PDA

View Full Version : File Upload to Server & Record Filename to Database


toad78
01-31-2009, 07:20 PM
I have some issues with a file upload form:
1. The file doesn't upload to the server nor does it record in the database table
2. I don't get a message stating that the file didn't upload

The instructions I thought I was creating was, "if there is a file to upload and it has the correct type and size (or if the filename is the same, add a date to the file name) then upload it to the server and insert into database the info. and move user to the "empl_app_list.php page". If all does not go well, then relate error message on the upload form why it didn't succeed.

Can anyone look at this and tell me what I'm doing wrong? I think it may be the way I have organized the structure of my code:
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

// define a constant for the maximum upload size
define ('MAX_FILE_SIZE', 211200);

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
// define constant for upload folder
define('UPLOAD_DIR', '../../info/docs/employment/');
// replace any spaces in original filename with underscores
// at the same time, assign to a simpler variable
$file = str_replace(' ', '_', $_FILES['empl_dnld_fn']['name']);
// convert the maximum size to KB
$max = number_format(MAX_FILE_SIZE/1024, 1).'KB';
// create an array of permitted MIME types
$permitted = array('application/pdf');
// begin by assuming the file is unacceptable
$sizeOK = false;
$typeOK = false;

// check that file is within the permitted size
if ($_FILES['empl_dnld_fn']['size'] > 0 && $_FILES['empl_dnld_fn']['size'] <= MAX_FILE_SIZE) {
$sizeOK = true;
}

// check that file is of an permitted MIME type
foreach ($permitted as $type) {
if ($type == $_FILES['empl_dnld_fn']['type']) {
$typeOK = true;
break;
}
}

if ($sizeOK && $typeOK) {
switch($_FILES['empl_dnld_fn']['error']) {
case 0:
// check if a file of the same name has been uploaded
if (!file_exists(UPLOAD_DIR.$file)) {
// move the file to the upload folder and rename it
$success = move_uploaded_file($_FILES['empl_dnld_fn']['tmp_name'], UPLOAD_DIR.$file);
}
else {
// get the date and time
ini_set('date.timezone', 'Europe/London');
$now = date('Y-m-d-His');
$success = move_uploaded_file($_FILES['empl_dnld_fn']['tmp_name'], UPLOAD_DIR.$now.$file);
}

$insertSQL = sprintf("INSERT INTO empl_dnlds (empl_dnld_title, empl_dnld_fn) VALUES (%s, %s)",
GetSQLValueString($_POST['empl_dnld_title'], "text"),
GetSQLValueString($_FILES['empl_dnld_fn'], "text"));

mysql_select_db($database_wvgsadmin, $wvgsadmin);
$Result1 = mysql_query($insertSQL, $wvgsadmin) or die(mysql_error());


if ($success) {
$insertGoTo = "../info/employment/empl_app_list.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
else {
$result = "Error uploading $file. Please try again.";
}
break;
case 3:
$result = "Error uploading $file. Please try again.";
default:
$result = "System error uploading $file. Contact webmaster.";
}
}
elseif ($_FILES['empl_dnld_fn']['error'] == 4) {
$result = 'No file selected';
}
else {
$result = "$file cannot be uploaded. Maximum size: $max. Acceptable file type: .pdf";
}
}
?>And the form:
<?php
// if the form has been submitted, display result
if (isset($result)) {
echo "<p class='warning'><strong>$result</strong></p>";
}
?>
<form action="" method="post" enctype="multipart/form-data" name="uploadImage" id="uploadImage">
<p>
<label for="empl_dnld_fn">Upload document:</label>
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MAX_FILE_SIZE; ?>" />
<input type="file" name="empl_dnld_fn" id="empl_dnld_fn" /></p>
<span class="small">
<ul>
<li>to minimize confusion, filename should be unique to the Staff you are uploading for</li>
<li>document file size is limited to 200K</li>
<li>if you upload a file with the same filename, the new file will be given a date added to the filename</li>
</ul>
</span>
<p><input type="submit" name="upload" id="upload" value="Upload Image" /></p>
</form>Thank you for looking at this for me!
toad78

nanny
01-31-2009, 10:33 PM
define ('MAX_FILE_SIZE', 211200);


To work out the correct kilobyte size you need to multiply by the 1024.
For example if you allow maximum size to be 80 KB then it would be

define ('MAX_FILE_SIZE', 81920);

Also you haven't given allowed extensions for this so people can upload anything they want to.

Did you check to see if it went into the folder even though it isn't telling you it has?

toad78
01-31-2009, 10:53 PM
define ('MAX_FILE_SIZE', 211200);


Ok, I've fixed that.

Also you haven't given allowed extensions for this so people can upload anything they want to.
Isn't that what this is for?

// create an array of permitted MIME types
$permitted = array('application/pdf');


Did you check to see if it went into the folder even though it isn't telling you it has?No file anywhere on the test server nor is there a recording within the database of the filename.

Now I have tested this using a text array instead of a files array and everything worked fine until I changed to a $_FILES array and inserted the file upload code...so I know something worked before until I added the extra file upload stuff! Where did I go wrong?

nanny
02-03-2009, 06:41 AM
Doing $_FILES array - are you doing a multi upload?
You might have to check with davidj on this one but I am pretty sure you need to link the file like an email link or page link for it to open.

toad78
02-03-2009, 06:48 AM
OK. Thank you.