So i have a file upload feature on my site and rather than redirect to the php script page, I want to have an iframe that displays the message returned by the script. So here's my html:
<iframe class="iframe" name="my_iframe" src="upload_file.php" style="display:none;"></iframe>
<form id="uploadForm" action="upload_file.php" method="post" enctype="multipart/form-data" target="my_iframe">
So basically I want to hide my iframe UNTIL I the upload process finishes and the script returns a message. Here's my php script:
<?php
ini_set('display_errors', 'On');
error_reporting(E_ALL | E_STRICT);
session_start();
$allowedExts = array("doc", "docx");
$extension = pathinfo( $_FILES["upload"]["name"],PATHINFO_EXTENSION);
$username = $_SESSION["username"];
if (($_FILES["upload"]["size"] < 200000)
&& in_array($extension, $allowedExts)) {
if ($_FILES["upload"]["error"] > 0)
{
echo "Return Code: " . $_FILES["upload"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["upload"]["name"] . "<br />";
echo "Type: " . $_FILES["upload"]["type"] . "<br />";
echo "Size: " . ($_FILES["upload"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["upload"]["tmp_name"] . "<br />";
$dir_exists = is_dir("/disks/*/*/*/*/". $_SESSION["FirstName"] ."-".$_SESSION["username"]."/");
$file_exists = file_exists("/disks/*/*/*/*/".$_SESSION["FirstName"] ."-".$_SESSION["username"]."/" . $_FILES["upload"]["name"]);
$folderName=$_SESSION["FirstName"];
$baseDir = "/disks/*/*/*/*/";
// Create directory if it does not exist
if (! $dir_exists) {
if (is_writable($baseDir)) {
mkdir($baseDir . $_SESSION["FirstName"]."-".$_SESSION["username"]);
} else {
trigger_error($baseDir. " is not writeable");
}
}
if ($file_exists) {
echo $_FILES["upload"]["name"] . " already exists. ";
} else {
$link = new PDO('mysql:host=***;dbname=***;charset=UTF-8','***','***');
$proptype = $_POST["prop_cat"];
$stmt = $link->prepare("UPDATE Table SET `PType`=:proptype WHERE Username=:username");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':proptype', $proptype);
$stmt->execute();
move_uploaded_file($_FILES["upload"]["tmp_name"],
$baseDir. $_SESSION["FirstName"] ."-".$_SESSION["username"]."/". $_FILES["upload"]["name"]);
echo "Stored in: " . $baseDir. $_SESSION["FirstName"] ."-".$_SESSION["username"]."/". $_FILES["upload"]["name"];
}
}
} else {
echo "Invalid file";
}
?>
So basically to sum up my question: How can I hide the iframe until upload finishes, and then display it with the message that the user can close like an alert box?
Can you echo the Iframe at the end of the upload instead of trying to hide it then show it at the top?
if ($file_exists) {
echo $_FILES["upload"]["name"] . " already exists. ";
} else {
$link = new PDO('mysql:host=***;dbname=***;charset=UTF-8','***','***');
$proptype = $_POST["prop_cat"];
$stmt = $link->prepare("UPDATE Table SET `PType`=:proptype WHERE Username=:username");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':proptype', $proptype);
$stmt->execute();
move_uploaded_file($_FILES["upload"]["tmp_name"],
$baseDir. $_SESSION["FirstName"] ."-".$_SESSION["username"]."/". $_FILES["upload"]["name"]);
echo "Stored in: " . $baseDir. $_SESSION["FirstName"] ."-".$_SESSION["username"]."/". $_FILES["upload"]["name"];
/// load the iframe now ///////////////
echo '<iframe class="iframe" name="my_iframe" src="upload_file.php"></iframe>';
///////////////////////////////////////
}
Related
When this code below runs, it just returns the echo "Did not move files!";
Goal is to allow users to upload files, just get this working for now.
account.php
<form action="includes/upload.inc.php" method="post" enctype="multipart/form-data">
Select image to upload:
<input type="file" name="fileToUpload" id="fileToUpload">
<input type="submit" value="Upload Image" name="submit">
upload.inc.php
<?php
if(isset($_POST['submit'])) {
$uploadsDir = '../uploads/';
$name = basename($_FILES["fileToUpload"]["name"]);
$tempName = basename($_FILES["fileToUpload"]['tmp_name']);
$error = $_FILES['fileToUpload']['error'];
if ($error > 0) {
echo "Error: " . $error . "<br />";
} else {
move_uploaded_file($temp_name, "$uploadsDir/$name");
if(move_uploaded_file($temp_name, "$uploadsDir/$name")) {
echo "Successful";
echo "Upload: " . $name . "<br />";
echo "Stored in: Uploads Directory!";
} else {
echo "Did not move files!";
}
}
}
?>
Hosting server off localhost, originally thought my directories did not have permissions to rwx, i ended up changing every directory that is used to have full permissions by any user. This did not change the outcome.
You had 3 errors:
You called move_uploaded_file twice.
You declared $tempName variable, but you used $temp_name in the move_uploaded_file function.
You used basename when declaring the temporary file path variable.
Your final code should look like:
if (isset($_POST['submit'])) {
$uploadsDir = '../uploads/';
$name = basename($_FILES["fileToUpload"]["name"]);
$tempName = $_FILES["fileToUpload"]['tmp_name'];
$error = $_FILES['fileToUpload']['error'];
if ($error > 0) {
echo "Error: " . $error . "<br />";
} else {
if (move_uploaded_file($tempName, "$uploadsDir/$name")) {
echo "Successful";
echo "Upload: " . $name . "<br />";
echo "Stored in: Uploads Directory!";
} else {
echo "Did not move files!";
}
}
}
if(isset($_POST['submit'])) {
$uploadsDir = '/';
$name = ($_FILES["fileToUpload"]["name"]);
$tempName = ($_FILES["fileToUpload"]['tmp_name']);
$error = $_FILES['fileToUpload']['error'];
if ($error > 0) {
echo "Error: " . $error . "<br />";
} else {
if(move_uploaded_file($tempName, __DIR__.'/'.$name)) {
echo "Successful";
echo "Upload: " . $name . "<br />";
echo "Stored in: Uploads Directory!";
} else {
echo "Did not move files!";
}
}
}
Can someone please tell me what I have done wrong with this code, I am connecting to localhost to the database called video. Then I am inserting in to table location and its column location the value $videoLocation.
The result I get is when I open my browser is
<?php
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
?>
What I am trying to achieve with this code is for the video to appear on my webpage once a user has submitted it.
<?php
$allowedExts = array("jpg", "jpeg", "gif", "png", "mp3", "mp4", "wma");
$allowType = array("video/mp4","audio/mp3","audio/wma","image/png","image/gif","image/jpeg");
$maxSize = 20000000000000;
$extension = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
$pathToUpload = 'upload/';
if( in_array($_FILES["file"]["type"], $allowType) && in_array($extension, $allowedExts) && $_FILES["file"]["size"] <= $maxSize)
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
if (file_exists($pathToUpload . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"], $pathToUpload . $_FILES["file"] ["name"]);
$videoLocation = "upload/".$_FILES['file']['name'];
// now insert $videoLocation into a database table
$db = new mysqli('127.0.0.1', 'root', '', 'video');
INSERT INTO location (location)
VALUES ($videoLocation)
//so you can fetch it on whatever page you feel like
}
}
}
else
{
echo "Invalid file";
}
?>
try this
$db = new mysqli('127.0.0.1', 'root', '', 'video');
$stmt = $db->prepare("INSERT INTO location (location) VALUES (?)");
$stmt->bind_param('s', $videoLocation);
$stmt->execute();
//so you can fetch it on whatever page you feel like
I recently answer a question for someone else who wanted to store image files in the database. Here is how to do it:
1) the database column must be defined as longblob.
Next, the code uses PDO rather than mysqli.
// database connection...
$dsn = 'mysql:host=localhost;dbname=testmysql';
$username = 'test';
$password = 'test';
$options = array(
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8',
);
$connection = new PDO($dsn, $username, $password, $options);
$connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
Then you need an open file handle as follows:
$fileVideo = fopen($videoLocation,'rb');
Then you prepare your statement and bind the file:
$stmt = $connection->prepare("INSERT INTO location (location) VALUES (?)");
$stmt->bindParam(1, $fileVideo, PDO::PARAM_LOB);
$connection->beginTransaction();
$stmt->execute();
$connection->commit();
fclose($fileVideo);
I haven't test the above on your files but the original code that was like the above but with names changes worked fine.
I am newish to php. But when i learned to program it was on a TI-83 Calculator. with the TI83 their was an if-then statements the could be used. I am writing some code to check if a directory is already created and if not create it. I need it to run the last half of the code either way. here is the code.
<?php
$dir = "/Applications/XAMPP/xamppfiles/htdocs/upload/$_POST[Itemid]/" ;
if (!file_exists($dir) and !is_dir($dir)) {
$upload_dir = mkdir($dir, 0777);
}else{
foreach ($_FILES["file"]["error"] as $key => $error) {
if ($error == UPLOAD_ERR_OK) {
$filename = $_FILES["file"]["name"][$key];
$filetemp = $_FILES["file"]["tmp_name"][$key];
$filetype = $_FILES["file"]["type"][$key];
$filesize = $_FILES["file"]["size"][$key];
if (file_exists($dir . $filename))
{
echo $filename . " already exists. <br><br>";
}
else
{
echo "Upload: " . $filename . "<br>";
echo "Type: " . $filetype . "<br>";
echo "Size: " . ($filesize / 1024) . " kB<br>";
echo "Temporarily Stored in: " . $filetemp . "<br>";
move_uploaded_file($filetemp,"$dir/$filename");
echo "uploaded the file \"" . $filename. "\" to the \"/Applications/XAMPP/xamppfiles/htdocs/upload/\" Directory<br>" ;
$con=mysqli_connect("localhost","root","","Inventory");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO ListPics (`1`, `Item_ItemID`)
VALUES
('$dir$filename', '$_POST[Itemid]')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo ($filename. " added to Database<br><br>");
mysqli_close($con);
}
}
}
}
?>
Yes I know this code is not secure. It will not ever see the interweb(Reverently bows head and says "Thank you Al Gore") It will sit snugly behind a VPN for personal use only. I just need to know how to execute the PHP equivalent of If Then Statements
This is simple:
if(condition) {
/* do something if condition is true */
}
else {
/* do something else if condition is false */
}
/* do other stuff either way */
You only need the else if there is something that you want to do only if the condition is false. If you want to do it either way, then don't use else at all.
I have a PHP script that generates an HTML form for users to upload a file. I save that file on the server using move_uploaded_file then read it using fgets() and perform database inserts based on certain check. Here's a simplified version of the code:
$cart_id = 18566;
if (empty($_POST))
{
echo "<form name=\"upload\" action=\"myscan.php\" id=\"myScan\" method=\"POST\" enctype=\"multipart/form-data\">";
echo "Choose the file to upload:<br>\r\n";
echo "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"300000\" form=\"myScan\" />";
echo "<input type=\"file\" name=\"file\" form=\"myScan\" id=\"fileUp\" /><br>";
echo "<input type=\"submit\" value=\"Upload\" name=\"sub\" form=\"myScan\" />";
echo "<input type=\"hidden\" name=\"ck\" form=\"myScan\" value=\"".$cart_id."\" />";
echo "</form><br>";
}
else
{
// link to cart goes here
}
$fname = "1SCAN20131031123456";
if (!empty($_POST))
{
$allowedExts = array("txt", "csv");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ( ($_FILES["file"]["type"] == "text/plain"
|| $_FILES["file"]["type"] == "application/vnd.ms-excel")
&& array_search(strtolower($extension), array_map('strtolower', $allowedExts)) !== FALSE )
{
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Stored in: " . $_FILES["file"]["tmp_name"]."<br>";
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"], $fname);
echo "Moved to: " . $fname . "<br>";
}
}
}
else
{
echo "Invalid file<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Extension: " . $extension . "<br>\n";
}
At this point the file $fname is ok, no duplicated lines. The next part is called as a function declared in the same PHP file. $link, $fname, and $cart_id are declared as globals
$bn = basename($fname);
$sfd = fopen($fname, "r");
$store_number = "$bn[0]";
if(is_numeric($bn[1]))
$store_number .= $bn[1];
$a = stripos($bn, "SCAN");
$a += 4;
$dt = substr($bn, $a);
// echo "Date = $dt \n";
$fy = substr($dt, 0, 4);
$fM = substr($dt, 4, 2);
$fd = substr($dt, 6, 2);
$fh = substr($dt, 8, 2);
$fm = substr($dt, 10, 2);
$fs = substr($dt, 12, 2);
$fdate = "$fy-$fM-$fd $fh:$fm:$fs";
// echo $fname . ",";
// echo $store_number . ",";
while ($line = fgets($sfd))
{
$li = explode(",", $line);
if (sizeof($li) == 5)
{
$scan = $li[0];
$poQty = $li[1];
$cntQty = $li[2];
$limd = $li[3];
$lihms = $li[4];
$query = "INSERT INTO upload_datalog (file_name, store, filedate, scan, po_qty, cnt_qty, scan_md, scan_hms, cart_id)\n"
. "VALUES (\"$bn\", $store_number, \"$fdate\", \"$scan\", $poQty, $cntQty, \"$limd\", \"$lihms\", $cart_id)";
mysqli_query($link, $query);
}
else if ($fM < 8 || ($fM == 8 && $fd < 16 ))
{
$scan = $li[0];
$poQty = $li[2];
$cntQty = $li[1];
$limd = $li[3];
$lihms = $li[4];
$query = "INSERT INTO upload_datalog (file_name, store, filedate, scan, po_qty, cnt_qty, scan_md, scan_hms, cart_id)\n"
. "VALUES (\"$bn\", $store_number, \"$fdate\", \"$scan\", $poQty, $cntQty, \"$limd\", \"$lihms\", $cart_id)";
mysqli_query($link, $query);
}
else if (sizeof($li) == 3 && $li[0] != "" && $li[1] != "" &&$li[2] != "" )
{
$scan = $li[0];
$poQty = $li[2];
$cntQty = $li[1];
$query = "INSERT INTO upload_datalog (file_name, store, filedate, scan, po_qty, cnt_qty)\n"
. "VALUES (\"$bn\", $store_number, \"$fdate\", \"$scan\", $poQty, $cntQty)";
mysqli_query($link, $query);
}
}
fclose($sfd);
The file contains this information:
This all works more than 99 percent of the time, but twice in the past 2 weeks, the entries in the upload_datalog table have been duplicated. There is another function after this that also reads the file and performs inserts based on different checks, and those are duplicated as well.
I know this is an edge case, but I couldn't find any information as to why this would happen on php.net or through google, and I have not been able to reproduce it mysqlf. But I know it occurs in the wild.
Is there a race condition I'm not seeing here?
You do your inserts in a while loop, so you run twice through that loop?
For debugging, add a counter in your loop and create a small debug function, and a debug table. Insert the counter and data in your debug table. Compare these values with your expectations
Uploading an image into a directory, it seems to always try upload "" which is nothing. Rather then an actual image. What am I doing below. I know the value is "" because of what it inserts into the database.
<li class="formProductImage">
<span>Image:</span>
<input type="file" name="productImage" />
</li>
and the php:
if ($_FILES["productImage"]["error"] > 0)
{
echo "Return Code: " . $_FILES["productImage"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["productImage"]["name"] . "<br />";
echo "Type: " . $_FILES["productImage"]["type"] . "<br />";
echo "Size: " . ($_FILES["productImage"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["productImage"]["tmp_name"] . "<br />";
$filename = mysql_real_escape_string($_FILES['productImage']['name']);
$query = "UPDATE products SET image = '$filename' WHERE name = '$name'";
$result = mysql_query($query);
if (mysql_affected_rows() == 1) {
// Show thank you message
echo '<span style="color:green;">Your image was added to database correctly.</span>';
if (file_exists("uploaded/" . $_FILES["productImage"]["name"]))
{
echo $_FILES["productImage"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["productImage"]["tmp_name"],
"uploaded/" . $_FILES["productImage"]["name"]);
echo "Stored in: " . "uploaded/" . $_FILES["productImage"]["name"];
}
} else {
echo '<font color="red">Image note inserted into database.</font>';
echo mysql_error();
}
}
}
}
Make sure you have enctype="multipart/form-data" in the <form> tag.
change this line:
$filename = mysql_real_escape_string($_FILES['file']['name']);
to :
$filename = mysql_real_escape_string($_FILES['productImage']['name']);