[RESOLVED] Upload File: Reference in DB

[chris.cavage]

Using php/mysql.

I had this form working just fine and something happened!
It's a simple upload file and information form to my db.
The user can add upload a file to his directory (directory gotten from query) and the Filename is stored in the database so it can be queried later to view the file.

The File information does NOT store in my database, nor does the file actually get uploaded to the directory.

Here's the form:

Code:

<form action="<?php echo $editFormAction; ?>" method="post" name="form1" id="form1" enctype= "multipart-form-data">
          <table align="center">
            <tr valign="baseline">
              <td width="71" align="center" valign="middle" nowrap="nowrap" bgcolor="#CCCCCC">Title</td>
              <td colspan="2"><input name="Title" type="text" id = "Title" value="" size="32" maxlength="50" /></td>
            </tr>
            <tr valign="baseline">
              <td align="center" valign="middle" nowrap="nowrap" bgcolor="#CCCCCC">Category:</td>
              <td colspan="2" valign="baseline"><label>
                <select name="Category" id="Category">
                  <option value="Office" selected="selected">Office</option>
                  <option value="Marketing">Marketing</option>
                  <option value="Misc">Misc</option>
                </select>
              </label></td>
            </tr>
            <tr valign="baseline">
              <td align="center" valign="middle" nowrap="nowrap" bgcolor="#CCCCCC">Description:</td>
              <td colspan="2"><span id="sprytextarea1">
              <textarea name="Description" cols="50" rows="5"></textarea>
                <span id="countsprytextarea1">&nbsp;</span><span class="textareaMaxCharsMsg"><br />
              Exceeded maximum number of characters.</span></span></td>
            </tr>
            <tr valign="baseline">
              <td align="center" valign="middle" nowrap="nowrap" bgcolor="#CCCCCC">File:</td>
              <td colspan="2"><input type="file" name="File" id="File" />
                <br />
              Allowed: txt, doc, pdf, jpg, jpeg, gif, png.</td>
            </tr>
            <tr valign="baseline">
              <td align="center" valign="middle" nowrap="nowrap">&nbsp;</td>
<td width="196"></td>
              <td width="119" align="center"><input type="submit" value="Insert record" /></td>
            </tr>
        </table>
          <input type="hidden" name="MM_insert" value="form1" />
        <input name="Company_ID" type="hidden" id="Company_ID" value="<?php echo $_SESSION['Company_ID']; ?>" />
      </form>

Here's some php code I am using at the top of this php file that checks if a file exists, if the file is allowed type and an ok size before inserting:

Code:

...
....
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
$colname_dlfolder = "-1";
if (isset($_SESSION['Company_ID'])) {
  $colname_dlfolder = $_SESSION['Company_ID'];
}
mysql_select_db($database_connectCavage, $connectCavage);
$query_dlfolder = sprintf("SELECT Downloads_Folder FROM companies WHERE Company_ID = %s", GetSQLValueString($colname_dlfolder, "int"));
$dlfolder = mysql_query($query_dlfolder, $connectCavage) or die(mysql_error());
$row_dlfolder = mysql_fetch_assoc($dlfolder);
$totalRows_dlfolder = mysql_num_rows($dlfolder);

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {

// Whether or not to insert
$shouldInsert = true;

$file = $_FILES['File']['tmp_name'];
// Check if there was a file or not
if(!empty($file)){
  
  // Make sure the file is within the allowed range

   $limit_size=10485760; //size in bytes
   $file_size= filesize($file);

   if($file_size >= $limit_size){
   $message= "<b>Attention: Your selected file size is over limit! 10 MB is max.</b><BR>";
   $shouldInsert = false;
   }
   
   $allowedExtensions = array("txt","doc","pdf","jpg","jpeg","gif","png"); 
  foreach ($_FILES as $file) { 
    if ($file['tmp_name'] > '') { 
      if (!in_array(end(explode(".", 
            strtolower($file['name']))), 
            $allowedExtensions)) { 
            $shouldInsert = false;
		    $message= "<b>Attention: Not an allowed file extension. Allowed: txt, doc, pdf, jpg, jpeg, gif, png.</b><BR>";
      } 
    } 
  } 
}

// Now, the file is optional, but has conditions (filesize requirement) when it is provided
if($shouldInsert){
  
   $target = $row_dlfolder['Downloads_Folder']; 
   $target_upload = $target . basename($file); 
   $dl = $_FILES['File']['name']; 
   $mimetype = $_FILES['File']['type'];
   
    if (file_exists($target_upload) && (!empty($file)))
      {
      $message = $dl . " . That filename already exists in your downloads' folder.";
      }
    else
      {

    move_uploaded_file($file, $target_upload);

  $insertSQL = sprintf("INSERT INTO downloads (Title, Category, Filename,Description,Company_ID, Mimetype) VALUES (%s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['Title'], "date"),
                       GetSQLValueString($_POST['Category'], "text"),
                       GetSQLValueString($dl, "text"), 
                       GetSQLValueString($_POST['Description'], "text"),
		       GetSQLValueString($_POST['Company_ID'], "int"),
		       GetSQLValueString($mimetype, "text"));

  mysql_select_db($database_connectCavage, $connectCavage);
  $Result1 = mysql_query($insertSQL, $connectCavage) or die(mysql_error());
  

  $insertGoTo = "admin_downloads.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}
} 


}

$dl and $mimetype never make it to the db when inserted. And the file is never uploaded to the directory. It was time I asked for some help.

[penagate]

You've reused $file:

Code:

$file = $_FILES['File']['tmp_name'];

and

Code:

foreach ($_FILES as $file)

Also, you're iterating $_FILES, but your logic will only ever process one file (the last item in $_FILES).

Then, you're passing $file to move_uploaded_file:

Code:

move_uploaded_file($file, $target_upload)

So to make this work, rename the iterator variable in foreach($_FILES).

[fjober]

HI,

except PHP, is enctype= "multipart-form-data" valid for this type of request ?

shoudn't it be enctype= "multipart/form-data" ?

Feras Jobeir

[chris.cavage]

penagate, I see what I did there. No sure why I did that. I made the necessary changes.

Feras - yes! I can't believe I did that too!!! That was a homerun for me, making that change.

In the end, I got it all to work! Thanks so much. I was pulling my hair out, and now I can relax!