<?php
if(isset($_POST['pic'])){
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 300000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $_FILES["file"]["name"]);
}
echo "<h1>Done! Looks Great!</h1>";
}
}
else
{
echo "Invalid file";
}
}
?>
<form action="editprofile.php" method="post" enctype="multipart/form-data">
<input type="file" name="file" id="file" />
<p>Image format should be png or jpg.</p>
<center><p class="submit"><input type="submit" name="pic" value="Upload Picture" /></p></center>
</form>
</div>
<p style="text-align:center; font-size:18px;">Current Picture</p>
<?php
$filename = $_FILES['file']['tmp_name'];
?>
<img src="/path/to/the/upload/folder/<?php echo $filename; ?>"/>
<img src="../../upload/foto.PNG" class="picture"/>
I am getting an error like undefined index - file.
Error is in the last few lines.
I basically have a folder which has an image. I want it to display the only image in the folder.
If you open the page for the first time, no form has been sent yet and $_FILES is therefore empty. You try to access $_FILES even in case of first load. This is the faulty line:
$filename = $_FILES['file']['tmp_name'];
You should check that $_POST["pic"] is set before accessing the $_FILES variable (just as you have done on the top of the code).
Related
I am trying to upload a video to my uploads folder. I got the code from another question on here and that works fine. But I keep getting this notice error and I don't know how to fix it. I've been trying all day. I tried to check if it was isset() and that still didn't work. Can someone help me please ?
<?php
$allowedExts = array("jpg", "jpeg", "gif", "png", "mp3", "mp4", "wma");
$_FILES = $_FILES['file'];
$extension = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
$unique = date('Y-m-d_H-i-s');
if ((null !==($_FILES["file"]["type"] == "video/mp4")
|| (null !==($_FILES["file"]["type"] == "audio/mp3"))
|| ($_FILES["file"]["type"] == "audio/wma")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg"))
&& ($_FILES["file"]["size"] < 2000000)
&& in_array($extension, $allowedExts)) {
if ($_FILES["file"]["error"] > 0) {
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
} else {
echo 'File uploaded successfully';
if (file_exists("upload/" . $_FILES["file"]["name"])) {
echo $_FILES["file"]["name"] . " already exists. ";
} else {
$datetime = date('Y-m-d_H-i-s');
move_uploaded_file($_FILES["file"]["tmp_name"],
"uploads/" . $_FILES["file"]["name"] . $datetime . md5($_FILES["file"]["name"]));
}
}
} else {
echo "Invalid file";
}
?>
<form action="profile.php" id="videoupload" method="post" enctype="multipart/form-data">
<label for="file"><span>Filename:</span></label>
<input type="file" name="file" id="file" />
<br />
<input type="submit" name="submit" value="Submit" />
</form>
You're trying to process the file upload before a file is uploaded. You have to check if the form was posted first.
<?php
if (isset($_FILES['file'])) {
$allowedExts = array("jpg", "jpeg", "gif", "png", "mp3", "mp4", "wma");
// $_FILES = $_FILES['file']; // <-- remove this line
$extension = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
$unique = date('Y-m-d_H-i-s');
if ((null !==($_FILES["file"]["type"] == "video/mp4")
|| (null !==($_FILES["file"]["type"] == "audio/mp3"))
|| ($_FILES["file"]["type"] == "audio/wma")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg"))
&& ($_FILES["file"]["size"] < 2000000)
&& in_array($extension, $allowedExts)) {
if ($_FILES["file"]["error"] > 0) {
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
} else {
echo 'File uploaded successfully';
if (file_exists("upload/" . $_FILES["file"]["name"])) {
echo $_FILES["file"]["name"] . " already exists. ";
} else {
$datetime = date('Y-m-d_H-i-s');
move_uploaded_file($_FILES["file"]["tmp_name"],
"uploads/" . $_FILES["file"]["name"] . $datetime . md5($_FILES["file"]["name"]));
}
}
} else {
echo "Invalid file";
}
}
?>
<form action="profile.php" id="videoupload" method="post" enctype="multipart/form-data">
<label for="file"><span>Filename:</span></label>
<input type="file" name="file" id="file" />
<br />
<input type="submit" name="submit" value="Submit" />
</form>
$_FILES['file']
means you have input type = file named 'file'. if you don't have the input named 'file', you got an undefined index notice.
if you have that,
$_FILES = $_FILES['file'];
this will bring error to other codes. because it try to override $_FILES.
I want to implement a simple image uploader that stores a caption, the user logged in ($_SESSION['username']) and the path that the file is saved.
The session is working, the code is correct, the database table exists, but it writes only the 'path' value, the 'username' and 'caption' remain empty on the database.
This is the code for uploading:
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 5000000)
&& in_array($extension, $allowedExts)) {
if ($_FILES["file"]["error"] > 0) {
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
} else {
if (file_exists("upload/" . $_FILES["file"]["name"])) {
echo $_FILES["file"]["name"] . " already exists. ";
} else {
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $_FILES["file"]["name"]);
$caption = $_POST['caption'];
$uploaderUsername = $_SESSION['username'];
$path = "upload/" . $_FILES['file']['name'];
mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("mydb") or die(mysql_error());
mysql_query("INSERT INTO images (caption,username,path) VALUES
('$caption','$uploaderUsername','$path')");
header('Location: members.php');
}
}
} else {
echo "Invalid file";
}
I guess there is something wrong in this part:
$caption = $_POST['caption'];
$uploaderUsername = $_SESSION['username'];
$path = "upload/" . $_FILES['file']['name'];
mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("mydb") or die(mysql_error());
mysql_query("INSERT INTO images (caption,username,path) VALUES
('$caption','$uploaderUsername','$path')");
header('Location: members.php');
To add to my note above
"I don't see you calling session_start() before attempting to access the session variables. (which just happen to be one of the two variables you aren't getting :O). And in your form make sure you are setting the name='caption' for the caption input"
using the code you provided, to implement the caption you would want to do something along the lines of
<form action="upload_file.php" method="post" enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<label for="caption">Caption: </label>
<input type="text" id="caption" name="caption" placeholder="Add a caption here"><br>
<input type="submit" name="submit" value="Submit">
</form>
'm trying to upload a file(actually move it from a directory to another) using PHP. The problem is, every time i load the html, after i select the file to upload and press submit, it redirects me to a page that actually saves my .php file instead of the file i'm trying to move. Do i need to give permissions to a program? I am working on ubuntu 14.04.
<html>
<body>
<form action="upload_file.php" method="post" enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
And this is the PHP script:
<?php
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 20000)
&& in_array($extension, $allowedExts)) {
if ($_FILES["file"]["error"] > 0) {
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
} else {
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
if (file_exists("upload/" . $_FILES["file"]["name"])) {
echo $_FILES["file"]["name"] . " already exists. ";
} else {
move_uploaded_file($_FILES["file"]["tmp_name"],
"/home/laurentiu/Desktop/asd/" . $_FILES["file"]["name"]);
echo "Stored in: " . "/home/laurentiu/Desktop/asd/".
$_FILES["file"]["name"];
}
}
} else {
echo "Invalid file";
}
?>
Okay, now I've moved on a server.It prints:
Upload: launcher_arrow_ttb.png
Type: image/png
Size: 0.3017578125 kB
Temp file: /tmp/phpRanbFV
Stored in: /home/laurentiu/Desktop/asd/launcher_arrow_ttb.png
but nothing is uploaded. Moreover, when i var_dump the function it prints FALSE, so the function move_uploaded_file does not execute. Why i do not know...
This means your web server is not configured to run PHP files. Instead of executing PHP instruction in the file, it sends back the file like it would do with a plain text file.
in php file you are getting your file as
$_FILES['uploaded']['name']
which should be
$_FILES['file']['name']
I have a problem in storing and displaying image. The code doesn't work. I want to upload the image in the folder "img" and display it.
This is my code :
<html>
<body>
<form action="upload_file.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="image" ><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
upload_file.php
<?php
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 20000)
&& in_array($extension, $allowedExts)) {
if ($_FILES["file"]["error"] > 0) {
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
} else {
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
if (file_exists("img/" . $_FILES["file"]["name"])) {
echo $_FILES["file"]["name"] . " already exists. ";
} else {
move_uploaded_file($_FILES["file"]["tmp_name"],
"img/" . $_FILES["file"]["name"]);
echo "Stored in: " . "img/" . $_FILES["file"]["name"];
}
}
} else {
echo "Invalid file";
}
?>
Well, you gave a different name for the file in the input file tag in your form.
Change this
<input type="file" name="image" ><br>
to this
<input type="file" name="file" ><br>
and it should work. Let me know if it doesn't.
You may also consider putting the contents in upload_file.php in an if-conditional to prevent it from execution on direct access as follows:
<?php
if(isset($_POST['submit'])) {
// Your code here
}
I am trying to store uploaded file details in my database. I have written the following code, but I am unable to understand why its not reading the Query Block. Its not generating any MySQL error message or any other Syntax error. Kindly check it.
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form action="file_upload_test2.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<input type="file" name="file2" id="file"><br>
<input type="file" name="file3" id="file"><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
<?php
include 'connect.php';
$allowedExts = array("gif", "jpeg", "jpg", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
//&& ($_FILES["file"]["size"] < 200000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 200000) . " kB<br>";
$image_name= $_FILES["file"]["name"];
$path= move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . rand().$_FILES["file"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
if (mysql_query ("Insert into category_images (image_name,image_location) VALUES ('$image_name', '$path')"))
{
echo "successfull";
}
else {
mysql_error();
}
}
}
else
{
echo "Invalid file";
}
?>
try
$sql = "INSERT INTO `category_images` (`image_name`,`image_location`) VALUES ('".$image_name."', '".$path."')";
$result = mysql_query($sql);
if ($result)
{
// Successful query execution
echo "successfull";
}
else {
// Some error occured while executing query.
// Show some useful information using echo/print.
// Then stop execution after taking other necessary steps
die(mysql_error());
}
also, your database is vulnerable to SQL Injection attack since you are not sanitizing your input. You should use at least mysql_real_escape_string() method to ensure that this doesn't occur.
If the above doesn't work, try checking if your connection parameters are ok and if MySQL is running.