Exit
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0

uploading file

Explorer ,
Jul 03, 2012 Jul 03, 2012

I am creating an upload form.  One of the fields is a file.  It does not seem to be working though.  The file is not being uploaded.  here is my code:

form:

<input type="file" name="upload" id="upload" size="48" value="<?php if($flag) { echo $_FILES['file']['name']; } ?>" />

php:

move_uploaded_file($_FILES["upload"]["tmp_name"], "http:/mysite.com/uploads/");

anything that I'm missing?

TOPICS
Server side applications
1.1K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Jul 04, 2012 Jul 04, 2012

You're missing giving the file a name.

move_uploaded_file($_FILES["upload"]["tmp_name"], "http:/mysite.com/uploads/" . $_FILES['upload']['name']);

Also, I'm puzzled by this:

value="<?php if($flag) { echo $_FILES['file']['name']; } ?>"

Why are you trying to insert a value? And shouldn't it be $_FILES['upload']['name'] instead of $_FILES['file']['name']?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jul 04, 2012 Jul 04, 2012

ok - thanks.  still not working,  but my host says that .txt files are disabled for security reasons.  still don't understand.  i can understand .exe's....

have to find out what "disabled" means still....

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Jul 05, 2012 Jul 05, 2012

What the host means is that you can't upload text files. I suspect the reason for that is to prevent scripting attacks.

If you allow people to upload files for immediate display, a text file could contain malicious JavaScript that would be executed as soon as the page is displayed.

Try this:

<?php include('script.txt'); ?>

The content of script.txt should look like this:

<script>

alert('Boo!');

</script>

When you load the PHP page into a browser, it executes the script, and displays an alert box with "Boo!".

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jul 05, 2012 Jul 05, 2012

what i would like to do is for users to upload text files, and then it is stored on the server, and ready to be shared/edited.  that doesn't sound like it is possible though.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jul 09, 2012 Jul 09, 2012
LATEST

Instead of uploading the file to a folder for later download, you can insert the text file into the database as blob.  Then you can also spit out the text file using php to reconstruct it all.  Here is my code for doing that.  Please note the following:

1.)  You need to add additional fields to the table for size, type, and name of file.  Finally, you need to create a blob field to hold the actual text file.

2.)  The upload code does NOT properly sanitize against SQL injection.  This is on a private network and therefore acceptable.  You will need to make sure you santize the input so you are not subject to a SQL injection attack.  The purpose of this is to show you how it all works.

First here is the form section:

<form action="upload.php" method="post" enctype="multipart/form-data" id="form1">

              <p>

                <label for="fileField"></label>

                File Name: <span id="sprytextfield1">

                  <label for="friendly_name"></label>

                  <input type="text" name="friendly_name" id="friendly_name" />

                  <span class="textfieldRequiredMsg">A value is required.</span></span></p>

              <p>

                <input type="file" name="fileUpload" id="fileField" />

              </p>

              <p>

                <input type="submit" name="button" id="button" value="Submit" />

              </p>

            </form>

Here is the upload.php section:

<?php
$friendly_name=$_POST['friendly_name'];
$name = $_FILES['fileUpload']['name'];
$tmpName = $_FILES['fileUpload']['tmp_name'];
$size = $_FILES['fileUpload']['size'];
$type = $_FILES['fileUpload']['type'];

$fp = fopen($tmpName, 'r');
$data = fread($fp, filesize($tmpName));
$data = addslashes($data);
fclose($fp);

if(!get_magic_quotes_gpc())
{
$name = addslashes($name);
}


?>

<?php

  $SQL="INSERT INTO files set message_id='".$messageid."', friendly_name='".$friendly_name."', category='".$category."', name='".$name."', size='".$size."', type='".$type."', data='".$data."'";
                     

  mysql_select_db($database_board, $board);
  mysql_query($SQL, $board) or die(mysql_error());
  header ('Location:new_post2.php');

?>

Finally,

Here is the snippet from the page that puts the file back together again so the user can download:

$colname_Recordset1 = "-1";

if (isset($_POST['id'])) {

  $colname_Recordset1 = $_POST['id'];

}

mysql_select_db($database_board, $board);

$query_Recordset1 = sprintf("SELECT * FROM files WHERE id = %s", GetSQLValueString($colname_Recordset1, "int"));

$Recordset1 = mysql_query($query_Recordset1, $board) or die(mysql_error());

$row_Recordset1 = mysql_fetch_assoc($Recordset1);

$totalRows_Recordset1 = mysql_num_rows($Recordset1);

?>

<?php header("Content-length: $row_Recordset1[size]");

header("Content-type: $row_Recordset1[type]");

header("Content-Disposition: attachment; filename=$row_Recordset1[name]");

echo $row_Recordset1['data']; ?>

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines