>";
}
else
{
// link to cart goes here
}
$fname = "1SCAN20131031123456";
if (!empty($_POST))
{
$allowedExts = array("txt", "csv");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ( ($_FILES["file"]["type"] == "text/plain"
|| $_FILES["file"]["type"] == "application/vnd.ms-excel")
&& array_search(strtolower($extension), array_map('strtolower', $allowedExts)) !== FALSE )
{
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Stored in: " . $_FILES["file"]["tmp_name"]."<br>";
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"], $fname);
echo "Moved to: " . $fname . "<br>";
}
}
}
else
{
echo "Invalid file<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Extension: " . $extension . "<br>\n";
}
At this point the file $fname is ok, no duplicated lines. The next part is called as a function declared in the same PHP file. $link, $fname, and $cart_id are declared as globals
$bn = basename($fname);
$sfd = fopen($fname, "r");
$store_number = "$bn[0]";
if(is_numeric($bn[1]))
$store_number .= $bn[1];
$a = stripos($bn, "SCAN");
$a += 4;
$dt = substr($bn, $a);
// echo "Date = $dt \n";
$fy = substr($dt, 0, 4);
$fM = substr($dt, 4, 2);
$fd = substr($dt, 6, 2);
$fh = substr($dt, 8, 2);
$fm = substr($dt, 10, 2);
$fs = substr($dt, 12, 2);
$fdate = "$fy-$fM-$fd $fh:$fm:$fs";
// echo $fname . ",";
// echo $store_number . ",";
while ($line = fgets($sfd))
{
$li = explode(",", $line);
if (sizeof($li) == 5)
{
$scan = $li[0];
$poQty = $li[1];
$cntQty = $li[2];
$limd = $li[3];
$lihms = $li[4];
$query = "INSERT INTO upload_datalog (file_name, store, filedate, scan, po_qty, cnt_qty, scan_md, scan_hms, cart_id)\n"
. "VALUES (\"$bn\", $store_number, \"$fdate\", \"$scan\", $poQty, $cntQty, \"$limd\", \"$lihms\", $cart_id)";
mysqli_query($link, $query);
}
else if ($fM < 8 || ($fM == 8 && $fd < 16 ))
{
$scan = $li[0];
$poQty = $li[2];
$cntQty = $li[1];
$limd = $li[3];
$lihms = $li[4];
$query = "INSERT INTO upload_datalog (file_name, store, filedate, scan, po_qty, cnt_qty, scan_md, scan_hms, cart_id)\n"
. "VALUES (\"$bn\", $store_number, \"$fdate\", \"$scan\", $poQty, $cntQty, \"$limd\", \"$lihms\", $cart_id)";
mysqli_query($link, $query);
}
else if (sizeof($li) == 3 && $li[0] != "" && $li[1] != "" &&$li[2] != "" )
{
$scan = $li[0];
$poQty = $li[2];
$cntQty = $li[1];
$query = "INSERT INTO upload_datalog (file_name, store, filedate, scan, po_qty, cnt_qty)\n"
. "VALUES (\"$bn\", $store_number, \"$fdate\", \"$scan\", $poQty, $cntQty)";
mysqli_query($link, $query);
}
}
fclose($sfd);
The file contains this information:
This all works more than 99 percent of the time, but twice in the past 2 weeks, the entries in the upload_datalog table have been duplicated. There is another function after this that also reads the file and performs inserts based on different checks, and those are duplicated as well.
I know this is an edge case, but I couldn't find any information as to why this would happen on php.net or through google, and I have not been able to reproduce it mysqlf. But I know it occurs in the wild.
Is there a race condition I'm not seeing here?
You do your inserts in a while loop, so you run twice through that loop?
For debugging, add a counter in your loop and create a small debug function, and a debug table. Insert the counter and data in your debug table. Compare these values with your expectations
So i have a file upload feature on my site and rather than redirect to the php script page, I want to have an iframe that displays the message returned by the script. So here's my html:
<iframe class="iframe" name="my_iframe" src="upload_file.php" style="display:none;"></iframe>
<form id="uploadForm" action="upload_file.php" method="post" enctype="multipart/form-data" target="my_iframe">
So basically I want to hide my iframe UNTIL I the upload process finishes and the script returns a message. Here's my php script:
<?php
ini_set('display_errors', 'On');
error_reporting(E_ALL | E_STRICT);
session_start();
$allowedExts = array("doc", "docx");
$extension = pathinfo( $_FILES["upload"]["name"],PATHINFO_EXTENSION);
$username = $_SESSION["username"];
if (($_FILES["upload"]["size"] < 200000)
&& in_array($extension, $allowedExts)) {
if ($_FILES["upload"]["error"] > 0)
{
echo "Return Code: " . $_FILES["upload"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["upload"]["name"] . "<br />";
echo "Type: " . $_FILES["upload"]["type"] . "<br />";
echo "Size: " . ($_FILES["upload"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["upload"]["tmp_name"] . "<br />";
$dir_exists = is_dir("/disks/*/*/*/*/". $_SESSION["FirstName"] ."-".$_SESSION["username"]."/");
$file_exists = file_exists("/disks/*/*/*/*/".$_SESSION["FirstName"] ."-".$_SESSION["username"]."/" . $_FILES["upload"]["name"]);
$folderName=$_SESSION["FirstName"];
$baseDir = "/disks/*/*/*/*/";
// Create directory if it does not exist
if (! $dir_exists) {
if (is_writable($baseDir)) {
mkdir($baseDir . $_SESSION["FirstName"]."-".$_SESSION["username"]);
} else {
trigger_error($baseDir. " is not writeable");
}
}
if ($file_exists) {
echo $_FILES["upload"]["name"] . " already exists. ";
} else {
$link = new PDO('mysql:host=***;dbname=***;charset=UTF-8','***','***');
$proptype = $_POST["prop_cat"];
$stmt = $link->prepare("UPDATE Table SET `PType`=:proptype WHERE Username=:username");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':proptype', $proptype);
$stmt->execute();
move_uploaded_file($_FILES["upload"]["tmp_name"],
$baseDir. $_SESSION["FirstName"] ."-".$_SESSION["username"]."/". $_FILES["upload"]["name"]);
echo "Stored in: " . $baseDir. $_SESSION["FirstName"] ."-".$_SESSION["username"]."/". $_FILES["upload"]["name"];
}
}
} else {
echo "Invalid file";
}
?>
So basically to sum up my question: How can I hide the iframe until upload finishes, and then display it with the message that the user can close like an alert box?
Can you echo the Iframe at the end of the upload instead of trying to hide it then show it at the top?
if ($file_exists) {
echo $_FILES["upload"]["name"] . " already exists. ";
} else {
$link = new PDO('mysql:host=***;dbname=***;charset=UTF-8','***','***');
$proptype = $_POST["prop_cat"];
$stmt = $link->prepare("UPDATE Table SET `PType`=:proptype WHERE Username=:username");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':proptype', $proptype);
$stmt->execute();
move_uploaded_file($_FILES["upload"]["tmp_name"],
$baseDir. $_SESSION["FirstName"] ."-".$_SESSION["username"]."/". $_FILES["upload"]["name"]);
echo "Stored in: " . $baseDir. $_SESSION["FirstName"] ."-".$_SESSION["username"]."/". $_FILES["upload"]["name"];
/// load the iframe now ///////////////
echo '<iframe class="iframe" name="my_iframe" src="upload_file.php"></iframe>';
///////////////////////////////////////
}