SORRY CAUGHT MY OWN ERROR AFTER POST
I have this code that i am running after a HTML from uploads a file to my .uploadAdmin.php section. Im having a lot of trouble with this.
$clientname = $_SESSION['MM_USERNAME'];
$extension = end(explode(".", $_FILES["file"]["name"]));
$myText = (string)$_FILES["file"]["name"];
$myText = str_replace("'", "", $myText);
print $myText; // This does come out with no '
My question is how do i change to file name after i have a new file name with no ' I have tried a few things including
$_FILES["file"]["name"] = $myText;
I had a comparison operator == instead of =,
Thanks Amy :)
Once you've uploaded your file you need to move it from the temporary directory to the place you want to store it. This is a security feature. The uploaded file will have a temporary file name. You can change the real filename as part of the move_uploaded_file() operation.
// where to store file
$uploads_dir = '/uploads';
// name of temporary file after upload.
$tmp_name = $_FILES["file"]["tmp_name"];
// original name of file, with apostrophes replaced
$name = str_replace("'", "", $_FILES["file"]["name"]);
// move the file
if (move_uploaded_file($tmp_name, "$uploads_dir/$name") === false) {
// do something if the file isn't an uploaded file.
}
Read the PHP reference Handling File Uploads for the complete reference.
Related
I have a function which checks if image files exist. It works for all images, except when a period is inside the filename. The filenames are user uploaded, and many already exist that are not sanitized. Here is an example:
$img = 'nice_name.jpg'; // detects
$img = 'bad_name.7.jpg'; // doesn't detect
if (is_file($path . $img)) {
return $path . $prefix . $img;
}
I'm not sure how to escape this or make it work. I have doubled checked and the file does exist at that path. The function works for other image names in the same folder.
edit: This was marked a duplicate and linked to a question about uploading files. I am using is_file() to check if a file already exists. There is no uploading occurring, and the file already has the extra "." in its name on the server, so this is a different issue.
You can use basename() to get the file name, and then do something with it, like rename it if it contains a period.
$testfile = "test.7.img";
$extension = ".img";
$filename = basename($testfile, $extension);
if(strpos($filename,".") > 0) {
$newname = str_replace(".","",$filename) . $extension ;
rename($testfile,$newname);
}
//... then continue on with your code
Hello I am using the following code to upload files on my server and to write the filename inside the database. My question is how I can achive when the file is uploaded the name of the file to be changed ? Right now I am facing a problem if the filename have space sbetween the words if it is not a whole word the file is not uploading correctly.
here is the code:
$target = "../images/";
$target = $target . basename( $_FILES['photo']['name']);
$filename = $_FILES['photo']['name'];
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
//resize function
createThumbnail($filename);
You need to parse the filename removing all unwanted characters. The easiast way is to use preg_replace forbidden characters. Here's an example:
// List of forbidden chars (\ and / need to be escaped with \)
$forbiddenChars = "\/\\?%*:|\"<>. ";
//Characters not allowed are replaced by this var
$replaceStr = "_";
$filename = preg_replace("/[$forbiddenChars]/", $replaceStr, $_FILES['photo']['name']);
//DEBUG: Test if everything is ok (should be deleted in production)
var_dump($filename);
I am trying to upload a file, and save the path to MySQL.
I want to make a custom path for each file, which will be based on a variable, however the actual file name of the file will stay the same.
I am submitting the file via POST. I believe I have to use $_FILE? The name of the form item is "file".
How would I go about doing this? Note: I DO NOT want to store the actual file on the database, just the path.
EDIT: I also want to save the actual file to a path, too.
Take a look at this page: http://www.php.net/manual/en/features.file-upload.post-method.php There is an example of moving an uploaded file to some folder.
So yes the relevant information is stored in $_FILE
First create appvars.php like something below
<?php
// Define application constants
define('GW_UPLOADPATH', 'foldername/');
define('GW_MAXFILESIZE', 32768); // 32 KB
?>
then create the code to save the file like something like this
<?php
require_once('appvars.php');
$file = mysqli_real_escape_string($dbc, trim($_FILES['file']['name']));
$file_type = $_FILES['file']['type'];
$file_size = $_FILES['file']['size'];
//do some checks to make sure the person upload the file type you like
if ((($file_type == filetype) // check for the size also
&& ($file_size > 0) && ($file_size <= GW_MAXFILESIZE)) {
if ($_FILES['file']['error'] == 0) {
// Move the file to the target upload folder
$target = GW_UPLOADPATH . $file;
if (move_uploaded_file($_FILES['file']['tmp_name'], $target)) {
// Write the data to the database
mysqli_connect( database info);
$query = "INSERT INTO table (file ) VALUES ($file)";
mysqli_query($dbc, $query);
}
}
}
mysqli_close($dbc);
?>
Here is my code:
if ($_FILES['music']['name'] != '')
{
$file_name = time() . $_FILES['music']['name'];
copy($_FILES['music']['tmp_name'], "music/" . $file_name);
}
else
{
$file_name = "";
}
I want to upload audio file. the file name is insert into database. but its not insert into folder.
try move_uploaded_file instead. You may want to check file size limits too.
I think you want to use move_uploaded_file(), not copy
I guess the folder in which you are trying to copy the uploaded file is not the one you expect. Possibly this is what you need:
copy($_FILES['music']['tmp_name'], __DIR__ . "/music/" . $file_name);
By the way move_uploaded_file() works faster and safer than copy().
Hello I am usign the below code to zip a package on upload:
$nameFile = $_FILES['file']['name'];
$tmpName = $_FILES['file']['tmp_name'];
$download_folder = './CopyrightFiles/';
$zip = new ZipArchive();
$fileconpress = $download_folder.$nameFile.".zip";
$conpress = $zip->open($fileconpress, ZIPARCHIVE::CREATE);
if ($conpress === true)
{
$zip->addFile($tmpName);
$zip->close();
echo $fileconpress."<br/>";
echo "yess !! Success!!!! ";
}
else echo " Oh No! Error";
It seems to work ok.
But there are two issues.
First issue it saves the file also with the original extension, something like : image.JPG.zip
Also when I then move the zip package to my local computer (Mac) and I open the ZIP inside I can find only a tmp folder with a binary file inside and NOT the image or the file that should be there!
What the hell is going on?
Please advise
Thank you
That's because your "binary" file is just the temporary name that PHP used to temporarily stored the uploaded file as. That's why it's "tmp_name" in the $_FILES array.
Try this:
$zip->addFile($tmpName, $nameFile);
The second parameter lets you specify what the file's name should be within the zip.
To prevent 'file.jpg.zip', try:
$fileconpress = $download_folder . pathinfo($_FILES['file']['name'], PATHINFO_FILENAME) . ".zip";
Issue #1:
You need to manually remove the extension:
$filename = explode('.', $_FILES['file']['name']);
$filename = $filename[0];
Issue #2:
$tmpName does not contain the filename of the file. You need to pass the $localname parameter in addFile(). See http://php.net/manual/en/function.ziparchive-addfile.php.