First off, I know similar questions have been asked, however mine doesn't appear to be a server-limited file size....
When using one page with the form below and attempting to send to another file containing the script, it works fine with small files (under 2MB). However, a slightly larger file (around 3MB) it appears to pass the $_POST variables correctly, but the script fails for some unknown reason. Finally, a test file of 9MB fails to send the $_POST variables at all and a print_r($_POST) shows each as undefined.
Here's the form:
<form enctype="multipart/form-data" id="formEditTAPPS" method="POST" action="scripts/editTAPPSprocess.php">
Page ID Number: <? echo $id; ?>
<input type="hidden" name="id" value="<? echo $id; ?>" />
<br />
Page Title: <input type="text" name="newPageTitle" value="<?php echo $row['title']; ?>" style="width:300px;" />
<br />
Number of Pages in PDF: <input type="text" name="newNumberOfPages" value="<?php echo $row['num_pages']; ?>" style="width:30px;" />
<br />
TAPPS Category:
<select name="newCategory">
<? while ($row2 = mysql_fetch_array($data2)) {
$catIDfromCat = $row2['cat_id'];
$catName = $row2['cat_name'];
?><option value="<? echo $catIDfromCat; ?>" <?php if ($catIDfromPages==$catIDfromCat){echo "selected=\"selected\"";} ?> ><? echo $catName; ?></option>
<? } ?>
</select>
<br />
Last Updated: <? echo $row['last_updated']; ?>
<br />
Display Order: <input type="text" name="newDisplayOrder" value="<?php echo $row['display_order']; ?>" />
<br />
Existing PDF: <a href="/files/tapps/<? echo $row['filename']; ?>" /><? echo $row['filename']; ?></a>
<br />
Upload a New PDF: <input name="newPDF" type="file" />
<br />
<input type="submit" name="Submit" value="Update this TAPPS Page" style="margin: 20px 0 0 50px;" />
And here's the processing script:
include_once('../../../common/db/conn.php'); // Connect to the database
// Assigns the variables passed from the form.
$id = $_POST['id'];
$title = $_POST['newPageTitle'];
$num_pages = $_POST['newNumberOfPages'];
$cat_id = $_POST['newCategory'];
$display_order = $_POST['newDisplayOrder'];
$newPDF = basename($_FILES['newPDF']['name']);
// Try to upload the file...
$target = "../../../files/tapps/";
$target = $target . $newPDF;
if(move_uploaded_file($_FILES['newPDF']['tmp_name'], $target)) {
// Saves the data into the correct database table.
$sql = "UPDATE tapps_pages SET title='$title', num_pages='$num_pages', cat_id='$cat_id', display_order='$display_order', filename='$newPDF' WHERE id='$id'";
// Verifies the database stores the form results and sends the user to the "Success" page.
$result = mysql_query($sql);
if($result) {
echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=../editTAPPSpage.php?id=$id&success=1\">";
} else {
echo "<br /><br />Bummer, something broke. =(<br /><br />";
print_r($_POST);
}
} else {
// Problem uploading the file
echo "<br /><br />Looks like there was a problem uploading the TAPPS page... Better tell Kevin!<br /><br />He's going to want to know this info, so please copy and paste it into the email...<br />";
print_r($_POST);
echo "<br /><br />";
print_r($_SERVER);
echo "<br /><br />";
print_r($_SESSION);
}
Sounds like a upload_max_filesize problem to me, but I've addressed that with a php.ini file:
memory_limit = 128M
max_execution_time = 600
upload_max_filesize = 50M
post_max_size = 64M
And phpinfo() shows that the change stuck, after a reboot of Apache.
Am I missing a setting that could cause a timeout or limit the file size to 2MB? Thanks in advance for any help!
Related
On my website, I have a form which allows the user to modify a selected item. As a part of this modification, they are allowed the upload (or delete) images associated with the item.
It seems that very specific images are causing my form to not post (I make this assumption because the loading indicator for my browser is pending).
From further inspection, although it does create a file, it's size is 0B. This is concurrent with the fact that the output of $_FILE['tree-photos']['size'][0] is 0. It seems that the image isn't even being attempted to be uploaded as a specific error code is not given by $_FILE['tree-photos']['error'][0] (returns 0).
I have changed all the appropriate file permissions required and the upload_max_size and post_max_size values accordingly. Interestingly, other files from the same folder which follow the exact same naming scheme and are larger upload fine. It seems random which photos trigger the form to not submit, but it is consistent what images do and don't submit.
File extensions are not the problem either, they are consistient.
Here is my code (I have been told off before for not posting all my code so sorry if a lot of it is not required):
<?php
include("../content/head.php");
include("../functions.php");
if (!isset($_SESSION['admin'])) {
header("Location: ../admin/admin.php?page=login");
exit();
}
$id = $_REQUEST['treeID'];
$tree_sql = "SELECT * FROM trees WHERE treeID=" . $id;
$tree_query = mysqli_query($dbconnect, $tree_sql);
$tree_rs = mysqli_fetch_assoc($tree_query);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$com_name = test_input($_POST['com_name']);
$sci_name = test_input($_POST['sci_name']);
$height = test_input($_POST['height']);
$origin = test_input($_POST['origin']);
$description = test_input($_POST['description']);
$type = test_input($_POST['type']);
if(isset($_FILES['tree-photos']['name'][0])) {
if (!empty($_FILES['tree-photos']['name'][0])) {
for ($i = 0; $i < count($_FILES['tree-photos']['name']); $i++) {
$location = '../images/' . $sci_name .'/' . $sci_name . "_" . uniqid() . "." . strtolower(pathinfo($_FILES['tree-photos']['name'][$i], PATHINFO_EXTENSION));
move_uploaded_file($_FILES['tree-photos']['tmp_name'][$i], $location);
}
}
}
if ($tree_rs["photo"] == "noimage") {
$updatesql = "UPDATE trees SET photo='$sci_name' WHERE treeID=".$id;
}
$_SESSION['err'] = $_FILES['tree-photos']['error'][0];
$updatesql = "UPDATE trees SET com_name='$com_name', sci_name='$sci_name', height='$height', origin='$origin', description='$description', type='$type' WHERE treeID=".$id;
$updatequery = mysqli_query($dbconnect, $updatesql);
}
$tree_sql = "SELECT * FROM trees WHERE treeID=" . $id;
$tree_query = mysqli_query($dbconnect, $tree_sql);
$tree_rs = mysqli_fetch_assoc($tree_query);
include("../content/navigation.php");
?>
<div id="main-container">
Back
<h1><?php echo $_SESSION['err']; ?></h1>
<form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF'])."?treeID=".$id;?>" method="post" enctype="multipart/form-data">
<p>Common Name</p>
<input name="com_name" type="text" value="<?php echo $tree_rs['com_name']; ?>">
<p>Scientific Name</p>
<input name="sci_name" type="text" value="<?php echo $tree_rs['sci_name']; ?>">
<p>Height Name</p>
<input name="height" type="number" value="<?php echo $tree_rs['height']; ?>">
<p>Origin</p>
<input name="origin" type="text" value="<?php echo $tree_rs['origin']; ?>">
<p>Type</p>
<select name="type">
<option value="Deciduous">Deciduous</option>
<option value="Evergreen">Evergreen</option>
</select>
<p>Description</p>
<textarea name="description"><?php echo $tree_rs['description']; ?></textarea>
<p>Add Photos</p>
<input name="tree-photos[]" type="file" multiple>
<?php $tree_rs['photo']; ?>
<?php
if ($tree_rs['photo'] != "noimage") { ?>
<div class="edit-images-container"> <?php
$path = "../images/".$tree_rs['photo']."/";
$images = glob("$path*.{jpg,jpeg,png,gif,bmp}", GLOB_BRACE);
foreach($images as $image) { ?>
<div class="image-editable-container">
<img class="editable-image" data-source="<?php echo $tree_rs['sci_name']; ?>" data-id="<?php echo $tree_rs["treeID"]; ?>" src="<?php echo $image?>" alt="<?php echo $tree_rs['com_name'] . " - " . $tree_rs['description']; ?>">
<img class="editable-image-delete" src="../images/delete.svg" alt="Delete Button">
</div>
<?php } ?> </div> <?php
} else { ?>
<p>No Images Currently</p>
<?php }
?>
<input type="submit" value="Submit">
</form>
</div>
<?php include("../content/footer.php"); ?
Edit: Included some images that work and don't work for me, would be interesting if its the same for you.
Edit 2: It seems that after restarting the server I am able to upload around 15 items, including ones I couldn't before. After that, though new random images are un-uploadable. This might be a config issue.
I'm trying to delete specific images in a database through PHP.
I have a page where all images in the database are displayed and I wanted a button under each one of them so I could delete them individually through their id but I don't know how.
Here's the PHP code for showing all images:
<?php
$result = mysqli_query($con, "SELECT * FROM galeria");
?>
<h5>Images:</h5>
<?php
while ($row = mysqli_fetch_array($result)) {
?><h6> <?php echo $row['titleimg']; ?></h6>
<p><?php echo $row['events_id']; ?></p>
<img src="../images/<?php echo $row["img"]; ?>" width="301px" height="200px"/>
<form action="delete_images.php" method="post">
<input type="submit" name="delete" value="Delete" />
</form>
<?php
echo "<br>";
echo "<br>";
}
?>
So now, what's the code I should have in my "delete_images.php" file?
Your form needs an additional piece of information, an identifier for the image to be deleted. Something like:
<form action="delete_images.php" method="post">
<input type="hidden" name="id" value="<?php echo $row['img_id'] ?>" />
<input type="submit" name="delete" value="Delete" />
</form>
Naturally, I'm guessing on the column name (img_id), but any identifier for that specific image will do the trick. With that, your POST to delete_images.php will have that value (in $_POST['id']) and can use it in the DELETE query to the database.
Put a hidden input field that will contain the imageName to which you want to delete.
<input type="hidden" value="'.$row["img"].'" name="imageName" />
// Now write some server side code in delete_images.php that will delete file
if (array_key_exists('imageName', $_POST)) {
$filename = $_POST['imageName'];
if (file_exists($filename)) {
unlink($filename);
// Write Mysql query that will delete the row from database
echo 'File '.$filename.' has been deleted';
} else {
echo 'Could not delete '.$filename.', file does not exist';
}
}
I have an administrator.php which displays 300 records from a table called 'player'. Next to each record, there is an edit option which redirects you to edit.php and the 15 columns of that record (including the primary key - playerid) is displayed inside text boxes. Line of code below:
<a href='edit.php?playerid=".$query2['playerid']."'>Edit</a>
On edit.php you are able to change data of these columns. Upon submit, an update query is sent to update the table but unfortunately, it's not working. My error message continues to display ("testing for error..."); not sure why.
//Setups up the database connection
$link = mysql_connect("localhost", "root", "");
mysql_select_db("fantasymock", $link);
if(isset($_GET['playerid'])) {
$playerid = $_GET['playerid'];
//Query to display results in input box
$query1 = mysql_query("SELECT * from player WHERE playerid = '$playerid'");
$query2 = mysql_fetch_array($query1);
}
if(isset($_POST['submit'])) {
$playerid = $_POST['playerid'];
$preranking = $_POST['preranking'];
$playerlast = $_POST['playerlast'];
$playerfirst = $_POST['playerfirst'];
$position = $_POST['position'];
$battingavg = $_POST['battingavg'];
$run = $_POST['run'];
$homerun = $_POST['homerun'];
$rbi = $_POST['rbi'];
$sb = $_POST['sb'];
$win = $_POST['win'];
$save = $_POST['save'];
$strikeout = $_POST['strikeout'];
$era = $_POST['era'];
$whip = $_POST['whip'];
//Query to update dB
$query3 = mysql_query("UPDATE player SET playerid='$playerid', preranking='$preranking', playerlast='$playerlast', playerfirst='$playerfirst', position='$position', battingavg='$battingavg', run='$run', homerun='$homerun', rbi='$rbi', sb='$sb', win='$win', save='$save', strikeout='$strikeout', era='$era', whip='$whip' WHERE playerid='$playerid'");
header("Location: administrator.php");
} else {
echo "Testing For Error....";
}
?>
<form action="" method="POST">
Player ID:<input type="text" name="playerid" value="<?php echo $query2['playerid'];?>"/> <br/>
Preranking:<input type="text" name="preranking" value="<?php echo $query2['preranking'];?>"/> <br/>
Last Name:<input type="text" name="playerlast" value="<?php echo $query2['playerlast'];?>"/> <br/>
First Name:<input type="text" name="playerfirst" value="<?php echo $query2['playerfirst'];?>"/> <br/>
Position:<input type="text" name="position" value="<?php echo $query2['position'];?>"/> <br/>
Batting Avg:<input type="text" name="battingavg" value="<?php echo $query2['battingavg'];?>"/> <br/>
Runs:<input type="text" name="run" value="<?php echo $query2['run'];?>"/> <br/>
Homeruns:<input type="text" name="homerun" value="<?php echo $query2['homerun'];?>"/> <br/>
Rbi:<input type="text" name="rbi" value="<?php echo $query2['rbi'];?>"/> <br/>
Sb:<input type="text" name="sb" value="<?php echo $query2['sb'];?>"/> <br/>
Wins:<input type="text" name="win" value="<?php echo $query2['win'];?>"/> <br/>
Saves:<input type="text" name="save" value="<?php echo $query2['save'];?>"/> <br/>
Strikeouts:<input type="text" name="strikeout" value="<?php echo $query2['strikeout'];?>"/> <br/>
Era:<input type="text" name="era" value="<?php echo $query2['era'];?>"/> <br/>
Whip:<input type="text" name="whip" value="<?php echo $query2['whip'];?>"/> <br/>
<br>
<input type="submit" name="submit" value="submit">
</form>
FYI: Every column in the table and tablename is spelled correctly, I've triple checked before posting. And I'm aware of MySQL injection. Can someone see a problem? Thank you in advance!
EDIT: I just added an additional if statement if($query3) and it now works.
You are checking for POST variables, but you are getting to edit.php through a GET request. There isn't anything on $_POST. Therefore it drops down to the else of your if block and prints out Testing For Error...
Your script in getting into the else part. That means there nothing it is getting as $_POST['submit']. Make sure that your submit button must have a name attribute as submit.
<input type="submit" name="submit" value="" />
please check what showing in error.log file. You may insert these lines at your edit.php file
error_reporting(E_ALL);
ini_set('display_errors', 1);
to display error.
Replace your else part by this for more detailed mysql errors
else{ echo "Testing For Error...." .mysql_error(); }
as far as i can see my code is sound however, I keep getting an error
this is the error
Notice: Undefined variable: person in
\sql\modify.php on line 12
here is my code..
<?php
include 'includes/connection.php';
if (!isset($_POST['submit'])){
$q = "SELECT * FROM people WHERE ID = $_GET[id]";
$result = mysql_query($q);
$person = mysql_fetch_array($result);
}
?>
<h1>You are modifying A User</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Name<input type="text" name="inputName" value="<?php echo $person['Name']; ?>" /><br />
Description<input type="text" name="inputDesc" value="<?php echo $person['Description']; ?>" />
<br />
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>" />
<input type="submit" name="submit" value="Modify"/>
</form>
<?php
if(isset($_POST['sumbmit'])) {
$u = "UPDATE people SET `Name` = '$_POST[inputName]', `Description` = '$_POST[inputDesc]' WHERE ID = $_POST[id]";
mysql_query($u) or die(mysql_error());
echo "User has been modify";
header("Location: index.php");
}
?>
any Thoughts or am im I just blind???
<?php
include 'includes/connection.php';
// set $person veriable
if (!isset($_POST['submit'])){
$q = "SELECT * FROM people WHERE ID = $_GET[id]";
$result = mysql_query($q);
$person = mysql_fetch_array($result);
}
// if form submit you use update and redirect
else {
$u = "UPDATE people SET `Name` = '$_POST[inputName]', `Description` = '$_POST[inputDesc]' WHERE ID = $_POST[id]";
mysql_query($u) or die(mysql_error());
//echo "User has been modify"; // this not need, bcz execute header('location') redirect you current page
header("Location: index.php");
exit(); //use it after header location
}
?>
<h1>You are modifying A User</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Name<input type="text" name="inputName" value="<?php echo $person['Name']; ?>" /><br />
Description<input type="text" name="inputDesc" value="<?php echo $person['Description']; ?>" />
<br />
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>" />
<input type="submit" name="submit" value="Modify"/>
</form>
You just need to check if you actually got output.
Just a plain example:
if ($person):
?>
<h1>You are modifying A User</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Name<input type="text" name="inputName" value="<?php echo $person['Name']; ?>" /><br />
Description<input type="text" name="inputDesc" value="<?php echo $person['Description']; ?>" />
<br />
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>" />
<input type="submit" name="submit" value="Modify"/>
</form>
<?php
endif;
Remember to always validate your input and output, but also if queries you try to run do produce a result set.
Here's the issue:
<?php
include 'includes/connection.php';
if (!isset($_POST['submit'])){
$q = "SELECT * FROM people WHERE ID = $_GET[id]";
$result = mysql_query($q);
$person = mysql_fetch_array($result);
}
?>
At this point $person is set only if the form hasn't been submitted; but later on:
Name<input type="text" name="inputName" value="<?php echo $person['Name']; ?>" /><br />
Description<input type="text" name="inputDesc" value="<?php echo $person['Description']; ?>" />
You're using it anyway. If the form has been submitted, then you're going to get the warning you're seeing. What you need to do is something like:
if (isset($_POST['submit'])){
$name = $_POST['name'];
$description = $_POST['description']
} else {
$q = "SELECT * FROM people WHERE ID = $_GET[id]";
$result = mysql_query($q);
$person = mysql_fetch_array($result);
$name = $person['name'];
$description= $person['description'];
}
And then:
Name<input type="text" name="inputName" value="<?php echo $name ?>" /><br />
Description<input type="text" name="inputDesc" value="<?php echo $description; ?>" />
The variables are now set either way.
A couple of other things - you're not doing any error checking to see if your query has worked; if the query fails, your code will carry on regardless.
Secondly, the mysql_ functions are deprecated and will stop working at some point; you should look at moving to using mysqli_* or PDO instead.
This is really bugging me and I can't figure it out. I have a form with a few options being sent by POST:
<form method="POST" action="scripts/submit.php"><strong>
To User: <input type="text" name="ID" size="21" /><br />
Short Description: <input type="text" name="Item" size="21" /><br />
Link: <input type="text" name="Link" size="21" /><br />
Points: <select name="Points">
<option value="1" selected="selected">1</option>
<option value="0">0</option><option value="-1">-1</option>
</select> (1 = Positive, 0 = Neutral, -1 = Negative)<br />
Text: <br /><textarea name="Text" rows="5" cols="50"/></textarea></strong><br />
<input type="submit" value="Send" />
</form>
And here is the portion of submit.php that is giving me trouble:
<?php
include('functions.php');
Connect();
if(!isset($_SESSION))
{
session_start();
}
$id_from = $_SESSION['SESS_MEMBER_ID'];
$id_to = Sanitize($_POST['ID']);
$item = Sanitize($_POST['Item']);
$link = Sanitize($_POST['Link']);
$points= Sanitize($_POST['points']);
$text = Sanitize($_POST['Text']);
Does anyone see an issue here? I am getting undefined index's from all of the variables except the session one.
Thanks in advance.
edit: If i just have this:
<?php
include('functions.php');
Connect();
if(!isset($_SESSION))
{
session_start();
}
$id_from = $_SESSION['SESS_MEMBER_ID'];
$id_to = Sanitize($_POST['ID']);
$item = Sanitize($_POST['Item']);
$link = Sanitize($_POST['Link']);
$points = Sanitize($_POST['points']);
$text = Sanitize($_POST['Text']);
?>
The variables populate just fine. If I add:
$id_query=mysql_query("SELECT ID FROM tbl_users WHERE Username = '$id_to'");
$count=mysql_num_rows($id_query);
$id_row=mysql_fetch_array($id_query);
$id_to=$id_row['ID'];
if ($points> 1 || $points< -1) {
echo "Nice try";
exit();
} else {
if(!($id_to == $id_from))
{
if($count==1)
{
mysql_query("INSERT INTO tbl_data (Item, Link, Points, Text, ID_To, ID_From) VALUES ('$item', '$link', '$points', '$text', '$id_to','$id_from')");
header('Location:?id=submit');
}
else
{
echo "Nice try1";
}
}
else
{
echo "Nice try2";
}
}
I just took your code over at my dev server at tried to test run it. Since I don't know what your Sanitize() do, I can't be sure what is going on inside this function.
If you try to remove the Sanitize(), I'm pretty sure it would work and you will have to look inside this to find the bug.
I'm guessing you might be missing something like ($var, str) for sanitize a string. Can you please tell a little more about this function ?
edit: some minor spelling errors.
Edit: Did some more test and made the error happen and the two codes shows it. The 1st works, while the 2nd gives me a empty var_dump.
This one gives me a full var_dump();
<?
function Sanitize($String) {
$output = mysql_real_escape_string(stripslashes($String));
return $output;
}
if(!isset($_SESSION))
{
session_start();
}
?>
<form method="post" action=""><strong>
To User: <input type="text" name="ID" size="21" /><br />
Short Description: <input type="text" name="Item" size="21" /><br />
Link: <input type="text" name="Link" size="21" /><br />
Points: <select name="Points"><option value="1" selected="selected">1</option><option value="0">0</option><option value="-1">-1</option></select> (1 = Positive, 0 = Neutral, -1 = Negative)<br />
Text: <br /><textarea name="Text" rows="5" cols="50"/></textarea></strong><br />
<input type="submit" value="Send" />
</form>
<?
$id_from = $_SESSION['SESS_MEMBER_ID'];
$id_to = Sanitize($_POST['ID']);
$item = Sanitize($_POST['Item']);
$link = Sanitize($_POST['Link']);
$points= Sanitize($_POST['points']);
$text = Sanitize($_POST['Text']);
var_dump($_POST);
echo $text;
?>
This one gives me an empty var_dump
<?
if(!isset($_SESSION))
{
session_start();
}
?>
<form method="post" action=""><strong>
To User: <input type="text" name="ID" size="21" /><br />
Short Description: <input type="text" name="Item" size="21" /><br />
Link: <input type="text" name="Link" size="21" /><br />
Points: <select name="Points"><option value="1" selected="selected">1</option><option value="0">0</option><option value="-1">-1</option></select> (1 = Positive, 0 = Neutral, -1 = Negative)<br />
Text: <br /><textarea name="Text" rows="5" cols="50"/></textarea></strong><br />
<input type="submit" value="Send" />
</form>
<?
$id_from = $_SESSION['SESS_MEMBER_ID'];
$id_to = Sanitize($_POST['ID']);
$item = Sanitize($_POST['Item']);
$link = Sanitize($_POST['Link']);
$points= Sanitize($_POST['points']);
$text = Sanitize($_POST['Text']);
var_dump($_POST);
echo $text;
?>
based on your comment that you have this code:
$id_query = mysql_query("SELECT ID FROM tbl_users WHERE Username = '$id_to'");
$count = mysql_num_rows($id_query);
$id_row = mysql_fetch_array($id_query);
$id_to = $id_row['ID'];
if ($points > 1 || $points < -1) {
} else {
if (! ($id_to == $id_from)) {
if ($count == 1) {
mysql_query("INSERT INTO tbl_data (Item, Link) VALUES ('$item', '$link')");
header('Location:?id=submit');
} else {}
} else {}
}
I think the problem is on the line that says:
header('Location:?id=submit');
Perhaps you're testing with something that somehow make $points either greater than 1 or less than -1, $count is 1, and $id_to is different from $id_from, which then make the else block executed and (especially the line) header() executed, and user get redirect immediately.
To check if this is true, try var_dump($_GET) to see if you got something like:
array (size=1)
'id' => string 'submit' (length=6)
If you do, and perhaps the database isn't updated, then it's the mysql_query that sits right before the header is the one that you need to check.
Hope this helps.