I was running through the tutorial on http://net.tutsplus.com/tutorials/php/online-file-storage-with-php/comment-page-2/#comments
and it was working fine until:
if(strlen($message) > 0)
{
$message = '<p class="error">' . $message . '</p>';
}
This line of php is found in index.php. When I few the page in firefox, it looks like the php parser stops at the greater than. Can I escape the character? Do I need to?
EDIT: All the php code:
<?php
//Load the settings
require_once("settings.php");
$message = "";
//Has the user uploaded something?
if(isset($_FILES['file']))
{
$target_path = Settings::$uploadFolder;
$target_path = $target_path . time() . '_' . basename( $_FILES['file']['name']);
//Check the password to verify legal upload
if($_POST['password'] != Settings::$password)
{
$message = "Invalid Password!";
}
else
{
//Try to move the uploaded file into the designated folder
if(move_uploaded_file($_FILES['file']['tmp_name'], $target_path)) {
$message = "The file ". basename( $_FILES['file']['name']).
" has been uploaded";
} else{
$message = "There was an error uploading the file, please try again!";
}
}
//Clear the array
unset($_FILES['file']);
}
if(strlen($message) > 0)
{
$message = '<p class="error">' . $message . '</p>';
}
?>
<html> ... </html> //my html code
The > won't cause the PHP parser to stop.
Without seeing the HTML output by the server, it is hard to say for sure, but since the > is the first > in the file it seems likely that the PHP parser never starts and the browser treats everything between the <?php at the start of the file and the strlen($message) > as a tag.
You need to access the PHP through a web server with PHP installed and configured to process that file (which is typically done by giving it a .php file extension).
What about this?
if(!empty($message)){
$message = '<p class="error">'.$message.'</p>';
}
But why don't you directly assign the paragraph tags to the error message instead of first assigning the error message to $message and then the paragraph tags?
there is not any error in the if condition its working fine
the possible problem in the
if(isset($_FILES['file']))
if($_POST['password'] != Settings::$password)
if(move_uploaded_file($_FILES['file']['tmp_name'], $target_path))
if you are not getting in the if body it mean the problem in
if(isset($_FILES['file']))
because if it fase than $message = "";
Always use Yoda Conditions and write such statements in (the) reverse(d) order (you're normally used to:
if ( 0 !== strlen( $message ) )
{
$message = 'Hello World!';
}
Anyway, you could also simply check for ! empty( $message )
Related
Unable to create the download link. I am fetching the path saved from database and then try to make a link for it to download, but nothing happens.
Below is my code:
$query_print="SELECT vitae_pi FROM pi WHERE username='t124'";
$query_print_run=mysqli_query($conn,$query_print);
$query_print_recordset=mysqli_fetch_assoc($query_print_run);
$query_print_path=$query_print_recordset['vitae_pi'];
echo ' this is file path '.$query_print_path;
Here I am simply trying to create the download link for user t124, instead of using the current user for testing purposes?
This is hyperlink code:
<?php echo "<a href='".$query_print_path."'>".DOWNLOAD."</a>"; ?>
Any suggestions?
This my move file function:
protected function moveFile($file)
{
$filename = isset($this->newName) ? $this->newName : $file['name'];
//echo $filename;
$success = move_uploaded_file($file['tmp_name'], $this->destination . $filename);
if ($success) {
$result = $file['name'] . ' was uploaded successfully';
if (!is_null($this->newName)) {
$_SESSION['current_filename']=$this->newName;
echo $_SESSION['current_filename'];
$result .= ', and was renamed ' . $this->newName;
}
else{
$_SESSION['current_filename']=$file['name'];
echo $_SESSION['current_filename'];
}
//$result .= '.';
//echo $this->newName;
$this->messages[] = $result;
} else {
$this->messages[] = 'Could not upload ' . $file['name'];
}
}
Updating the table with file path:
$file_path_variable1= $destination1.$_SESSION['current_filename'];
echo '$file_path_variable1 : '.$file_path_variable1;
$query1="UPDATE proposal SET whitepaper_prop='$file_path_variable1' WHERE userName_prop='$currentuser'";
$result_query1=mysqli_query($conn,$query1);
....................
SOLUTION CODE IS:
Solution code is :
$query_print="SELECT vitae_pi FROM pi WHERE username='t115'";
$query_print_run=mysqli_query($conn,$query_print);
$query_print_recordset=mysqli_fetch_assoc($query_print_run);
$query_print_path=$query_print_recordset['vitae_pi'];
$dir= 'uploaded/';
$path=opendir($dir);
<?php
}while($query_pi_array=mysqli_fetch_assoc($query_pi_result));?>
<div>
<?php while($file=readdir($path)){
if($file != "." || $file !=".."){
if($file==$query_print_path){ ?>
Proposal Whitepaper
What does this display ?
<?php echo "<a href='".$query_print_path."'>".DOWNLOAD."</a>"; ?>
DOWNLOAD should be part of the PHP string, if not, it will be considered as a constant :
<?php echo "<a href='".$query_print_path."'>DOWNLOAD</a>"; ?>
Also, use double quotes for HTML attributes :
<?php echo "DOWNLOAD"; ?>
And the optimized way (to avoid useless string parsing) :
<?php echo 'DOWNLOAD'; ?>
My Requirement is as follows:
When user uploads a file i should check for "File already Exists", if file exists i must show confirm box if 'OK' i have to replace and if cancel the reverse.
This is my following code
if (file_exists($path . $documentName)) {
$msg = $documentName . " already exists. ";
?>
<script type="text/javascript">
var res = confirm('File already exists Do you want to replace?');
if (res == false) {
<?php
$msg = 'File Upload cancelled';
?>
} else {
<?php
if (move_uploaded_file($_FILES["document"]["tmp_name"], $path . $documentName)) {
$msg = $documentName . " File Replaced Successfully";
$successURL = $document_path . $documentName;
}
else
$msg = $documentName . "Upload Failed";
?>
}
</script>";
<?
}
My problem is even if i give cancel the file is getting replaced.
just let me know where I'm wrong or Is there any other approach?
Please help me to close this issue
Note:jquery Not allowed.
Your problem is that you mix javascript and PHP. The PHP-Code will be run on the server and generates the HTML-document. At this point, the file gets replaced already.
Then, this document (with the javascript-code inside) will then be send to the user and there the javascript-code is run. And in that moment, the user gets to see the confirmaion-dialog, even though the file already was replaced!
Take a look at the source-code that your php-code is generating and you will see what I mean.
A solution would be to add a checkbox to confirm overwriting files. Then after hitting the upload-/submit-button, your php-script would check if this box was checked and either replace the file or not.
#Gogul, honestly, this is not the right way to go. Better that you handle the file submission with an AJAX request which receives a response back from your server (either uploaded successfully, or file exists) which you handle appropriately. If presenting the user an option to replace the file, again handle that action with AJAX.
You can do AJAX request in raw JavaScript (jQuery not required) - see here: http://www.w3schools.com/ajax/ajax_xmlhttprequest_send.asp
You are mixing server side code with client side javascript. The solving of your problem is more complicated if you don't want the user to reupload the document:
Store the file in a temporary location under random filename. Output a yes/no form to the user, including the random filename and original filename.
If the user answers yes, move from temporary location to $path, else remove the file from temporary location.
Guys i came with with this following solution
upload
uploaddocument.php
$documentName = preg_replace('/[^a-zA-Z0-9.]/s', '_', $_FILES["document"]["name"]);
if (file_exists($path . $documentName)) {
move_uploaded_file($_FILES["document"]["tmp_name"], "F:\\Content\\enews_files\\temp\\" . $documentName);
$msg = $documentName . " already exists. <a href='confirm.php?confirm=1&filename=" . $documentName . "&language=" . $lang . "'>Replace</a>||<a href='confirm.php?confirm=0&filename=" . $documentName . "'>Cancel</a>";
} else {
if (move_uploaded_file($_FILES["document"]["tmp_name"], $path . $documentName)) {
$msg = $documentName . " Upload Success";
$successURL = $document_path . $lang . '/' . $documentName;
}
else
$msg = $documentName . " Upload Failed";
}
confirm.php
include("config_enews.php");
$lang = $_GET['language'];
$path = "F:\\Content\\enews_files\\" . $lang . "\\";
//$path = "D:\\test\\test\\" . $lang . "\\";
$documentName = preg_replace('/[^a-zA-Z0-9.]/s', '_', $_GET["filename"]);
if ($_GET['confirm'] == 1) {
//echo sys_get_temp_dir();die;
if (copy("F:\\Content\\enews_files\\temp\\" . $_GET["filename"], $path . $documentName)) {
unlink("F:\\Content\\enews_files\\temp\\" . $_GET["filename"]);
header("Location: uploaddocument.php?message=success&fname=$documentName&lang=$lang");
} else {
echo $res = move_uploaded_file($_GET["tempname"], $path . $documentName);
echo $msg = $documentName . " Upload Failed";
header("Location: uploaddocument.php?message=failed&fname=$documentName");
}
} else {
unlink("F:\\Content\\enews_files\\temp\\" . $_GET["filename"]);
header("Location: uploaddocument.php?message=cancelled&fname=$documentName");
}
I got this spark from #Marek. If any one has better solution kindly provide.
I don't have enough reputations to vote your answers sorry.
Thank you so much for all your support.
Hi, I have a problem with uploading files in my server. This is my code:
<?php
session_start();
$user=$_SESSION['user_level'];
Check if a file has been uploaded
if(isset($_FILES['fileToUpload'])) {
// Make sure the file was sent without errors
if($_FILES['fileToUpload']['error'] == 0) {
// Connect to the database
$dbLink = new mysqli('$host', '$username', '$pass', '$tbl_name');
if(mysqli_connect_errno()) {
die("MySQL connection failed: ". mysqli_connect_error());
}
// Gather all required data
//$id= mysql_insert_id();
$name = $dbLink->real_escape_string($_FILES['fileToUpload']['name']);
$mime = $dbLink->real_escape_string($_FILES['fileToUpload']['type']);
$data = $dbLink->real_escape_string
(file_get_contents($_FILES['fileToUpload']['tmp_name']));
$size = intval($_FILES['fileToUpload']['size']);
// Create the SQL query
$query = "
INSERT INTO files (email,name,type,size,content)
VALUES ('$user','$name', '$mime', $size, '$data')";
// Execute the query
$result = $dbLink->query($query);}}
?>
<?php
move_uploaded_file($_FILES["fileToUpload"]["tmp_name"],
"/home/u152912911/public_html/upload" . $_FILES["fileToUpload"]["name"]);
?>
<?php
if ($_FILES["fileToUpload"]["error"] > 0)
{
echo "Apologies, an error has occurred.";
echo "Error Code: " . $_FILES["fileToUpload"]["error"];
}
else
{
move_uploaded_file($_FILES["fileToUpload"]["tmp_name"],
"/home/u152912911/public_html/upload" . $_FILES["fileToUpload"]
["name"]);
}
if (($_FILES["fileToUpload"]["type"] == "image/DOC")
|| ($_FILES["fileToUpload"]["type"] == "image/jpeg")
|| ($_FILES["fileToUpload"]["type"] == "image/png" )
&& ($_FILES["fileToUpload"]["size"] < 10000))
{
move_uploaded_file($_FILES["fileToUpload"]["tmp_name"],
"/home/u152912911/public_html/upload" . $_FILES["fileToUpload"]["name"]);
ECHO "Files Uploaded Succesfully";
echo'<script type="text/javascript">
window.location.href ="resume2.php"
</script>';
}
else
{
}
echo "Your Resume was Successfully Upload";
?>
I have a folder named "upload" wherein it will store all the files uploaded by the user. My objective is to store the file in mysql and in the "upload" folder. The storing of file works fine with no error messages but I can't see the uploaded file inside the "upload" folder. Thanks for your help!
"/home/u152912911/public_html/upload" . $_FILES["fileToUpload"]["name"]
You are missing a trailing slash / after upload. Change it to:
"/home/u152912911/public_html/upload/" . $_FILES["fileToUpload"]["name"]
As it is, the file is being saved as a file name with the prefix upload in the public_html directory.
If possible you should use a relative path for portability, there is a good chance that simply
"upload/" . $_FILES["fileToUpload"]["name"]
...would suffice.
HOWEVER
you should not be using $_FILES["fileToUpload"]["name"] directly like this. Consider what would happen if the user sent the string ../index.php as the file name - the user would be able to overwrite your index.php file. Also, consider what would happen if two users uploaded a file named picture.jpg - the second upload would overwrite the first.
Instead you should use a name for the file that you create yourself - it is not safe to rely on user input like this.
You forget a slash:
move_uploaded_file($_FILES["fileToUpload"]["tmp_name"],
"/home/u152912911/public_html/upload" . $_FILES["fileToUpload"]["name"]);
should be
move_uploaded_file($_FILES["fileToUpload"]["tmp_name"],
"/home/u152912911/public_html/upload/" . $_FILES["fileToUpload"]["name"]);
Also, check the return value for succes, don't assume it.
Please check the permission provided to the folder where you are storing the files.
if its working fine on local host and giving problem in online testing then ask the server-host to change the folder permissions to 777.
I've built this webform wizard, consisting of several PHP pages. In this several pages users can fill in the form and the data gets temporarily stored in a session and at the last page the sessions are used to store all the data in the MYSQL database. Everything works fine with the exception of the uploaded file. Here is my code:
HTML: wizard_page2
<form name="registratieformulier" method="post" enctype="multipart/form-data" action="sw3.php">
<tr><td>Foto winkel uploaden: </td><td><input type="file" name="uploadfoto"/></td></tr><br /><br />
<tr><td><strong>Omschrijving van winkel:</strong></td> </tr><br />
<tr><textarea cols="50" rows="7" name="omschrijvingwinkel"></textarea></tr>
<input name="pkbedrijven" value="<?php echo($pkbedrijven); ?>" type="hidden" />
<input type="submit" name="stuurfoto" value="Verzenden" />
</form>
PHP: wizard_last_page
$_FILES['uploadfoto']['name'] = $_SESSION["naamfoto"];
$_FILES['uploadfoto']['tmp_name'] = $_SESSION["tijdelijk"];
$bn = $_SESSION["wn"];
$target_path = "../../winkels/$bn/";
$target_path = $target_path . basename( $_FILES['uploadfoto']['name']);
move_uploaded_file($_FILES['uploadfoto']['tmp_name'], $target_path)or die("There was an error uploading the file, please try again!");
$foto_path = "http://mywebsite.nl/winkels/$bn/".basename($_FILES['uploadfoto']['name']);
$omschrijving = $_SESSION["omschrijving"];
$add = "UPDATE winkelprofiel SET winkelomschrijving='$omschrijving', winkelfoto='$foto_path' WHERE fkBedrijvenID=$pkbedrijven ";
$query_upload = mysql_query($add) or die("De winkelfoto en omschrijving konden niet worden opgeslagen");
The $_FILES array only holds information about the file that has been uploaded in this request. If you do not save that file elsewhere within the same request, it will be removed by PHP at the end of the request. You cannot simply save $_FILES['uploadfoto']['tmp_name'] into the session and expect the file to still be there later, because it won't be. There's also no point in assigning the values in $_SESSION back into $_FILES, it won't bring the file back.
What you need to do:
if the upload was successful, move $_FILES['uploadfoto']['tmp_name'] somewhere else immediately
save the location you have moved it to into $_SESSION
do something with that file in $_SESSION at the end of your multi-page process (no need for $_FILES anymore at all)
have some mechanism in place to remove old uploaded files, in case the user abandons the session and the file never gets used
I think that the problem is, the file located at $_FILES['uploadfoto']['tmp_name'] will only be available when it is uploaded. Even you store the value in session, the file won't be there when you come to wizard_last_page. You need to handle uploaded files right away in the POST request.
So you need to move the file to $target_path or any certain temporary place when it's uploaded, then store the $target_path in the session so you can access to the file later on wizard_last_page.
Well, you can upload the file in one temporary location first. Then on the last page, once you submit the form, you can transfer the file to the desired location and then delete the temporary one.
$_SESSION['file'] = $_FILES["file"]["name"];
if (file_exists("uploads/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],"uploads/temp/" . $_FILES["file"]["name"]);
};
//This for the last page.
$file = file_get_contents("uploads/temp/".$_SESSION['file']);
file_put_contents("uploads/".$_SESSION['file'], $file);
I disagree with the accepted answer. There is a way to store all the images in the session array variable. You can use the "file_get_contents" function for storing the image.
Have a look at this:
$_SESSION['imgArrayFile'][] = $_FILES['file']; //Your file informations
$_SESSION['imgArrayName'][] = $_POST["ImgNewNamePlacowki"]; //new name for img
$_SESSION['ImgArrayAlt'][] = $_POST["ImgAltPlacowki"]; // alt tags if you use them
$_SESSION['obj_image_session'][] = file_get_contents($_FILES['file']['tmp_name']);
//above "file_get_contents" function - store image as a long string.
Regardless of what other think about using it for this purpose it can do the job for you.
There are several issues with storing large amounts of data in a session but if you images are small enough and you are aware of your settings limitation, then you will be just fine.
Save your file with
$file= $destination."/".$filename; //images/new.jpg
$fp=fopen($file,"w");
fwrite($fp,$_SESSION['obj_image_session'][$index]);
EXAMPLE FROM MY (WORKING) PROJECT:
<?php
//$galery_img_folder = "your/new/image/destination";
foreach($_SESSION['imgArrayFile'] as $index => $name){
if($_SESSION['imgArrayName'][$index]!=""
&& $_SESSION['ImgArrayAlt'][$index]!=""
&& $_SESSION['obj_image_session'][$index]!=""
){
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_SESSION['imgArrayFile'][$index]["name"]);
$extension = end($temp);
if ((($_SESSION['imgArrayFile'][$index]["type"] == "image/gif")
|| ($_SESSION['imgArrayFile'][$index]["type"] == "image/jpeg")
|| ($_SESSION['imgArrayFile'][$index]["type"] == "image/jpg")
|| ($_SESSION['imgArrayFile'][$index]["type"] == "image/pjpeg")
|| ($_SESSION['imgArrayFile'][$index]["type"] == "image/x-png")
|| ($_SESSION['imgArrayFile'][$index]["type"] == "image/png"))
&& ($_SESSION['imgArrayFile'][$index]["size"] < 104857600)
&& in_array($extension, $allowedExts))
{
if(isset($_SESSION['imgArrayName'][$index]) && $_SESSION['imgArrayName'][$index]!=""){
$rename = $_SESSION['imgArrayName'][$index];
$rename = $rename.".".end($temp);
}
if ($_SESSION['imgArrayFile'][$index]["error"] > 0)
{
echo "Return Error Code: " . $_SESSION['imgArrayFile'][$index]["error"] . "<br>";
}
else
{
$size = display_filesize($_SESSION['imgArrayFile'][$index]["size"]);
echo "Upload: " . $_SESSION['imgArrayFile'][$index]["name"] . "<br>";
echo "Type: " . $_SESSION['imgArrayFile'][$index]["type"] . "<br>";
echo "Size: " . ($size) . "<br>";
echo "Temp file: " . $_SESSION['imgArrayFile'][$index]["tmp_name"] . "<br>";
if (file_exists($galery_img_folder."/".$rename))
{
$error[] = ''.$rename.' <span class="error" id="error"> this name exsists </span>';
}
else
{
$_FILES["file"]["tmp_name"]=$_SESSION['imgArrayFile'][$index]["tmp_name"];
move_uploaded_file($_FILES["file"]["tmp_name"], $galery_img_folder."/".$rename);
//now make use of the file_get_content variables
$file= $galery_img_folder."/".$rename;
$fp=fopen($file,"w");
fwrite($fp,$_SESSION['obj_image_session'][$index]);
}
}
}
}
else
{
$error[] = '<span class="error" id="error"> Niewłaściwy plik </span>';
$maxsixe = display_filesize(104857600);
echo "Size: " . ($maxsixe) . "<br>";
}
}
}//end foreach ! ! !
}//end dodawanie zdjecia
?>
Of course you will have to make some small modifications to make it work with your project, but my point was to show you that it's possible.
Have a great day and happy coding !
I have a php script that sends large files via FTP. After the file is sent I'm trying to write to the browser "success". I'm also trying to send a query to the database to record that the file was sent. However, any code that I have that comes after the ftp_put does not get executed.
if (ftp_put($conn_id, $upload_filename, $filename, FTP_BINARY))
{
echo "File Sent";
echo $upload_filename." - ".date("d/m/Y H:i:s")." - ".filesize($filename)." bytes<br>" ;
}
else
{
echo "Problem while Uploading $filename\n <br/>". $upload_filename ;
}
If ftp_put is false the echo works. But, if the ftp_put is a success any code I put there will not run.
The file size I am sending is 7,305kb
It is likely that the problem here is that your script is timing out while the file is uploading. Try adding this line before the code above:
set_time_limit(0);
The thing is that ftp_put() blocks any further action until the upload is finished. Try ftp_nb_put() (no blocking) like so:
$upload = ftp_nb_put($conn_id, $upload_filename, $filename, FTP_BINARY);
if($upload == FTP_MOREDATA)
{
echo 'Uploading ' . $upload_filename . ' - ' . date("d/m/Y H:i:s") . ' - ' . filesize($filename) . ' bytes<br />';
while($upload == FTP_MOREDATA)
{
echo '.'; //Output a . to page or do whatever
$upload = ftp_nb_continue($conn_id);
}
}
//Note: While in the while above, it will either end in FTP_FINISHED or FTP_FAILED
if($upload == FTP_FAILED)
{
echo "Problem while Uploading $filename\n <br />". $upload_filename;
}