Jump to content

Upload file to user folder and store file information in database

fri3ndly

By fri3ndly
in PHP Coding Help

 Share

Recommended Posts

fri3ndly Member

fri3ndly

Posted
Posted

Hi all.

 

I have created a system and I am just working on making a page where the admin can upload files to a database.

 

The verification messages are all working fine, but the file does not upload (I have never done a file upload in php so not sure what I have done is right). I want it to add the data to the database and store the file in a folder depending on the user that is selected.

 

Please see the code below for this page. Hope you can help, thanks

 

<form id="uploadform" name="uploadform" method="post" action="<?php echo $PHP_SELF; ?>">

    <label>User name:<br/> 
    <select name="FileUser" id="FileUser">
      <option value="">Select a User...</option>
  <?php
  
  $query = mysql_query("SELECT * FROM login") 
			or die(mysql_error()); 
  
  
  while ($row = mysql_fetch_array($query)) {
             $username = $row['username'];
		 $fullname = $row['fullname'];

  		print "<option value=" . $username . ">" . $fullname . " (" . $username . ")</option>"; 

		}

		?>
    </select>
    </label>
<br /><br />
  <label>
  File (PDF):<br/>
  <input name="FileName" type="file" id="FileName" />
  </label>
  <label><br />
  <br />
  <input type="submit" name="submit" value="Upload" />
  </label>
</form>

<?php
// Post variables and see if they are empty

    if (isset($_POST['submit'])){

	$errors = false;

	$error = '<p>The following errors were detected</p><ul>';	

			if(isset($_POST['FileUser']) && trim($_POST['FileUser'])) {
				$FileUser = trim($_POST['FileUser']);
			} else {
				$errors = true;
				$error .= '<li>You did not select a user';
			}
			if(isset($_POST['FileName']) && trim($_POST['FileName'])) {
				$FileName = trim($_POST['FileName']);
			} else {
				$errors = true;
				$error .= '<li>You did not select a PDF file to upload';
			}

	// echo out the errors if there are any
	if($errors) {
		echo $error.'</ul><br/>';
		}		
	else{

			// remove slashes for magic_quotes_gpc and injection attacks
			$FileUser = stripslashes($_REQUEST["FileUser"]);
		  //$FileName = stripslashes($_REQUEST["FileName"]);


			// the following code is all on one line - insert into database variable
			$query = "INSERT INTO downloads (username, 
											 filename, 
											 dateadded, 
											 download 
											 )

			          VALUES   ('".mysql_real_escape_string($FileUser)."',
					  			'".mysql_real_escape_string($FileName)."',
								'".mysql_real_escape_string(date("j M Y"))."',
								'". mysql_real_escape_string($DownloadLink)."'
								)";

			if (mysql_query($query)) {		

					// set upload save directory
						$upload_save_dir = '/Login_System2/downloads/$FileUser';
					//check if upload save directory for this mime type exists, if not create it
						if(!file_exists($upload_save_dir)) { mkdir($upload_save_dir);    }
					//set the upload save path
						$upload_save_path = $upload_save_dir."/".$upload_id;        
					//attempt to save the file
						if (move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $upload_save_path) === FALSE) { // attempt to save the upload
					//upload failed  
						   $error_msg = "<strong>ERROR</strong><br />Failed to upload the file, please try again.\n";
						}
			//upload exists all ready
				} else {
					$upload_exists = $upload_exists[0];
					$error_msg = "<strong>ERROR</strong><br /><strong>".$upload_exists['upload_orig_filename']."</strong> has already been uploaded to the website.<br />";
				}

	}	

}

?>

Link to comment
Share on other sites
fri3ndly Member

fri3ndly

Posted
  • Author
Posted

Hi, thanks for that The Little Guy

 

OK I have read through that and changed my script. This is as it stands now:

 

<form id="uploadform" enctype="multipart/form-data" name="uploadform" method="post" action="<?php echo $PHP_SELF; ?>">
    <label>User name:<br/> 
    <select name="FileUser" id="FileUser">
      <option value="">Select a User...</option>
  <?php
  
  $query = mysql_query("SELECT * FROM login") 
			or die(mysql_error()); 
  
  
  while ($row = mysql_fetch_array($query)) {
             $username = $row['username'];
		 $fullname = $row['fullname'];

  		print "<option value=" . $username . ">" . $fullname . " (" . $username . ")</option>"; 

		}

		?>
    </select>
    </label>
<br /><br />
  <label>
  File (PDF):<br/>
   <!-- MAX_FILE_SIZE must precede the file input field -->
   <input type="hidden" name="MAX_FILE_SIZE" value="300000" />
   <!-- Name of input element determines name in $_FILES array -->
   <input name="FileName" type="file" id="FileName" />
  </label>
  <label><br />
  <br />
  <input type="submit" name="submit" value="Upload" />
  </label>
</form>

<?php
// Post variables and see if they are empty

    if (isset($_POST['submit'])){

	$errors = false;

	$error = '<p>The following errors were detected</p><ul>';	

			if(isset($_POST['FileUser']) && trim($_POST['FileUser'])) {
				$FileUser = trim($_POST['FileUser']);
			} else {
				$errors = true;
				$error .= '<li>You did not select a user';
			}
		/*	if(isset($_POST['FileName']) && trim($_POST['FileName'])) {
				$FileName = trim($_POST['FileName']);
			} else {
				$errors = true;
				$error .= '<li>You did not select a PDF file to upload';
		    }*/	

	// echo out the errors if there are any
	if($errors) {
		echo $error.'</ul><br/>';
		}		
	else{


			$uploaddir = 'http://localhost/Login_system2/downloads/$FileUser/';
			$uploadfile = $uploaddir . basename($_FILES['name']);

			echo '<pre>';
			if (move_uploaded_file($_FILES['$FileName']['tmp_name'], $uploadfile)) {
				   echo "File is valid, and was successfully uploaded.\n";
			} else {
   				 echo "Possible file upload attack!\n\n";
			}

		echo 'Here is some more debugging info:';
		print_r($_FILES);

		print "</pre>";


	}	

}
?>

 

However the file is not uploading to the new directory. Is this a localhost problem or an error in my script?

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.