File Upload Issue

honkmaster · July 1, 2012

Hi, I have an issue with the following code. I want to upload files to a directory named by a form i.e "uploads/image/$company" the company name is posted from the form.

The issue is the files don't end up where I want? i.e they land "uploads/Image" along side the directory

ANy help would be great, its driving me mad!!

<?php
    //testing post
echo "$_POST[nouploads]";
echo "<br />";
echo "$_POST[company]";

//posted from form
$nouploads = "$_POST[nouploads]";
$company = "$_POST[company]";

//make a dir with the same name as company
//does not matter if it already exists
if (!file_exists ( "uploads/image/$company" )) {
mkdir("uploads/image/$company", 0777, true);
}

error_reporting(E_ALL);

    //directory to upload to
    $upload_dir= 'uploads/image/$company';

    //number of files to upload passed by form
    $num_uploads = "$nouploads";

    //maximum filesize allowed in bytes
    $max_file_size  = 2000000;

    //the maximum filesize from php.ini
    $ini_max = str_replace('M', '', ini_get('upload_max_filesize'));
    $upload_max = $ini_max * 2000000;

    //a message for users
    $msg = 'Please select files for uploading';

    //an array to hold messages
    $messages = array();	

    //check if a file has been submitted
    if(isset($_FILES['userfile']['tmp_name']))
    {
        //loop through the array of files
        for($i=0; $i < count($_FILES['userfile']['tmp_name']);$i++)
        {
            //check if there is a file in the array
            if(!is_uploaded_file($_FILES['userfile']['tmp_name'][$i]))
            {
                $messages[] = 'No file uploaded';
            }
            //check if the file is less then the max php.ini size
            elseif($_FILES['userfile']['size'][$i] > $upload_max)
            {
                $messages[] = "File size exceeds $upload_max php.ini limit";
            }
            //check the file is less than the maximum file size
            elseif($_FILES['userfile']['size'][$i] > $max_file_size)
            {
                $messages[] = "File size exceeds $max_file_size limit";
            }
            else
            {
                //copy the file to the specified dir 
                if(@copy($_FILES['userfile']['tmp_name'][$i],$upload_dir.'/'.$_FILES['userfile']['name'][$i]))
                {
                    //give praise and thanks to the php gods
                    $messages[] = $_FILES['userfile']['name'][$i].' uploaded';
                }
                else
                {
                    //an error message
                    $messages[] = 'Uploading '.$_FILES['userfile']['name'][$i].' Failed';
                }
            }
        }
    }
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Multiple File Upload</title>
</head>

<body>

<h3><?php echo $msg; ?></h3>
<p>
<?php
    if(sizeof($messages) != 0)
    {
        foreach($messages as $err)
        {
            echo $err.'<br />';
        }
    }
?>
</p>
<form enctype="multipart/form-data" action="upload3.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $max_file_size; ?>" />
<?php
    $num = 0;
    while($num < $num_uploads)
    {
        echo '<div><input name="userfile[]" type="file" /></div>';
        $num++;
    }
?>

<input type="submit" value="Upload" />
</form>

</body>
</html>

requinix · July 1, 2012

You should never allow a user to determine where a file goes. All that "personalization" stuff should be handled with a database and URL rewriting.

Store the file in a random place that's not normally accessible. Like in a folder not under the web root, or in one but locked down with a .htaccess. Then you use URL rewriting to route any appropriate URLs (like "/uploads/image/$company/$file") through a PHP script. That script queries your database according to the $company and $file for the actual image file to show, which it then does.

honkmaster · July 1, 2012

thanks, the app is not WAN facing just used internaly on our LAN to help store content by company name.

I just don't under stand why the files don't end up in the right place.

If I replace the $company bit with a company name i.e "uploads/image/$company" to "uploads/image/companyname" it works??

Cheers Chris

requinix · July 1, 2012

thanks, the app is not WAN facing just used internaly on our LAN to help store content by company name.

Doesn't matter. Users are users and they're all out to screw with you. Disgruntled employees, for instance.

Anyways,

'uploads/image/$company'

Variables don't work in single-quoted strings.

honkmaster · July 1, 2012

I have tried with double quotes as

//directory to upload to
    $upload_dir= "uploads/image/$company";

I'm just trying to understand why it isn't working??

Pikachu2000 · July 1, 2012

I can already tell you don't have error reporting on, otherwise you'd probably have already figured this out. Set up error reporting and look at the notices that are generated.

honkmaster · July 2, 2012

Ok, I have put on error reporting and fixed errors, I have also added echo to see what is happing. All works apart from the file does not end up in the "company" directory it ends up in the "image" directory with the "company" folders.

This is what is echoing back to start with "uploads/image/CompanyName/" Once the Directory is created it should put the uploaded files in the "CompanyName" directory. What i get echoed back is "uploads/image//" the "CompanyName" is missing

Very confused, any help would be great

Cheers Chris

<?php

error_reporting(-1);

//posted from form
if(isset($_POST['company']))
$target = "$_POST[company]";
if(isset($_POST['nouploads']))
$nouploads = "$_POST[nouploads]";

{
global $target, $nouploads, $dir;
} 

echo $target;
echo "<br />";

//make a dir with the same name as company
//does not matter if it already exists
if (!file_exists ( "uploads/image/$target/" )) {
mkdir("uploads/image/$target/", 0777, true);
} 

    //directory to upload to
    $upload_dir = "uploads/image/$target/";
echo $upload_dir;
echo "<br />";

    //number of files to upload passed by form
    $num_uploads = "$nouploads";

    //maximum filesize allowed in bytes
    $max_file_size  = 2000000;

    //the maximum filesize from php.ini
    $ini_max = str_replace('M', '', ini_get('upload_max_filesize'));
    $upload_max = $ini_max * 2000000;

    //a message for users
    $msg = 'Please select files for uploading';

    //an array to hold messages
    $messages = array();	

    //check if a file has been submitted
    if(isset($_FILES['userfile']['tmp_name']))
    {
        //loop through the array of files
        for($i=0; $i < count($_FILES['userfile']['tmp_name']);$i++)
        {
            //check if there is a file in the array
            if(!is_uploaded_file($_FILES['userfile']['tmp_name'][$i]))
            {
                $messages[] = 'No file uploaded';
            }
            //check if the file is less then the max php.ini size
            elseif($_FILES['userfile']['size'][$i] > $upload_max)
            {
                $messages[] = "File size exceeds $upload_max php.ini limit";
            }
            //check the file is less than the maximum file size
            elseif($_FILES['userfile']['size'][$i] > $max_file_size)
            {
                $messages[] = "File size exceeds $max_file_size limit";
            }
            else
            {
                //copy the file to the specified dir 
                if(@copy($_FILES['userfile']['tmp_name'][$i],$upload_dir.'/'.$_FILES['userfile']['name'][$i]))
                {
                    //give praise and thanks to the php gods
                    $messages[] = $_FILES['userfile']['name'][$i].' uploaded';
                }
                else
                {
                    //an error message
                    $messages[] = 'Uploading '.$_FILES['userfile']['name'][$i].' Failed';
                }
            }
        }
    }
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Multiple File Upload</title>
</head>

<body>

<h3><?php echo $msg; ?></h3>
<p>
<?php
    if(sizeof($messages) != 0)
    {
        foreach($messages as $err)
        {
            echo $err.'<br />';
        }
    }
?>
</p>
<form enctype="multipart/form-data" action="upload3.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $max_file_size; ?>" />
<?php
    $num = 0;
    while($num < $num_uploads)
    {
        echo '<div><input name="userfile[]" type="file" /></div>';
        $num++;
    }
?>

<input type="submit" value="Upload" />
</form>

</body>
</html>

Pikachu2000 · July 2, 2012

Remove the error suppressing @ from the start of the copy function and see if that is generating any errors.

honkmaster · July 2, 2012

No error when I test at all, it seems to be the Variable $target is not working at the end of line starting $upload_dir. I have put the echo in to see what is working?

Pikachu2000 · July 2, 2012

Let's intentionally introduce an error to make sure you have error reporting set up properly. Add this line near the beginning of your code and see if it generates a notice.

echo "Undefined variable: $undefined_variable";

honkmaster · July 2, 2012

I added and got the following

Notice: Undefined variable: undefined_variable in /Applications/XAMPP/xamppfiles/htdocs/workflow/upload3.php on line 13

Pikachu2000 · July 2, 2012

OK, well that seems to be working. Let's see what exactly in the data being passed by the form. Add these right after the opening <?php tag:

echo 'INCOMING ARRAYS:<br>$_POST:<pre>';
print_r($_POST);
echo '</pre>$_FILES:<pre>';
print_r($_FILES);
echo '</pre>';

honkmaster · July 2, 2012

first part of script this cam up

INCOMING ARRAYS:

$_POST:

Array

(

[company] => test

[nouploads] => 1

[submit] => Submit

)

$_FILES:

Array

(

)

Then when I submit the file I this

INCOMING ARRAYS:

$_POST:

Array

(

[MAX_FILE_SIZE] => 2000000

)

$_FILES:

Array

(

[userfile] => Array

(

[name] => Array

(

[0] => test 2.JPG

)

[type] => Array

(

[0] => image/jpeg

)

[tmp_name] => Array

(

[0] => /Applications/XAMPP/xamppfiles/temp/phprNKfX2

)

[error] => Array

(

[0] => 0

)

=> Array

(

[0] => 409173

)

Pikachu2000 · July 3, 2012

I think I see what's going here. It wasn't clear what the flow of this was, but it looks like you're submitting a form with part of the information, then selecting files to upload and resubmitting, is that about right? You'll need to pass the data from the first form submission along with the second form submission, either via hidden form elements, or session variables or it isn't available to the script after the second submission. That will make some of your variables lose their values, but I'm surprised that isn't generating some error notices.

honkmaster · July 3, 2012

Thank you very much for your help, I now understand where I was going wrong,

Cheers Chris

Sign In

File Upload Issue

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information