// Folder to upload files to. Must end with slash / define('DESTINATION_FOLDER','uploads/2008/');
// Maximum allowed file size, Kb // Set to zero to allow any size define('MAX_FILE_SIZE', 0);
// Upload success URL. User will be redirected to this page after upload. define('SUCCESS_URL','insert5.php');
// Allowed file extensions. Will only allow these extensions if not empty. // Example: $exts = array('avi','mov','doc'); $exts = array('doc','docx');
// rename file after upload? false - leave original, true - rename to some unique filename define('RENAME_FILE', false);
// put a string to append to the uploaded file name (after extension); // this will reduce the risk of being hacked by uploading potentially unsafe files; // sample strings: aaa, my, etc. define('APPEND_STRING', '');
// Need uploads log? Logs would be saved in the MySql database. define('DO_LOG', true);
// MySql data (in case you want to save uploads log) define('DB_HOST','localhost'); // host, usually localhost define('DB_DATABASE','spkp'); // database name define('DB_USERNAME','root'); // username define('DB_PASSWORD',''); // password
/* NOTE: when using log, you have to create mysql table first for this script. Copy paste following into your mysql admin tool (like PhpMyAdmin) to create table If you are on cPanel, then prefix _uploads_log on line 205 with your username, so it would be like myusername_uploads_log
#################################################################### ### END OF SETTINGS. DO NOT CHANGE BELOW ####################################################################
// Allow script to work long enough to upload big files (in seconds, 2 days by default) @set_time_limit(172800);
// following may need to be uncommented in case of problems // ini_set("session.gc_maxlifetime","10800");
function showUploadForm($message='') { $max_file_size_tag = ''; if (MAX_FILE_SIZE > 0) { // convert to bytes $max_file_size_tag = "<input name='MAX_FILE_SIZE' value='".(MAX_FILE_SIZE*1024)."' type='hidden' >\n"; }
// Load form template include ('file-upload.html'); }
// errors list $errors = array();
$message = '';
// we should not exceed php.ini max file size $ini_maxsize = ini_get('upload_max_filesize'); if (!is_numeric($ini_maxsize)) { if (strpos($ini_maxsize, 'M') !== false) $ini_maxsize = intval($ini_maxsize)*1024*1024; elseif (strpos($ini_maxsize, 'K') !== false) $ini_maxsize = intval($ini_maxsize)*1024; elseif (strpos($ini_maxsize, 'G') !== false) $ini_maxsize = intval($ini_maxsize)*1024*1024*1024; } if ($ini_maxsize < MAX_FILE_SIZE*1024) { $errors[] = "Alert! Maximum upload file size in php.ini (upload_max_filesize) is less than script's MAX_FILE_SIZE"; }
// show upload form if (!isset($_POST['submit'])) { showUploadForm(join('',$errors)); }
// process file upload else {
while(true) {
// make sure destination folder exists if (!@file_exists(DESTINATION_FOLDER)) { $errors[] = "Destination folder does not exist or no permissions to see it."; break; }
// check for upload errors $error_code = $_FILES['filename']['error']; if ($error_code != UPLOAD_ERR_OK) { switch($error_code) { case UPLOAD_ERR_INI_SIZE: // uploaded file exceeds the upload_max_filesize directive in php.ini $errors[] = "File is too big (1)."; break; case UPLOAD_ERR_FORM_SIZE: // uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form $errors[] = "File is too big (2)."; break; case UPLOAD_ERR_PARTIAL: // uploaded file was only partially uploaded. $errors[] = "Could not upload file (1)."; break; case UPLOAD_ERR_NO_FILE: // No file was uploaded $errors[] = "Could not upload file (2)."; break; case UPLOAD_ERR_NO_TMP_DIR: // Missing a temporary folder $errors[] = "Could not upload file (3)."; break; case UPLOAD_ERR_CANT_WRITE: // Failed to write file to disk $errors[] = "Could not upload file (4)."; break; case 8: // File upload stopped by extension $errors[] = "Could not upload file (5)."; break; } // switch
// leave the while loop break; }
// get file name (not including path) $filename = @basename($_FILES['filename']['name']);
// filename of temp uploaded file $tmp_filename = $_FILES['filename']['tmp_name'];
$file_ext = @strtolower(@strrchr($filename,".")); if (@strpos($file_ext,'.') === false) { // no dot? strange $errors[] = "Suspicious file name or could not determine file extension."; break; } $file_ext = @substr($file_ext, 1); // remove dot
// check file type if needed if (count($exts)) { /// some day maybe check also $_FILES['user_file']['type'] if (!@in_array($file_ext, $exts)) { $errors[] = "Files of this type are not allowed for upload."; break; } }
// destination filename, rename if set to $dest_filename = $filename; if (RENAME_FILE) { $dest_filename = md5(uniqid(rand(), true)) . '.' . $file_ext; } // append predefined string for safety $dest_filename = $dest_filename . APPEND_STRING;
// get size $filesize = intval($_FILES["filename"]["size"]); // filesize($tmp_filename);
// make sure file size is ok if (MAX_FILE_SIZE > 0 && MAX_FILE_SIZE*1024 < $filesize) { $errors[] = "File is too big (3)."; break; }
if (!@move_uploaded_file($tmp_filename , DESTINATION_FOLDER . $dest_filename)) { $errors[] = "Could not upload file (6)."; break; }
if (DO_LOG) { // Establish DB connection $link = @mysql_connect(DB_HOST, DB_USERNAME, DB_PASSWORD); if (!$link) { $errors[] = "Could not connect to mysql."; break; } $res = @mysql_select_db(DB_DATABASE, $link); if (!$res) { $errors[] = "Could not select database."; break; } $m_ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']); $m_size = $filesize; $m_fname = mysql_real_escape_string($dest_filename); $sql = "insert into _uploads_log (log_filename,log_size,log_ip) values ('$m_fname','$m_size','$m_ip')"; $res = @mysql_query($sql); if (!$res) { $errors[] = "Could not run query."; break; } @mysql_free_result($res); @mysql_close($link); } // if (DO_LOG)
what i have done
create uploads_log table in my db
- include file-upload.php in add.php...now there is two submit button..try upload not working..but the data in add.php is successfully inserted in db but not the file that i try to upload..the log it is not save in db and the file is not uploaded to my local folder
- edit the template file-upload.html to include my form..try upload..file not uploaded
the upload script and my script is working perfectly if i run it separately..
its just that i want to combine both
sorry for my terrible English..hope you can guys can understand me
// Folder to upload files to. Must end with slash / define('DESTINATION_FOLDER','uploads/2008/');
// Maximum allowed file size, Kb // Set to zero to allow any size define('MAX_FILE_SIZE', 0);
// Upload success URL. User will be redirected to this page after upload. define('SUCCESS_URL','insert5.php');
// Allowed file extensions. Will only allow these extensions if not empty. // Example: $exts = array('avi','mov','doc'); $exts = array('doc','docx','jpeg','jpg','gif','bmp','txt');
// rename file after upload? false - leave original, true - rename to some unique filename define('RENAME_FILE', false);
// put a string to append to the uploaded file name (after extension); // this will reduce the risk of being hacked by uploading potentially unsafe files; // sample strings: aaa, my, etc. define('APPEND_STRING', '');
// Need uploads log? Logs would be saved in the MySql database. define('DO_LOG', false);
// MySql data (in case you want to save uploads log) define('DB_HOST','localhost'); // host, usually localhost define('DB_DATABASE','test'); // database name define('DB_USERNAME','root'); // username define('DB_PASSWORD',''); // password
/* NOTE: when using log, you have to create mysql table first for this script. Copy paste following into your mysql admin tool (like PhpMyAdmin) to create table If you are on cPanel, then prefix _uploads_log on line 205 with your username, so it would be like myusername_uploads_log
#################################################################### ### END OF SETTINGS. DO NOT CHANGE BELOW ####################################################################
// Allow script to work long enough to upload big files (in seconds, 2 days by default) @set_time_limit(172800);
// following may need to be uncommented in case of problems // ini_set("session.gc_maxlifetime","10800");
function showUploadForm($message='') { $max_file_size_tag = ''; if (MAX_FILE_SIZE > 0) { // convert to bytes $max_file_size_tag = "<input name='MAX_FILE_SIZE' value='".(MAX_FILE_SIZE*1024)."' type='hidden' >\n"; }
// Load form template include ('file-upload.html'); }
// errors list $errors = array();
$message = '';
// we should not exceed php.ini max file size $ini_maxsize = ini_get('upload_max_filesize'); if (!is_numeric($ini_maxsize)) { if (strpos($ini_maxsize, 'M') !== false) $ini_maxsize = intval($ini_maxsize)*1024*1024; elseif (strpos($ini_maxsize, 'K') !== false) $ini_maxsize = intval($ini_maxsize)*1024; elseif (strpos($ini_maxsize, 'G') !== false) $ini_maxsize = intval($ini_maxsize)*1024*1024*1024; } if ($ini_maxsize < MAX_FILE_SIZE*1024) { $errors[] = "Alert! Maximum upload file size in php.ini (upload_max_filesize) is less than script's MAX_FILE_SIZE"; }
// show upload form if (!isset($_POST['submit'])) { showUploadForm(join('',$errors)); }
// process file upload else {
while(true) {
// make sure destination folder exists if (!@file_exists(DESTINATION_FOLDER)) { $errors[] = "Destination folder does not exist or no permissions to see it."; break; }
// check for upload errors $error_code = $_FILES['filename']['error']; if ($error_code != UPLOAD_ERR_OK) { switch($error_code) { case UPLOAD_ERR_INI_SIZE: // uploaded file exceeds the upload_max_filesize directive in php.ini $errors[] = "File is too big (1)."; break; case UPLOAD_ERR_FORM_SIZE: // uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form $errors[] = "File is too big (2)."; break; case UPLOAD_ERR_PARTIAL: // uploaded file was only partially uploaded. $errors[] = "Could not upload file (1)."; break; case UPLOAD_ERR_NO_FILE: // No file was uploaded $errors[] = "Could not upload file (2)."; break; case UPLOAD_ERR_NO_TMP_DIR: // Missing a temporary folder $errors[] = "Could not upload file (3)."; break; case UPLOAD_ERR_CANT_WRITE: // Failed to write file to disk $errors[] = "Could not upload file (4)."; break; case 8: // File upload stopped by extension $errors[] = "Could not upload file (5)."; break; } // switch
// leave the while loop break; }
// get file name (not including path) $filename = @basename($_FILES['filename']['name']);
// filename of temp uploaded file $tmp_filename = $_FILES['filename']['tmp_name'];
$file_ext = @strtolower(@strrchr($filename,".")); if (@strpos($file_ext,'.') === false) { // no dot? strange $errors[] = "Suspicious file name or could not determine file extension."; break; } $file_ext = @substr($file_ext, 1); // remove dot
// check file type if needed if (count($exts)) { /// some day maybe check also $_FILES['user_file']['type'] if (!@in_array($file_ext, $exts)) { $errors[] = "Files of this type are not allowed for upload."; break; } }
// destination filename, rename if set to $dest_filename = $filename; if (RENAME_FILE) { $dest_filename = md5(uniqid(rand(), true)) . '.' . $file_ext; } // append predefined string for safety $dest_filename = $dest_filename . APPEND_STRING;
// get size $filesize = intval($_FILES["filename"]["size"]); // filesize($tmp_filename);
// make sure file size is ok if (MAX_FILE_SIZE > 0 && MAX_FILE_SIZE*1024 < $filesize) { $errors[] = "File is too big (3)."; break; }
if (!@move_uploaded_file($tmp_filename , DESTINATION_FOLDER . $dest_filename)) { $errors[] = "Could not upload file (6)."; break; }
if (DO_LOG) { // Establish DB connection $link = @mysql_connect(DB_HOST, DB_USERNAME, DB_PASSWORD); if (!$link) { $errors[] = "Could not connect to mysql."; break; } $res = @mysql_select_db(DB_DATABASE, $link); if (!$res) { $errors[] = "Could not select database."; break; } $m_ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']); $m_size = $filesize; $m_fname = mysql_real_escape_string($dest_filename); $sql = "insert into _uploads_log (log_filename,log_size,log_ip) values ('$m_fname','$m_size','$m_ip')"; $res = @mysql_query($sql); if (!$res) { $errors[] = "Could not run query."; break; } @mysql_free_result($res); @mysql_close($link); } // if (DO_LOG)
<?php include("include/session.php"); ?> <html> <title>Testing</title> <head> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body> <?php include "connect.php"; if($session->logged_in) { if(empty($_GET["courseName"])) { echo "Oppps Please fill in the empty field <br /> <a href='new75.php'>Go Back</a>"; } else { $sql="INSERT INTO course2009 (courseName) VALUES('$_POST[courseName]','$session->username', NOW())"; if(!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; include "menu.php"; mysql_close($con); } } else { echo "Please <a href='index.php'>Login!!</a>"; } ?> </body> </html>
This code should work, except for one problem that still remains in insert5.php.
If you look at the line that loads $sql,
PHP Code:
$sql="INSERT INTO course2009 (courseName) VALUES('$_POST[courseName]','$session->username', NOW())";
you will see that three values are being inserted into table "course2009", but you are only specifying one column.
You need to specify all three columns that the values are being inserted into, unless there are only three columns in the table, then you can leave out the column names altogether.
Just make sure the values are in the right order to match the columns.
In file-upload.php,
I modified this section to catch the $_POST["courseName"] and pass it along to insert5.php as $_GET["courseName"].
And then I modified insert5.php to catch the $_GET["courseName"] variable, instead of $_POST["courseName"].
Unfortunately the way the code is setup, there is no easy way to stop the file upload if the "courseName" field in the form is not filled in.
The only thing you can do without modifying file-upload.php, is to unlink the uploaded file if the "courseName" field isn't filled in when you get to insert5.php.
Also, any values that were inserted into the form will be lost if the user has to go back to the form.
$sql="INSERT INTO course2009 (courseName,submitter,submissionDate) VALUES('$_POST[courseName]','$session->username', NOW())";
the file upload is now working perfectly but i can't get the courseName value to be inserted to db
it is empty ..however the value of submitter & submission date is successfully inserted in db
Quote:
Also, any values that were inserted into the form will be lost if the user has to go back to the form.
i dont' mind this....this is just a simple form there will be another 2-3 additional fields that i will add later if this upload form a success..but if you can tell me what should i add in the script to make sure no loss of data when user go back form..just point me an article..
i dont' mind this....this is just a simple form there will be another 2-3 additional fields that i will add later if this upload form a success.
If you are going to add more fields to the form, then you will have to collect that data and send it on to insert5.php.
In file-upload.php you will have to collect the values from the form as $_POST variables and send them on to insert5.php as $_GET variables.
You do that in this section of file-upload.php.
And when you get to insert5.php, you collect the values using $_GET.
Quote:
but if you can tell me what should i add in the script to make sure no loss of data when user go back form..just point me an article.
I would start a session in file-upload.php and store to values from the form in the $_SESSION[] array.
Then when you get to insert5.php you start the session and fetch the values from the $_SESSION[] array and use them in your query.
And if the user needs to go back to the form, then the values previously entered into the form and stored in the $_SESSION array, can be reloaded into the form.
this may be a newb response... but shouldn't you define an action in your form tag?
An action definition isn't always needed when you want the form to submit back to the same page.
Although, defining the action property is advised, as leaving it out can sometimes give unexpected results.
I generally use action="#", but have heard that is not a safe practice.
Better to specify the page the form is in.
Linear Mode
