I am writing a code that will let me upload files. The code is to convert the file to all lowercase .Check to make sure the filename is not already inserted into the database and if the user uploads a .png or .jpg file, resize the image to a thumbnail and keep a copy of both the thumbnail and regular size image in a folder named: uploads. I am still a bit confusing cause there is something that aint right I went over and over it. I dont know if maybe I been working on it for days or what not but I can not see anything. Not only that I am still a newbie working on this.
Here is my code:
$aryImages=array("image/jpeg","image/png");
$aryDocs=array("application/msword","application/pdf","video/x-msvideo");
$filename=filenameSafe($_FILES['upload']['name']);
$fileType=$_FILES["upload"]["type"];
if (in_array($_FILES["upload"]["type"],$aryImages)){
createThumb($fileType,$_FILES['upload']['tmp_name'],$filename,100,100);
}
elseif (in_array($_FILES["upload"]["type"],$aryDocs)){
move_uploaded_file($_FILES['upload']['tmp_name'],
"../imagefolder/".$filename);
$aryColumns=array("sessionID"=>$curSess,"fileName"=>$filename,"fileType"=>$fileType,"thumbFileName"=>$thumbFilename,"dateCreated"=>date('Y-m-d H:i:s'));
dbInsert($filename,$aryColumns,$_FILES["upload"]["type"]);
}
else{
echo "File Uploaded";
}
}
function createThumb($type,$tmpname,$filename,$new_w,$new_h){
$thumbFilename="tmb-".$filename;
if (is_numeric(strpos($type,"jpeg"))){
$src_img=imagecreatefromjpeg($tmpname);
}
if (is_numeric(strpos($type,"png"))){
$src_img=imagecreatefrompng($tmpname);
}
$old_x=imageSX($src_img);
$old_y=imageSY($src_img);
if ($old_x > $old_y) {
$thumb_w=$new_w;
$thumb_h=$old_y*($new_h/$old_x);
}
if ($old_x < $old_y) {
$thumb_w=$old_x*($new_w/$old_y);
$thumb_h=$new_h;
}
if ($old_x == $old_y) {
$thumb_w=$new_w;
$thumb_h=$new_h;
}
$dst_img=imagecreatetruecolor($thumb_w,$thumb_h);
imagecopyresampled($dst_img,$src_img,0,0,0,0,$thumb_w,$thumb_h,$old_x,$old_y);
if (is_numeric(strpos($type,"jpeg"))){
imagejpeg($dst_img,"../upload/".$thumbFilename);
imagejpeg($src_img,"../upload/".$filename);
}
if (is_numeric(strpos($type,"png"))){
imagepng($dst_img,"../upload/".$thumbFilename);
imagepng($src_img,"../upload/".$filename);
}
imagedestroy($dst_img);
imagedestroy($src_img);
dbInsert($filename,$thumbFilename,$type);
}
function filenameSafe($filename) {
$temp = $filename;
// Lower case
$temp = strtolower($temp);
// Replace spaces with a ’_’
$temp = str_replace(" ", "_", $temp);
// Loop through string
$result = "";
for ($i=0; $i<strlen($temp); $i++) {
if (preg_match('([0-9]|[a-z]|_|.)', $temp[$i])) {
$result = $result.$temp[$i];
}
}
dbConnect();
$SQL="SELECT fileID FROM upload WHERE fileName='".$result."'";
//echo $SQL;
$rs=mysql_query($SQL);
echo mysql_num_rows($rs);
if(mysql_num_rows($rs)!=0){
$extension=strrchr($result,'.');
$result=str_replace($extension,time(),$result);
$result=$result.$extension;
}
return $result;
}
function dbInsert($filename,$thumbFilename,$type){
dbConnect();
$SQL="INSERT Into tblFile (fileName,thumbFileName,fileType) values('".$filename."','".$thumbFilename."','".$type."')";
echo $query;
exit;
mysql_query($SQL);
}
I am thinking it is looping somewhere and I just cant catch it. When i click the upload button after the browse buttton the page comes up with nothing on it no picture or anything. I am not getting no error or nothing. Can someone please help me out. If i try to put some of the code out it will start giving me errors and fatal errors too. Thanks for looking.
You have several issues here so I'm only going to focus on one area right now that will (hopefully) help you write better code in the future.
Your filenameSafe() function is terribly inefficient. Using a regex on each character of a string inside a loop is like breaking an egg with a sledgehammer with dynamite strapped to the handle. Also, if your goal is to sanitize data before saving it to the database you should be using mysql_real_escape_string() on the data before queries to the db.
Additionally, by simply finding the first occurrence of a period in your filename to determine where the extension starts is dubious ... what if multiple periods made it into the filename somehow? Instead, try pathinfo() to get the extension.
Finally, I assume that by appending the current timestamp you're trying to avoid filename collisions in the filesystem. This is not an adequate solution because it is very possible for two files to be saved at the same second in time. While there are whole books on subjects like hashing, for the sake of time I'll just say you'd be better served by dropping a quick md5() or uniqid() on the filename.
So, an example of how to better handle that particular part of the code:
function filenameSafe($filename)
{
// Lower case
$filename = strtolower($filename);
// get extension
$ext = pathinfo($filename, PATHINFO_EXTENSION);
// Replace spaces with a ’_’
$filename = str_replace(" ", "_", $filename);
// Replace non-alphanumerics (except underscores)
$filename = preg_replace('/\W/', '', $filename);
// append the timestamp
$filename = $filename . time();
// create an md5 hash
$result = md5($filename);
// ensure the string is safe for the db query
$result = mysql_real_escape_string($result);
dbConnect();
$SQL="SELECT fileID FROM upload WHERE fileName='".$result.".$ext'";
$rs = mysql_query($SQL);
if (mysql_num_rows($rs) > 0) {
$result = str_replace(".$ext", time(), $result);
$result = "$result.$ext";
}
return $result;
}
Related
I want to allow users to upload images without conflicting problems that may be caused by multiple users uploading images that potentially have the same image name. I am stumped on how to execute this and I have no idea where to start..
Here is my code:
if(isset($_POST['submitimage'])){
move_uploaded_file($_FILES['file']['tmp_name'],"pictures/".$_FILES['file']['name']);
$con = mysqli_connect("localhost","root","","database");
$q = mysqli_query($con,"UPDATE users SET image = '".$_FILES['file']['name']."' WHERE user_id = '".$_SESSION['user']."'");
header("Location: index.php");
}
?>
Any help would be amazing. Thank you!
My solution is to generate a random string for each uploaded file, i.e.:
<?php
if(!empty($_POST['submitimage'])){
//get file extension.
$ext = pathinfo($_FILES['file']['name'])['extension'];
//generate the new random string for filename and append extension.
$nFn = generateRandomString().".$ext";
move_uploaded_file($_FILES['file']['tmp_name'],"pictures/".$nFn);
$con = mysqli_connect("localhost","root","","database");
$q = mysqli_query($con,"UPDATE users SET image = '{$nFn}' WHERE user_id = '{$_SESSION['user']}'");
header("Location: index.php");
}
function generateRandomString($length = 10) {
return substr(str_shuffle("abcdefghijklmnopqrstuvwxyz"), 0, $length);
}
?>
PHP has a build in function to generate unique files on your server. This function is known as tempnam(). If you read the comments on that website carefully though, there is a small chance you'll get unwanted behaviour from that function if to many processes call it at the same time. So a modification to this function would be as follows:
<?php
function tempnam_sfx($path, $suffix){
do {
$file = $path."/".mt_rand().$suffix;
$fp = #fopen($file, 'x');
}
while(!$fp);
fclose($fp);
return $file;
}
?>
Because the file is kept open while it's being created, it can't be accessed by another process and therefor it's impossible to ever create 2 files with the same name simply because a couple of your website visitors happened to upload pictures at the exact same moment. So to implement this in your own code:
<?php
function tempnam_sfx($path, $suffix){
do {
$file = $path."/".mt_rand().$suffix;
$fp = #fopen($file, 'x');
}
while(!$fp);
fclose($fp);
return $file;
}
$uploaddir = 'pictures'; // Upload directory
$file = $_FILES['file']['name']; // Original file
$ext = pathinfo($path, PATHINFO_EXTENSION); // Get file extension
$uploadfile = tempnam_sfx($uploaddir, $ext);
move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile);
$con = mysqli_connect("localhost","root","","database");
$q = mysqli_query($con,"UPDATE users SET image = '".basename($uploadfile)."' WHERE user_id = '{$_SESSION['user']}'");
header("Location: index.php");
?>
One way you could do this, is by generating a few random numbers (and possibly attaching them to current date in number format) and give the image the number sequence.
if(isset($_POST['submitimage'])){
//generate 3 sequences of random numbers,you could do more or less if you wish
$randomNumber=rand().rand().rand();
move_uploaded_file($_FILES['file']['tmp_name'],"pictures/".$randomNumber."jpg");
$con = mysqli_connect("localhost","root","","database");
$q = mysqli_query($con,"UPDATE users SET image = '".$randomNumber.".jpg' WHERE user_id = '".$_SESSION['user']."'");
header("Location: index.php");
}
?>
Note : you could also look into generating random strings if numbers are not your thing.
I want to upload 1000 images in just one click via URL. I have 1000 Image URLs stored in MYSQL database.
So please any one give me PHP code to upload that 1000 images via URL through mysql database.
Currently I am using the bellow code:-
It upload one image per click by posting URL of image...
But i want to upload 1000 image in one click by getting URLs from databse
$result = mysql_query("SELECT * FROM thumb") or die(mysql_error());
// keeps getting the next row until there are no more to get
while($row = mysql_fetch_array( $result )) {
echo "<div>";
$oid = $row['tid'];
$th= $row['q'];
echo "</div>";
$thi = $th;
$get_url = $post["url"];
$url = trim('$get_url');
if($url){
$file = fopen($url,"rb");
$directory = "thumbnail/";
$valid_exts = array("php","jpeg","gif","png","doc","docx","jpg","html","asp","xml","JPEG","bmp");
$ext = end(explode(".",strtolower(basename($url))));
if(in_array($ext,$valid_exts)){
$filename = "$oid.$ext";
$newfile = fopen($directory . $filename, "wb");
if($newfile){
while(!feof($file)){
fwrite($newfile,fread($file,1024 * 8),1024 * 8);
}
echo 'File uploaded successfully';
echo '**$$**'.$filename;
}
else{
echo 'File does not exists';
}
}
else{
echo 'Invalid URL';
}
}
else{
echo 'Please enter the URL';
}
}
Thanks a lot.... …
The code you have is outdated and a lot more complex than needed. This is not a site where you get code because you ask, this is a learning environment.
I'll give you an example on which you can continue:
// Select the images (those we haven't done yet):
$sItems = mysql_query("SELECT id,url FROM thumb WHERE imported=0") or die(mysql_error());
// Loop through them:
while( $fItems = mysql_fetch_assoc($sItems) ){
$imgSource = file_get_contents($fItems['url']); // get the image
// Check if it didn't go wrong:
if( $imgSource!==false ){
// Which directory to put the file in:
$newLocation = $_SERVER['DOCUMENT_ROOT']."/Location/to/dir/";
// The name of the file:
$newFilename = basename($fItems['url'], $imgSource);
// Save on your server:
file_put_content($newLocation.$newFilename);
}
// Update the row in the DB. If something goes wrong, you don't have to do all of them again:
mysql_query("UPDATE thumb SET imported=1 WHERE id=".$fItems['id']." LIMIT 1") or die(mysql_error());
}
Relevant functions:
file_get_contents() - Get the content of the image
file_put_contents() - Place the content given in this function in a file specified
basename() - given an url, it gives you the filename only
Important:
You are using mysql_query. This is deprecated (should no longer be used), use PDO or mysqli instead
I suggest you make this work from the commandline and add an echo after the update so you can monitor progress
I am using the library WideImage to resize an uploaded image into two separate sizes then save the images in two separate directories. The problem is that the smaller image is not ALWAYS saving. Here is my attempt:
if(move_uploaded_file($_FILES['image']['tmp_name'], "../images/temp/$id.jpg")){
include '../../WideImage/WideImage.php';
$successfull = 0;
if($image = WideImage::load("../images/temp/$id.jpg")){
if($large=$image->resize(500, 375)){
$large->saveToFile("../images/large/product_$id.jpg");
$successfull = 1;
}
}
if($successfull==1){
$successfull = 0;
if($image_2 = WideImage::load("../images/temp/$id.jpg")){
if($small=$image_2->resize(300, 225)){
$small->saveToFile("../images/small/product_$id.jpg");
$successfull = 1;
}
}
if($successfull!=1){
$showError='style="background:#c60000;"';
$myError="An Error Occured Please Try Again";
}
else {
unlink("../images/temp/$id.jpg");
header("location: products.php");
exit;
}
}
This is always giving me an error. My assumption is that the saving of the image is taking some time. So my question is how can I ensure that all the steps have been successfully completed?
I am not real good at reading the code for uploading images via php/ajax so i am hoping a php guru can help me out. I am trying to take the image file name and if it has spaces in it then replace those spaces with an underscore "_"
The php code for uploading is this:
$file_name = ( isset($_REQUEST['ax-file-name']) && !empty($_REQUEST['ax-file-name']) )?$_REQUEST['ax-file-name']:'';
$currByte = isset($_REQUEST['ax-start-byte'])?$_REQUEST['ax-start-byte']:0;
if($is_ajax)//Ajax Upload, FormData Upload and FF3.6 php:/input upload
{
//we get the path only for the first chunk
$full_path = ($currByte==0) ? checkFileExits($file_name, $upload_path):$upload_path.$file_name;
//Just optional, avoid to write on exisiting file, but in theory filename should be unique from the checkFileExits function
$flag = ($currByte==0) ? 0:FILE_APPEND;
//formData post files just normal upload in $_FILES, older ajax upload post it in input
$post_bytes = isset($_FILES['Filedata'])? file_get_contents($_FILES['Filedata']['tmp_name']):file_get_contents('php://input');
//some rare times (on very very fast connection), file_put_contents will be unable to write on the file, so we try until it writes
while(#file_put_contents($full_path, $post_bytes, $flag) === false)
{
usleep(50);
}
//delete the temporany chunk
if(isset($_FILES['Filedata']))
{
#unlink($_FILES['Filedata']['tmp_name']);
}
//if it is not the last chunk just return success chunk upload
if($isLast!='true')
{
echo json_encode(array('name'=>basename($full_path), 'size'=>$full_size, 'status'=>1, 'info'=>'Chunk uploaded'));
}
}
else //Normal html and flash upload
{
$isLast = 'true';//we cannot upload by chunks here so assume it is the last single chunk
$full_path = checkFileExits($file_name, $upload_path);
$result = move_uploaded_file(str_replace(" ", "_",$_FILES['Filedata']['tmp_name']), $full_path);//make the upload
if(!$result) //if any error return the error
{
echo json_encode( array('name'=>basename($full_path), 'size'=>$full_size, 'status'=>-1, 'info'=>'File move error') );
return false;
}
}
I've already tried the following (with str_replace(" ", "_", $nameoffile):
$post_bytes = isset($_FILES['Filedata'])? file_get_contents(str_replace(" ", "_",$_FILES['Filedata']['tmp_name'])):file_get_contents('php://input');
That seems to do nothing to rename it. So where am i missing it at?
The problem in your code is , you are trying to rename the temporary name of image file not the actual name
move_uploaded_file(str_replace(" ", "_",$_FILES['Filedata']['tmp_name']), $full_path);//make the upload
So you have to remove the str_replace from temporary name and append this to actual name like this.
move_uploaded_file($_FILES['Filedata']['tmp_name'], str_replace(" ", "_",$full_path));//make the upload
Hope it clarifies your doubt.
The script I made is.
<?php
$source_file = 'http://www.domain.tld/directory/img.png';
$dest_file = '/home/user/public_html/directory/directory/img.png';
copy($source_file, $dest_file);
?>
I need that image to not be delete and reuploaded every time the script is running. I would either want it to be img1.png, img2.png, img3.png, etc. Or img(Date,Time).png, img(Date,Time).png, etc. Is this possible and if so, how do I do this?
If you're concerned with overwriting a file, you could just drop in a timestamp to ensure uniqueness:
$dest_file = '/home/user/public_html/directory/directory/img.png';
// /home/user/public_html/directory/directory/img1354386279.png
$dest_file = preg_replace("/\.[^\.]{3,4}$/i", time() . "$0", $dest_file);
Of if you wanted simpler numbers, you could take a slightly more tasking route and change the destination file name as long as a file with that name already exists:
$file = "http://i.imgur.com/Z92wU.png";
$dest = "nine-guy.png";
while (file_exists($dest)) {
$dest = preg_replace_callback("/(\d+)?(\.[^\.]+)$/", function ($m) {
return ($m[1] + 1) . $m[2];
}, $dest);
}
copy($file, $dest);
You may need to be using a later version of PHP for the anonymous function callback; I tested with 5.3.10 and everything worked just fine.
<?php
$source_file = 'http://www.domain.tld/directory/img.png';
$dest_file = '/home/user/public_html/directory/directory/img.png';
if(!is_file($dest_file)){
copy($source_file, $dest_file);
}
else{
$fname = end(explode('/',$dest_file));
$fname = time().'-'.$fname;
$dest_file = dirname($dest_file).'/'.$fname;
copy($source_file,$dest_file);
}
?>
use this code
This will add time before filename
$source_file = 'http://www.domain.tld/directory/img.png';
$dest_file = '/home/user/public_html/directory/directory/img'.uniqid().'.png';
copy($source_file, $dest_file);
uniquid gives you a unique Id which is rarely possible to overwrite...
also i would make folders for each month or related to the id of the image
like
mkdir(ceil($imgId / 1000), 0777);
You can use rename().
For Example:
rename ("/var/www/files/file.txt", "/var/www/sites/file1.txt");
Or
You can also use copy
$source_file = 'http://www.domain.tld/directory/img.png';
$dest_file = '/home/user/public_html/directory/directory/img.png';
if(!is_file($dest_file)){
copy($source_file, $dest_file);
}
Or if you want to add time it ,you can try like this.
$source="http://www.domain.tld/directory/";
$destn ="/home/user/public_html/directory/directory/";
$filename="image.png";
$ex_name = explode('.',$filename));
$newname = $ex_name[0].'-'.time().$ex_name[1]; //where $ex_name[0] is filename and $ex_name[1] is extension.
copy($source.filename,$destn.$newname );