Jump to content

Php Upload Can't seem to add validation..


ThunderLee

Recommended Posts

Hi,

 

I recently found a great php upload script (http://www.ultramegatech.com/blog/2008/12/creating-upload-progress-bar-php/5/) although the script is awesome I can't seem to add ANY validation to it as it seems to skip past it and just upload the file..

 

The type of validation I need is..

 

Checking wether the song AND artist exist in the database (both together),

Checking the type (I only wanted MP3 but I couldn't figure out how to do that),

Checking if the file already exists in the Music/ directory,

 

If the above are ok then proceed with the upload.. What am I doing wrong?

 

Here is the original upload.php (From the website above)

 

<?php
if($_FILES['file']['error'] == UPLOAD_ERR_OK){
   $path = '/var/www/uploads/';
   $path .= basename($_FILES['file']['name']);
   if(move_uploaded_file($_FILES['file']['tmp_name'], $path)){
      // upload successful
   }
}
?>

 

And here is mine

 

<?php session_start();?><?php include("connectvars.php"); ?><?php

	if($_FILES['file']['error'] == UPLOAD_ERR_OK)
	{
   			$path = 'Music/';
   			$path .= basename($_FILES['file']['name']);

	//This is our limit file type condition
	if ($uploaded_type=="text/php")
	{
		echo "<div align=\"center\" id=\"content\">You're not aloud to upload this file</div><br>";
	}

	//Gets info from other page
	$musicalbumart=$_POST['albumarturl']; 
	$musicartist=$_POST['artistname']; 
	$musicname=$_POST['songname']; 
	$musicalbum=$_POST['albumname']; 
	$musicgenre=$_POST['musicgenre']; 
	$uploaded_file=($_FILES['file']['name']); 

	// Connects to your Database
	mysql_connect("localhost", "root", "msb090909") or die(mysql_error()) ;
	mysql_select_db("mymediaupload") or die(mysql_error()) ;

	$martist = mysql_real_escape_string($_POST['artistname']);
	$mname = mysql_real_escape_string($_POST['songname']);
	$ufile= mysql_real_escape_string($_FILES['file']['name']);

	$ucheck = mysql_query("SELECT * FROM `music` WHERE `musicartist`='".$martist."' AND `musictitle`='".$mname."'") or die(mysql_error());
	$ucheck2 = mysql_query("SELECT * FROM `music` WHERE `musiclocation`='".$path . ."'") or die(mysql_error());

	if(mysql_num_rows($ucheck) >= 1)
	{
		echo "<div align=\"center\" id=\"content\">This song has already been added to MyMediaUpload<br>(The information you provided already exists in the database)</div><br>";
	}
	if(mysql_num_rows($ucheck2) >= 1)
	{
		echo "<div align=\"center\" id=\"content\">This song has already been added to MyMediaUpload<br>(The file already exists on the server)</div><br>";
	}
	else	
	{
   			if(move_uploaded_file($_FILES['file']['tmp_name'], $path)){
    			 // upload successful
   			}
	}		

}
	echo "<div align=\"center\" id=\"content\">The file ". basename( $_FILES['file']['name']). " has been uploaded</div><br>";
			mysql_query("INSERT INTO `music` (`musicuploader`,`musicuploaderid`,`musictitle`,`musicartist`,`musicalbum`,`musicgenre`,`musiclocation`,`musicalbumart`,`dateadded`) VALUES ('".$_SESSION['dname']."','".$_SESSION['user_id']."','".$musicname."','".$musicartist."','".$musicalbum."','".$musicgenre."','".$path."','".$musicalbumart."',now())") or die(mysql_error()); 


?>

 

When I upload a file it just says upload compleate..? and the file existed in Music/ and the data existed in the database.. I want to prevent files from overwriting in Music/ and duplications in the database :(..

 

Link to comment
https://forums.phpfreaks.com/topic/180634-php-upload-cant-seem-to-add-validation/
Share on other sites

These two lines...

 

echo "<div align=\"center\" id=\"content\">The file ". basename( $_FILES['file']['name']). " has been uploaded</div><br>";
mysql_query("INSERT INTO `music` (`musicuploader`,`musicuploaderid`,`musictitle`,`musicartist`,`musicalbum`,`musicgenre`,`musiclocation`,`musicalbumart`,`dateadded`) VALUES ('".$_SESSION['dname']."','".$_SESSION['user_id']."','".$musicname."','".$musicartist."','".$musicalbum."','".$musicgenre."','".$path."','".$musicalbumart."',now())") or die(mysql_error()); 

 

Should be inside the else element, most likely where you actually have the comment //successfully uploaded. It currently is outside the loops/checks so will run every time the scrip does.

I just pointed out the most obvious mistake in the code. Another is that you have

 

if('artist and must not in database') {
   // inform user
}

if('music location not in database') {
   // inform user
} else {
   // upload
}

 

There is nothing linking those two statements together so it could inform the user the artist/music is in the database and still upload the second if statment should probably be elseif.

 

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.