|
-
Feb 28th, 2012, 11:23 PM
#1
Thread Starter
Fanatic Member
 [RESOLVED] Upload File: Reference in DB
Using php/mysql.
I had this form working just fine and something happened!
It's a simple upload file and information form to my db.
The user can add upload a file to his directory (directory gotten from query) and the Filename is stored in the database so it can be queried later to view the file.
The File information does NOT store in my database, nor does the file actually get uploaded to the directory.
Here's the form:
Code:
<form action="<?php echo $editFormAction; ?>" method="post" name="form1" id="form1" enctype= "multipart-form-data">
<table align="center">
<tr valign="baseline">
<td width="71" align="center" valign="middle" nowrap="nowrap" bgcolor="#CCCCCC">Title</td>
<td colspan="2"><input name="Title" type="text" id = "Title" value="" size="32" maxlength="50" /></td>
</tr>
<tr valign="baseline">
<td align="center" valign="middle" nowrap="nowrap" bgcolor="#CCCCCC">Category:</td>
<td colspan="2" valign="baseline"><label>
<select name="Category" id="Category">
<option value="Office" selected="selected">Office</option>
<option value="Marketing">Marketing</option>
<option value="Misc">Misc</option>
</select>
</label></td>
</tr>
<tr valign="baseline">
<td align="center" valign="middle" nowrap="nowrap" bgcolor="#CCCCCC">Description:</td>
<td colspan="2"><span id="sprytextarea1">
<textarea name="Description" cols="50" rows="5"></textarea>
<span id="countsprytextarea1"> </span><span class="textareaMaxCharsMsg"><br />
Exceeded maximum number of characters.</span></span></td>
</tr>
<tr valign="baseline">
<td align="center" valign="middle" nowrap="nowrap" bgcolor="#CCCCCC">File:</td>
<td colspan="2"><input type="file" name="File" id="File" />
<br />
Allowed: txt, doc, pdf, jpg, jpeg, gif, png.</td>
</tr>
<tr valign="baseline">
<td align="center" valign="middle" nowrap="nowrap"> </td>
<td width="196"></td>
<td width="119" align="center"><input type="submit" value="Insert record" /></td>
</tr>
</table>
<input type="hidden" name="MM_insert" value="form1" />
<input name="Company_ID" type="hidden" id="Company_ID" value="<?php echo $_SESSION['Company_ID']; ?>" />
</form>
Here's some php code I am using at the top of this php file that checks if a file exists, if the file is allowed type and an ok size before inserting:
Code:
...
....
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$colname_dlfolder = "-1";
if (isset($_SESSION['Company_ID'])) {
$colname_dlfolder = $_SESSION['Company_ID'];
}
mysql_select_db($database_connectCavage, $connectCavage);
$query_dlfolder = sprintf("SELECT Downloads_Folder FROM companies WHERE Company_ID = %s", GetSQLValueString($colname_dlfolder, "int"));
$dlfolder = mysql_query($query_dlfolder, $connectCavage) or die(mysql_error());
$row_dlfolder = mysql_fetch_assoc($dlfolder);
$totalRows_dlfolder = mysql_num_rows($dlfolder);
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
// Whether or not to insert
$shouldInsert = true;
$file = $_FILES['File']['tmp_name'];
// Check if there was a file or not
if(!empty($file)){
// Make sure the file is within the allowed range
$limit_size=10485760; //size in bytes
$file_size= filesize($file);
if($file_size >= $limit_size){
$message= "<b>Attention: Your selected file size is over limit! 10 MB is max.</b><BR>";
$shouldInsert = false;
}
$allowedExtensions = array("txt","doc","pdf","jpg","jpeg","gif","png");
foreach ($_FILES as $file) {
if ($file['tmp_name'] > '') {
if (!in_array(end(explode(".",
strtolower($file['name']))),
$allowedExtensions)) {
$shouldInsert = false;
$message= "<b>Attention: Not an allowed file extension. Allowed: txt, doc, pdf, jpg, jpeg, gif, png.</b><BR>";
}
}
}
}
// Now, the file is optional, but has conditions (filesize requirement) when it is provided
if($shouldInsert){
$target = $row_dlfolder['Downloads_Folder'];
$target_upload = $target . basename($file);
$dl = $_FILES['File']['name'];
$mimetype = $_FILES['File']['type'];
if (file_exists($target_upload) && (!empty($file)))
{
$message = $dl . " . That filename already exists in your downloads' folder.";
}
else
{
move_uploaded_file($file, $target_upload);
$insertSQL = sprintf("INSERT INTO downloads (Title, Category, Filename,Description,Company_ID, Mimetype) VALUES (%s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['Title'], "date"),
GetSQLValueString($_POST['Category'], "text"),
GetSQLValueString($dl, "text"),
GetSQLValueString($_POST['Description'], "text"),
GetSQLValueString($_POST['Company_ID'], "int"),
GetSQLValueString($mimetype, "text"));
mysql_select_db($database_connectCavage, $connectCavage);
$Result1 = mysql_query($insertSQL, $connectCavage) or die(mysql_error());
$insertGoTo = "admin_downloads.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
}
}
$dl and $mimetype never make it to the db when inserted. And the file is never uploaded to the directory. It was time I asked for some help.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote