Jump to content

Recommended Posts

Scenario: User uploads pictures via an HTML form, this script will check the filetype & size, and write the submission to a sql table.  I have everything working but would like to check the users filename so it doesnt overwrite an exisiting file.  If it does, just append a random string to the end of the filename-then write to table.

 

Here's what I've got.  Is the best option to redefine $target and add a rand() string to the end of it?  What would that look like?

 

 

<?php

include("../framework/config.php");

$target = "upload/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ok=0;
$maxSize=350000;

if (($uploaded_size <= $maxSize) && ($uploaded_type=="image/gif") || ($uploaded_type=="image/jpeg") || ($uploaded_type=="image/pjpeg")){
	echo "File type & size are ALLOWED.<br>";
	$ok=1;

if(file_exists($target)){
		echo"However, a file with that name already exists.  Please rename it and try again.<br/>";
		$ok=0;
                   //where i'm working
  //redeclare $target and add a rand() to the end for unique filename
  $target = $target . basename( $_FILES['uploaded']['name']) ;

	}
}
else{
	echo "File type & size are BANNED.<br>";
	$ok=0;
}


if ($ok==0){
  Echo "Sorry your file was not uploaded";
}
else{
  if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)){
  	echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded.";
  }
  else{
  }
}



?>

 

 

Link to comment
https://forums.phpfreaks.com/topic/239679-append-rand-to-filename/
Share on other sites

That is an option, but may not be the best option. There are different approaches and you need to decide what makes the most sense for you. Just using rand() has the potential of creating duplicates, but the risk is probably small enough that it is worth it.

 

I think it would be highly unlikely that two photos would be submitted with the exact same name at the exact same time. So, you could just append the timestamp of when the photo was submitted. In fact, I wouldn't even do a check if the file already exists before doing so, I'd just append the timestamp to every photo submitted.

If you're keeping record of the file in a database, just use the unique ID of the row entered. In MySQL, you'd use mysql_insert_id()

 

This saves your from having to store the name of the image in the database as well. Just remember you have to add the record to the database BEFORE using move_uploaded_file() or copy(). This complicated things slightly, because if the move_uploaded_file() fails, you'll have to delete the record you just entered. Ideally, this won't happen in a production environment, but the checks should still be there.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.