i don't know why file is not uploaded in database.
i am tried to check this method why file is not uploaded.
this method is used a lots of time. and worked successfully at every time.
if any mistake please correct it.
<?php
//database connection successfully worked.
$manu = $_POST['manu'];
if(isset($_POST['img_submit']))
{if($_FILES['file']['name']<>"")
{$file =time().'_'.$_FILES['file']['name'];
if (!copy($_FILES['file']['tmp_name'],"file/".$manu))
{$message = "Invalid File type.Upload only JPEG and GIF files";}
if(move_uploaded_file($_FILES['file']['tmp_name'], $manu)) {$msg2 = "The file ". basename( $_FILES['file']['name']). " has been uploaded";}
else{$msg3 = "There was an error uploading the file, please try again!";} }
echo $query = "insert into upload_image (upload_img) values('".$manu."')";
mysql_query($query) or die (mysql_error());
}?>
<form name="form" action="" method="post" enctype="multipart/form-data">
<table width="100%" border="0" cellspacing="4" cellpadding="5">
<tr><td align="center" colspan="2"> <b>Upload Image</b></td></tr>
<tr>
<th width="50%"> Image Url :</th>
<td width="50%"> <input type="file" name="manu" value="" /></td>
</tr>
<tr><td align="center" colspan="2"><input type="submit" name="img_submit" value="Upload Image" /></td></tr></table></form>
You so don't want to have this code on your server.
<?php
//database connection successfully worked.
$manu = $_POST['manu'];
...
if(move_uploaded_file($_FILES['file']['tmp_name'], $manu)
This basically means that if I have control of my browser (I have), I can send along a file with a fake MIME type and a full path of my choice in $_POST['manu'], and your server will save this file in any folder I want where it has write access to, without checking.
Just suppose I were to upload evil_haxxor_skr1pt.php with a MIME type of image/jpeg somewhere where your server code might find it, and execute it on my behalf...
Fr starters, you use the copy() function and move_uploaded_file(). Don't use the copy()! That's a big security breach!
If you want to save in the DB you need to use something like the file_get_contents() to get all the contents of the file, then you just use that data directly into the DB like you did with the $manu variable.
Don't forget to filter the input.
By the way, don't use the mysql_* functions, use mysqli_* functions. mysql_* are already too old and outdated.
Related
The form with the input element is below:
<?php
$post_new_file=$_FILES['post_new_file'];
if(isset($_POST['update'])){
if (!empty($post_new_file)) {
$post_file=$_FILES['post_new_file']['name'];
$post_file_temp=$_FILES['post_new_file']['tmp_name'];
move_uploaded_file($post_file_temp,"../pdf/$post_file");
}
$query="UPDATE posts SET post_file='{$post_file}' WHERE post_id='{$the_post_id}' ";
$create_post_query= mysqli_query($connect, $query);
confirmQuery($create_post_query);
?>
<form action="edit.php?source=<?php echo $the_post_id ?>" method="post" enctype="multipart/form-data">
<div class="form-group" style="border: solid #000 3px;">
<label for="post_file">Select New File</label>
<input type="file" name="post_new_file" >
</div>
</form>
I have problem when the $post_new_file exist. In this case when updating I lost the data in my db and the post can't have access into the file. In a few words I don't want changing the access of the file when I haven't insert a new file.
Thanks
you should check if $_FILES['post_new_file']['tmp_name'] is empty, the _FILES['post_new_file'] will exist even if there was an error with the file upload. you may even want to check the move upload worked as well to be extra sure you actually have the file, as the file could be uploaded but if the move fails you will lose the file as it was only stored temporarily
I have a C program running on the localhost server which generates some files( writes its output to these file). Then I zip all these files together using php. Now I want to upload the zip file produced to mysql server using some php script but i dont want the user to upload these files using a form by clicking choose file button but i would like to upload these automatically as soon as they are generated to mysql using php script.
<?php
//get content of json file
require_once("zip.php");
$str = file_get_contents("program/heatmap_parameters.json");
//decode the JSON
$json = json_decode($str,true);
//echo '<pre>' . print_r($json, true) . '</pre>';
foreach ($json['parameters'] as $params) {
echo $params[3]."<br>";
$files_to_zip = array("program/".$params[3]);
var_dump($files_to_zip)."<br>";
//$files_to_zip = array("program/cctv2.mp4.json");
//if true, good; if false, zip creation failed
$zip_name = "program/".$params[3].".zip";
//zip the files
$result = create_zip($files_to_zip,$zip_name);
}
//connect to database
require_once("database/conn.php");
//upload zip file to database without displaying any form.
?>
I need a way to upload my generated file to saved to mysql without choosing it from the form.
<form action="" method="post" enctype="multipart/form-data">
<table width="350" border="0" cellpadding="1" cellspacing="1" class="box">
<tr>
<td width="246">
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
<input name="userfile" type="file" id="userfile">
</td>
<td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td>
</tr>
</table>
</form>
<?php
if(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0)
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fp = fopen($tmpName, 'r');
$content = fread($fp, filesize($tmpName));
$content = addslashes($content);
fclose($fp);
include '../database/conn.php';
$sql = "INSERT INTO upload (name, content ) ".
"VALUES ('$fileName', '$content')";
$query = mysqli_query($conn,$sql);
if(!$query){
die("Cannot Insert".mysql_error());
}
}
How can i make this code such that it does not need the form
To answer your question in oneline,
You can not upload a file without form/input type file element, because that will a big security hole to web.
To upload any file to server, server need files object which has all the info of file. that info will be given by client from where you are uploading a file. It will also has the tmp location of file form where server will take that file.
You can copy file from one server to another, using curl or you can
write a bash script which will copy file from one place to another and
you can run that bash script using PHP.
Hope this helps to you!
I have this code where I can upload images. Previously, I'm having trouble changing the path/directory of the folder. And its working fine now. I have the correct path inside my database and also the image is being saved into the correct folder.
My coding :
<table id="details" height="100">
<tr>
<td>Select Image </td>
<td> : </td>
<td><input type="file" name="image" class="ed"></td>
</tr>
</table>
if (!isset($_FILES['image']['tmp_name']))
{
echo "";
}
else
{
$file=$_FILES['image']['tmp_name'];
$image= addslashes(file_get_contents($_FILES['image']['tmp_name']));
$image_name= addslashes($_FILES['image']['name']);
$location= $_SERVER['DOCUMENT_ROOT'] . '/ehars/photo/';
move_uploaded_file($_FILES["image"]["tmp_name"], $location . $_FILES["image"]["name"]);
$save=mysql_query("INSERT INTO photo (location,emp_id) VALUES ('$location','$emp_id')");
}
Path in my db :
Image saved in the folder :
However, when I try to view the picture inside the folder, I cannot view it. It says like in the photo below. Is there something wrong with my code? Or do I need to enable something so that I can view my photo? Thank you.
Try uploading a .jpg file instead of a .png. Or using another photo viewer program.
There is/was a problem with Photo Viewer not loading .png files
See this for a possible solution
Based on the discussion in the comments. I am sharing the code what I use to upload an image(save to a dir).I also didn't understood why you are using addslashes(). Sorry about this!
Basically what I do is -
created dir in my project folder
Created an unique name for the file to store so that conflict does not happen
This is my html form where I get the file from the User.
<form role="form" method="post" action="save_blog.php" enctype="multipart/form-data">
<div class="form-group">
<label class="control-label col-sm-2" for="pwd">Image</label>
<div class="col-sm-2">
<input type="file" class="filestyle" name="image_upload" data-input="false" id="file_name"><label id="name_of_image_file"></label>
</div>
</div>
</form>
And my save_blog.php looks like this.
$temp = explode(".",$_FILES["image_upload"]["name"]);
$unique_name_of_image = date('y-m-d') . "_".$user_id ."_".rand(1,9999)."." .end($temp);
$file_location = "$target_dir".$unique_name_of_image;
if (move_uploaded_file($_FILES["image_upload"]["tmp_name"], $file_location)) {
//this prints the location of the file stored
#echo "$target_dir".$unique_name_of_image; echo "<br>";
#$insert_blogs_with_image --> this is my insert string
save_to_database($insert_blogs_with_image);
} else {
#echo "Sorry, there was an error uploading your file.";
}
Hope this will help to solve the problem. If this didn't help then use the sample tutorial shown by the W3schools
what i am trying to do is when an admin tries to create a new product to upload to the server an image of that and as it's name to be the product id.jpg. I have searched google with no result. The code seems to be right. Can someone help me please? I am using lamp as local test server.
<?php
// Parse the form data and add inventory item to the system
if (isset($_POST['product_name'])) {
$product_name = mysql_real_escape_string($_POST['product_name']);
$price = mysql_real_escape_string($_POST['price']);
$details = mysql_real_escape_string($_POST['details']);
$category = mysql_real_escape_string($_POST['category_choice']);
$condition= mysql_real_escape_string($_POST['condition']);
$supplier_choice= mysql_real_escape_string($_POST['supplier_choice']);
$handling_time= mysql_real_escape_string($_POST['handling_time']);
$weight= mysql_real_escape_string($_POST['weight']);
$information_box= $_POST['information'];
$pid = mysql_insert_id();
// Place image in the folder
$newname = "$pid.jpg";
move_uploaded_file( $_FILES['my_photo']['tmp_name'], "../inventory_images/$newname");
header("location: products.php");
exit();
}
?>
<form action="add_product.php" enctype="multipart/form-data" name="my_Form" id="my_Form" method="post">
<tr>
<td>Φωτογραφία</td>
<td>
<label>
<input type="file" name="my_photo" id="my_photo"/>
</label>
</td>
</tr>
<tr>
<td> </td>
<td>
<label>
<input type="submit" name="button" id="button" value="Αποθήκευση" />
</label>
</td>
</tr>
</table>
</form>
As you said, you are using lamp, check for the permission for the directory in which you are uploading file. In addition, also check for the permission for all the folder that you have mentioned in the destination path.
The directory and all the directory in the path, in which you are uploading file must have write permission.
If move_uploaded_file does not work then try out copy function.
Also check for the path where you are uploading is correct.
I think you'll have better luck getting answers if you thin down your code to contain only portions that are relevant to the problem. You'll probably see the answer to your own question after you do this.
For example, is the file being successfully uploaded? If not, then the mysql_xxx code and most of your form is irrelevant for your question.
Due-diligence done, once again I return to the experts. Please forgive my ignorance, new to all this.
I'm trying to create a form which allows users to:
Insert the values of various form fields into a mysql database table - Easy, no issues here.
Attach a file which is saved within the file structure (in a folder called 'documents').
Save the file name, size, type (pdf, txt, etc.) to the same record.
After a file is uploaded the table would contain:
id (auto incremented)
name (text field, user generated)
description (text field, user generated)
File name (e.g. text.txt, added automatically on upload)
File size (e.g. 362455[kb], added automatically on upload)
File type (e.g. pdf, added automatically on upload)
I've successfully saved files to the folder but have not been able to make my three requirements a reality... Despite hours or troubleshoot and Googling.
The database and form are correct, the php file I post to is the mystery. Any ideas?
<form method="post" id="addForm" action="includes/insert_news.php">
<table class="addForm" cellspacing="0">
<tr>
<th>Name:<span class="greenText">*</span></th>
<td><input name="name" type="text" class="textBox required" value="Friendly Document Name" maxlength="80" /></td>
</tr>
<tr>
<th>Description:<span class="greenText">*</span></th>
<td><textarea name="description" class="textBox required">Document description blah blah</textarea></td>
</tr>
<tr>
<th>File:</th>
<td><input name="file" class="textBox" /></td>
</tr>
<tr>
<th> </th>
<td><input type="image" class="button" src="images/button_submit.gif" /></td>
</tr>
</table>
I am wondering you said that
I've successfully saved files to the
folder but
but I think you are not getting anything in the $_FILES because this thing is missing in your form tag
<form enctype="multipart/form-data">
Assuming that you have already added the missing thing #shakti pointed out, and you change the <input> by adding type="file" and since you didn't give any information about your php code, try these out:
<?php
class UploadFile{
//declare some variables in corresponding to your database field here, like fields, table name and stuffs
public function attach_file($file) {
if($file['error'] != 0) {
//do something
} else {
$this->temp_path = $file['tmp_name'];
$path_parts = pathinfo($file['name']);
$this->filename = $path_parts['extension'];// to get the filename
$this->type = $file['type'];// to get the file type
$this->size = $file['size'];// to get the size
$this->name = $name;
$this->description = $description;
}
}
public function save() {
$target_path = "/some/folder";
if(move_uploaded_file($this->temp_path, $target_path)) {
if($this->create()) {
unset($this->temp_path);
return true;
}
} else {
return false;
}
}
public function create() {
//your INSERT INTO
}
?>
and in your insert_news.php :
<?php
require_once("class/location");
if($_FILES['file']) {
$news = new UploadFile();
$news->attach_file($_FILES['main_picture'], $_POST['name'], $_POST['description']);
if($pic->save()){
//do something
}
}
?>
haven't tested this, but i hope you get the point :D