I am trying to store uploaded file details in my database. I have written the following code, but I am unable to understand why its not reading the Query Block. Its not generating any MySQL error message or any other Syntax error. Kindly check it.
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form action="file_upload_test2.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<input type="file" name="file2" id="file"><br>
<input type="file" name="file3" id="file"><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
<?php
include 'connect.php';
$allowedExts = array("gif", "jpeg", "jpg", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
//&& ($_FILES["file"]["size"] < 200000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 200000) . " kB<br>";
$image_name= $_FILES["file"]["name"];
$path= move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . rand().$_FILES["file"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
if (mysql_query ("Insert into category_images (image_name,image_location) VALUES ('$image_name', '$path')"))
{
echo "successfull";
}
else {
mysql_error();
}
}
}
else
{
echo "Invalid file";
}
?>
try
$sql = "INSERT INTO `category_images` (`image_name`,`image_location`) VALUES ('".$image_name."', '".$path."')";
$result = mysql_query($sql);
if ($result)
{
// Successful query execution
echo "successfull";
}
else {
// Some error occured while executing query.
// Show some useful information using echo/print.
// Then stop execution after taking other necessary steps
die(mysql_error());
}
also, your database is vulnerable to SQL Injection attack since you are not sanitizing your input. You should use at least mysql_real_escape_string() method to ensure that this doesn't occur.
If the above doesn't work, try checking if your connection parameters are ok and if MySQL is running.
Related
I have a problem in storing and displaying image. The code doesn't work. I want to upload the image in the folder "img" and display it.
This is my code :
<html>
<body>
<form action="upload_file.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="image" ><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
upload_file.php
<?php
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 20000)
&& in_array($extension, $allowedExts)) {
if ($_FILES["file"]["error"] > 0) {
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
} else {
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
if (file_exists("img/" . $_FILES["file"]["name"])) {
echo $_FILES["file"]["name"] . " already exists. ";
} else {
move_uploaded_file($_FILES["file"]["tmp_name"],
"img/" . $_FILES["file"]["name"]);
echo "Stored in: " . "img/" . $_FILES["file"]["name"];
}
}
} else {
echo "Invalid file";
}
?>
Well, you gave a different name for the file in the input file tag in your form.
Change this
<input type="file" name="image" ><br>
to this
<input type="file" name="file" ><br>
and it should work. Let me know if it doesn't.
You may also consider putting the contents in upload_file.php in an if-conditional to prevent it from execution on direct access as follows:
<?php
if(isset($_POST['submit'])) {
// Your code here
}
Trying to upload certain images with PHP but it won't work
I have used the example from w3Schools to try and upload an image with a higher value for hight then width.
It's working fine on "normal" images (horizontal), but as I said I'm not getting it to work on vertical aligned images.
The script does not recognise the file at all I think.
The errormessage is : Undefined index on the line where this goes $_FILES["file"]["name"])
****THIS SCRIPT IS JUST FOR CHECKING THE FILE I KNOW IT DOESENT UPLOAD IT****
here is the image im trying to get PHP to check http://rubenringdal.net/img/testigjen.jpg
<html>
<head>
<title></title>
</head>
<body>
<form action="uploader.php" method="post" enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
<?php
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 20000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
}
}
else
{
echo "Invalid file";
}
?>
If your image is large than what you are allowing, 20 kb, it will not work so change this to a greater value.
($_FILES["file"]["size"] < **20000**)
And you have to check if anything has been uploaded before you process it.
<?php
if(!empty($_FILES["file"]))//Check if its not empty
{
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 200000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
}
}
else
{
echo "Invalid file";
}
}
?>
<html>
<head>
<title></title>
</head>
<body>
<form action="uploader.php" method="post" enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
I look at w3school tutorial for upload a file. I can understand the code. The first 2 simply version of the code works, while this doesn't.
<?php
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 20000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $_FILES["file"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
}
}
else
{
echo "Invalid file";
}
?>
I have a problem, if i use this code to upload a file i Always get Invalid file response.
EDIT:
<html>
<body>
<form action="upload_file.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
Also check Folder permission. Upload folder permission should be 777.
this code only uploads images.
you cannot upload same files that are already uploaded.
you cannot upload files more than 20KB.
make sure you have a directory named 'upload' in your source folder
I am new to php,trying to do a form, which allows me to upload a few text fields and then upload 3 images, the images are then uploaded into a remote server, and the name of the images are saved into database, so then it can be pulled out and displayed later.
(p.s. Ignore the SQL injection issue, i just havent got time around that yet. Thanks)
At the moment i am testing this on localhost.
My question is should i loop it, or should i just do the upload process 3 times?
Below is what i tried. But the looping trial isnt uploading the files, it just goes straight to invalid file. Also i would like to make sure all 3 files are valid files before uploading them, would i have to loop the verifying first then loop the uploading again?
Please give me some advice, thanks for your time.
<?php
ini_set('display_errors', 1); error_reporting(E_ALL);
ob_start();
session_start();
include 'connect.php';
if ($_POST)
{
//get form data
$Listingname = addslashes(strip_tags($_POST['Listingname']));
$Location = addslashes(strip_tags($_POST['Location']));
$nobed = addslashes(strip_tags($_POST['nobed']));
$zip = addslashes(strip_tags($_POST['zip']));
$price = addslashes(strip_tags($_POST['price']));
$username=addslashes(strip_tags($_POST[$_SESSION['username']]));
if (!$Listingname||!$nobed||!$nobed||!$zip||!$price)
echo "Please fill out all fields";
else
for($i=0;$i<count($_FILES["image"]["name"]);$i++)
{$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"][$i]);
$extension = end($temp);
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 400000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Upload: " . $_FILES["file"]["name"][$i] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"][$i] . " already exists please add another file, or change the. ";
}
else
{
$photo=$_FILES["file"]["name"][$i];
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/$photo");
echo "Stored in: " . "upload/" . $_FILES["file"]["name"][$i];
}
}
}
else
{
echo "Invalid file";
}
{
$username=$_SESSION['username'];
//register into database
mysqli_query($con,"INSERT INTO Listing (username,Listingname,Location,nobed,zip,price,pic1) VALUES
('$username','$Listingname','$Location','$nobed','$zip','$price','$photo');") or die(mysqli_error());
echo "Listing Added";
}
}
}
else
{
?>
<form action="Submitlisting2.php" method="post"
enctype="multipart/form-data">
Listing Name:<br />
<input type='text' name='Listingname'><p />
Location:<br />
<input type='text' name='Location'><p />
Number of Beds:<br />
<input type='test' name='nobed'><p />
Zip:<br />
<input type='text' name='zip'><p />
Price:<br />
<input type='text' name='price'><p />
<label for="file">Pic1(File must be exceed 4mb):</label>
<input type="file" name="file[]" id="file"><br>
<label for="file">Pic2(File must be exceed 4mb):</label>
<input type="file" name="file[]" id="file"><br>
<br>
<input type='submit' name='submit' value='Submit'>
</form>
<?php
}
?>
Attempt without looping(this get very very long, the attempt is only with 2 images upload, which is 1 reason why i am thinking to loop)
<?php
ini_set('display_errors', 1); error_reporting(E_ALL);
ob_start();
session_start();
include 'connect.php';
if ($_POST)
{
//get form data
$Listingname = addslashes(strip_tags($_POST['Listingname']));
$Location = addslashes(strip_tags($_POST['Location']));
$nobed = addslashes(strip_tags($_POST['nobed']));
$zip = addslashes(strip_tags($_POST['zip']));
$price = addslashes(strip_tags($_POST['price']));
$username=addslashes(strip_tags($_POST[$_SESSION['username']]));
if (!$Listingname||!$nobed||!$nobed||!$zip||!$price)
echo "Please fill out all fields";
else
{$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 400000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
}
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists please add another file, or change the. ";
}
}
}
}
else
{$allowedExts1 = array("gif", "jpeg", "jpg", "png");
$temp1 = explode(".", $_FILES1["file1"]["name1"]);
$extension1 = end($temp1);
if ((($_FILES1["file"]["type"] == "image/gif")
|| ($_FILES1["file"]["type"] == "image/jpeg")
|| ($_FILES1["file"]["type"] == "image/jpg")
|| ($_FILES1["file"]["type"] == "image/pjpeg")
|| ($_FILES1["file"]["type"] == "image/x-png")
|| ($_FILES1["file"]["type"] == "image/png"))
&& ($_FILES1["file"]["size"] < 400000)
&& in_array($extension1, $allowedExts1))
{
if ($_FILES1["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES1["file"]["error"] . "<br>";
}
else
{
echo "Upload: " . $_FILES1["file"]["name"] . "<br>";
echo "Type: " . $_FILES1["file"]["type"] . "<br>";
echo "Size: " . ($_FILES1["file"]["size"] / 1024) . " kB<br>";
echo "Temp file: " . $_FILES1["file"]["tmp_name"] . "<br>";
if (file_exists("upload/" . $_FILES1["file"]["name"]))
{
echo $_FILES1["file"]["name"] . " already exists please add another file, or change the. ";
}
}
}
else
{ $photo=$_FILES["file"]["name"];
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/$photo");
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
else
{
echo "Pic 1 Invalid file" and die("Unable to upload pic1");
}
}
{
$photo1=$_FILES1["file"]["name"];
move_uploaded_file($_FILES1["file"]["tmp_name"],
"upload/$photo1");
echo "Stored in: " . "upload/" . $_FILES1["file"]["name"];
}
else
{
echo "Pic 2 Invalid file" and die("Unable to upload Pic2");
}
{
$username=$_SESSION['username'];
//register into database
mysqli_query($con,"INSERT INTO Listing (username,Listingname,Location,nobed,zip,price,pic1) VALUES
('$username','$Listingname','$Location','$nobed','$zip','$price','$photo');") or die(mysqli_error());
echo "Listing Added";
}
else
{
?>
<form action="Submitlisting2.php" method="post"
enctype="multipart/form-data">
Listing Name:<br />
<input type='text' name='Listingname'><p />
Location:<br />
<input type='text' name='Location'><p />
Number of Beds:<br />
<input type='test' name='nobed'><p />
Zip:<br />
<input type='text' name='zip'><p />
Price:<br />
<input type='text' name='price'><p />
<label for="file">Filename(File must be exceed 4mb):</label>
<input type="file" name="file" id="file"><br>
<label for="file">Filename(File must be exceed 4mb):</label>
<input type="file" name="file1" id="file1"><br>
<br>
<input type='submit' name='submit' value='Submit'>
</form>
<?php
}
?>
If i am talking about a better User Experience then Looping is much better then repeat upload and for repeat upload you can/should use ajax upload.
I am trying to upload images in my PHP server using HTML form. I have written the following code. Its not creating problem when i upload a 'png' file, but when i upload 'JPEG' images it says 'Invalid File'. Kindly check it and guid me.
Thanks
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form action="file_upload_test2.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
<?php
$allowedExts = array("gif", "jpeg", "jpg", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 200000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 200000) . " kB<br>";
// echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $_FILES["file"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
}
}
else
{
echo "Invalid file";
}
?>
If you host your application on linux, you should convert extension to lower case to match strings in $allowedExts, because linux is case sensitive (and not just linux).
Check this How to track execution time of each line / block of lines / methods in PHP? to be able to run script step by step and see, where the problem is.