Search the Community
Showing results for tags 'upload'.
-
I believe there is an error in the book regarding uploads and the temporary file created when performing uploads. Regarding uploads, Larry writes in Chapter 11: "If the file was uploaded but it could not be moved to its final destination or some other error occurred, then that file is still sitting on the server in its temporary location." However, the PHP manual states: "The file will be deleted from the temporary directory at the end of the request if it has not been moved away or renamed." Source: https://secure.php.net/manual/en/features.file-upload.post-method.php In studying the upload process, I removed the code in upload_image.php that calls move_uploaded_file() and just dumped the upload info to confirm that the request went through without errors. I searched my entire system for the file (starting with the location I set in upload_tmp_dir of course, and confirming that all users had write access to the folder) but it was not found, proving that the file is removed at the end of the request. When I added the code back to move the file to a permanent location via move_uploaded_file, the file was moved to the permanent location as expected. So it seems that move_uploaded_file() is *required* to be used when uploading a file if you want to save whatever was uploaded. I am running PHP 7.1.7 via XAMPP on Windows 10 and got the same results on Chrome and Firefox. A modified upload_image.php script is below that you can run yourself. Let me know if anyone gets a different result or I am incorrect in what I wrote above. Thanks! <!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <title>Upload an Image</title> </head> <body> <?php // Check if the form has been submitted: if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Check for an uploaded file: if (isset($_FILES['upload'])) { echo "<pre>"; var_dump($_FILES); echo "</pre>"; } } // End of the submitted conditional. ?> <form enctype="multipart/form-data" action="upload_image.php" method="post"> <input type="hidden" name="MAX_FILE_SIZE" value="128000000"> <fieldset> <p><strong>File:</strong> <input type="file" name="upload"></p> </fieldset> <div align="center"><input type="submit" name="submit" value="Submit"></div> </form> </body> </html>
-
Hi, I am following the file upload process (pp 427 .....), a process I have used many times before A-OK. I am using the procedure to upload mp3 files but sometimes when I check the mime type, it is blank, thus the upload does not proceed, even though that same file will play perfectly in Windows Media Player. Can anyone shed any light on this? Any advice will be most appreciated and thanking you in anticipation. $allowed = array ('audio/mpeg', 'audio/mp3'); if (in_array($_FILES['upload']['type'], $allowed)) { // MIME type OK // now move/upload the new music file $music_file_name = "../music/music_" . $key . ".mp3"; if (!move_uploaded_file($_FILES['upload']['tmp_name'], $music_file_name)) { // move/upload was not OK // print a message based upon the error. etc.... P.S., My environment is Windows 7, 64 bit with Apache, PHP and MySQL.
-
I am having trouble creating the code to improve the security of add_print.php in Chapter 19. I am adapting the code from chapter 11 to this problem and not having any luck. I want to validate the file type before adding a print to the database. Does anyone have the solution to this review and pursue question? thanks
-
After exhausting searching and trying many different things and asking people about the add_print.php script in chapter 19 I am now positive that there are errors in this script. I have tried using the exact script supplied by the author in his working files and the images don't display in my uploads folder, and they also don't show up in my view_print.php page. I put the entire script up on stack overflow and got an answer that partially helped fix this. I however still don't see the images on my view_print pages. The show_image.php isn't doing it's job like it should, and I am using the exact files provided by the author. This is extremely frustrating and time consuming, one would expect the examples to be error free. Here is the fix I got on stack overflow. You need to add a couple lines of code and change one line to actually display the image in your uploads folder. The entire modified script is below. Note that this doesn't entirely fix the problem though, you still don't see the images on the view_print.php page. $path_parts = pathinfo($_FILES["image"]["name"]); $extension = $path_parts['extension']; $id = mysqli_stmt_insert_id($stmt); // Get the print ID. rename ($temp, "../../../uploads/$id.".".$extension"); <?php # Script 19.2 - add_print.php // This page allows the administrator to add a print (product). require ('../../mysqli_connect.php'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form. // Validate the incoming data... $errors = array(); // Check for a print name: if (!empty($_POST['print_name'])) { $pn = trim($_POST['print_name']); } else { $errors[] = 'Please enter the print\'s name!'; } // Check for an image: if (is_uploaded_file ($_FILES['image']['tmp_name'])) { // Create a temporary file name: $temp = '../../../uploads/' . md5($_FILES['image']['name']); // Move the file over: if (move_uploaded_file($_FILES['image']['tmp_name'], $temp)) { echo '<p>The file has been uploaded!</p>'; // Set the $i variable to the image's name: $i = $_FILES['image']['name']; } else { // Couldn't move the file over. $errors[] = 'The file could not be moved.'; $temp = $_FILES['image']['tmp_name']; } } else { // No uploaded file. $errors[] = 'No file was uploaded.'; $temp = NULL; } // Check for a size (not required): $s = (!empty($_POST['size'])) ? trim($_POST['size']) : NULL; // Check for a price: if (is_numeric($_POST['price']) && ($_POST['price'] > 0)) { $p = (float) $_POST['price']; } else { $errors[] = 'Please enter the print\'s price!'; } // Check for a description (not required): $d = (!empty($_POST['description'])) ? trim($_POST['description']) : NULL; // Validate the artist... if ( isset($_POST['artist']) && filter_var($_POST['artist'], FILTER_VALIDATE_INT, array('min_range' => 1)) ) { $a = $_POST['artist']; } else { // No artist selected. $errors[] = 'Please select the print\'s artist!'; } if (empty($errors)) { // If everything's OK. // Add the print to the database: $q = 'INSERT INTO prints (artist_id, print_name, price, size, description, image_name) VALUES (?, ?, ?, ?, ?, ?)'; $stmt = mysqli_prepare($dbc, $q); mysqli_stmt_bind_param($stmt, 'isdsss', $a, $pn, $p, $s, $d, $i); mysqli_stmt_execute($stmt); // Check the results... if (mysqli_stmt_affected_rows($stmt) == 1) { // Print a message: echo '<p>The print has been added.</p>'; // Rename the image: $path_parts = pathinfo($_FILES["image"]["name"]); $extension = $path_parts['extension']; $id = mysqli_stmt_insert_id($stmt); // Get the print ID. rename ($temp, "../../../uploads/$id.".".$extension"); // Clear $_POST: $_POST = array(); } else { // Error! echo '<p style="font-weight: bold; color: #C00">Your submission could not be processed due to a system error.</p>'; } mysqli_stmt_close($stmt); } // End of $errors IF. // Delete the uploaded file if it still exists: if ( isset($temp) && file_exists ($temp) && is_file($temp) ) { unlink ($temp); } } // End of the submission IF. // Check for any errors and print them: if ( !empty($errors) && is_array($errors) ) { echo '<h1>Error!</h1> <p style="font-weight: bold; color: #C00">The following error(s) occurred:<br />'; foreach ($errors as $msg) { echo " - $msg<br />\n"; } echo 'Please reselect the print image and try again.</p>'; } // Display the form... ?> <h1>Add a Print</h1> <form enctype="multipart/form-data" action="add_print.php" method="post"> <input type="hidden" name="MAX_FILE_SIZE" value="524288" /> <fieldset><legend>Fill out the form to add a print to the catalog:</legend> <p><b>Print Name:</b> <input type="text" name="print_name" size="30" maxlength="60" value="<?php if (isset($_POST['print_name'])) echo htmlspecialchars($_POST['print_name']); ?>" /></p> <p><b>Image:</b> <input type="file" name="image" /></p> <p><b>Artist:</b> <select name="artist"><option>Select One</option> <?php // Retrieve all the artists and add to the pull-down menu. $q = "SELECT artist_id, CONCAT_WS(' ', first_name, middle_name, last_name) FROM artists ORDER BY last_name, first_name ASC"; $r = mysqli_query ($dbc, $q); if (mysqli_num_rows($r) > 0) { while ($row = mysqli_fetch_array ($r, MYSQLI_NUM)) { echo "<option value=\"$row[0]\""; // Check for stickyness: if (isset($_POST['artist']) && ($_POST['artist'] == $row[0]) ) echo ' selected="selected"'; echo ">$row[1]</option>\n"; } } else { echo '<option>Please add a new artist first.</option>'; } mysqli_close($dbc); // Close the database connection. ?> </select></p> <p><b>Price:</b> <input type="text" name="price" size="10" maxlength="10" value="<?php if (isset($_POST['price'])) echo $_POST['price']; ?>" /> <small>Do not include the dollar sign or commas.</small></p> <p><b>Size:</b> <input type="text" name="size" size="30" maxlength="60" value="<?php if (isset($_POST['size'])) echo htmlspecialchars($_POST['size']); ?>" /> (optional)</p> <p><b>Description:</b> <textarea name="description" cols="40" rows="5"><?php if (isset($_POST['description'])) echo $_POST['description']; ?></textarea> (optional)</p> </fieldset> <div align="center"><input type="submit" name="submit" value="Submit" /></div> </form> </body> </html>
- 16 replies
-
For some reason the images I am uploading to my uploads folder are just showing as blank, the files are there but it is not showing them as images. It is written that the type of file it is is just File. and it shows the path to the image D:\xampp\htdocs\uploads. My add_print.php is just fine as far as I can tell. I tested it with the script written by Larry in the working files for this book, it doesn't work either. I checked my permissions for my uploads folder and they look fine too. I am thinking the problem is maybe because no Mime type is specified for the images being uploaded. If that isn't where the error is, it is maybe in the code below, where my uploads folder is. it is specified as ../../../uploads. any help would be appreciated. if (is_uploaded_file($_FILES['image']['tmp_name'])){ $temp = '../../../uploads/' . md5($_FILES['image']['name']); if (move_uploaded_file($_FILES['image']['tmp_name'], $temp)){ echo '<p>The file has been uploaded!</p>'; $i = $_FILES['image']['name']; or could the problem be below:? if (mysqli_stmt_affected_rows($stmt) == 1){ echo '<p>The print has been added.</p>'; $id = mysqli_stmt_insert_id($stmt); rename ($temp, "../../../uploads/$id"); $_POST = array();
-
Trying to test the upload script ("add_other_products.php") and, after submitting, get blank screen other than header. When I "refresh" page and resend data, I see a reference to "undefined index: image" which refers to these two lines: // check for image if (is_uploaded_file($_FILES['image']['tmp_name']) && .... this is line 49 in sample download script switch ($_FILES['image']['error']) { this is line 104 in sample download script While trying to figure this out, I deleted all references in the file to the image and I successfully added the test record to the database. But when I added back the references for the image, the same problem came back. I'm probably an intermediate user of php/MySQL and can often figure these things out. This one doesn't make sense. Any suggestions would be appreciate.