file upload

csmaster2005 · 06-16-2004, 01:24 PM

Hi,
I'm working on a file upload for my site, and I'm having one problem with it.
The file that's going to be uploaded should be either .zip or .rar, and after the file is uploaded I need to run a query to add the information into a database.
The code I have is below:
$file_dir = "_______";
foreach($HTTP_POST_FILES as $file_name => $file_array){
if(is_uploaded_file($file_array['tmp_name'])){

$filename=$file_array['name'];
$id=(Some VALUE GOTTEN FROM A QUERY);
????: NamePros.com http://www.namepros.com/programming/34348-file-upload.html

if(strstr($filename, "zip") || strstr($filename, "rar")){

if(strstr($filename, "zip"))
$id=$id.".zip";
if(strstr($filename, "rar"))
$id=$id.".rar";
// print "Filename= $id<br>";
move_uploaded_file($file_array['tmp_name'], $file_dir. $id) or die("couldnt copy");
// $filename=$file_array['name'];
$query="INSERT INTO somedatabase my information;
mysql_query($query) or die(mysql_errno().":".mysql_error());
print "Thank you for your submission! It will be reviewed shortly!";
}
else
print "please make sure the file type is .zip or .rar!";

}
else
print "ERROR!";

Now, the problem is that if the file is big and takes some time to upload, and user closes the browser or goes to another page or something of that nature, the file isn't uploaded, but the last query is still executed.
How can this be fixed?
Also, sometimes when I chose a rar file to upload, it says "please make sure the file is .zip or .rar" but when I select a different file that is .rar it works. (meaning it doesnt work for some but works for others)
And one last problem is that sometimes on .zip files or other extensions (ones that I do not allow, such as .exe) it prints "ERROR"

Can anyone please help me solve the above issues?
Thanks

adam_uk · 06-16-2004, 01:30 PM

you could place the query in a seperate file or switch and then replace the query with

header("Location: file.php");

and place the execute query in that file

csmaster2005 · 06-16-2004, 02:42 PM

but that still doesn't explain why it is calling the query before the file is done uploading. Also, I dont think what you said will work because the script is still going past where it should be...
Any more ideas anyone?

Peter · 06-16-2004, 04:49 PM

unless you accidentally deleted it when editing your query line you are missing a closing "

in the if statements checking what format the file is you do not have an opening or a closing curly brace (nor in your else statements for that matter)

the curly braces really should be there so php knows where the end of the if is.

also declare $id to be something from the database then almost immediately replace it with the file extension, between the point of defining it and replacing it you don't use it unless of course you have edited out some code that goes there.

instead of having the 2 if statements setting $id you could just have:-

$id = stristr($filename, '.');

also notice i used stristr instead of strstr as you cant verify that the file the person uploads is going to be in the case your checks use. stristr is case insensitive as opposed to strstr which is case sensitive.

The way your script is at the moment if I tried uploading test. RAR it would fail as RAR does not match your check for rar

also a small note which isnt going to cause any problems. you use print all the time, echo is actually slightly faster see the following for info (link taken from php.net) http://www.faqts.com/knowledge_base/...l/aid/1/fid/40

csmaster2005 · 06-16-2004, 06:56 PM

now.. I already know all of what you said except I didn't think about the case sesitivity.
Alot of the stuff was cause I modified the code to put here, and forgot to fix.
Also, about the opening/closing braces... you don't have to have them, if you don't have them, php and most other lanuages automatically just read in the next line as the thing to run with the "if" or the "else"

Peter · 06-17-2004, 06:40 AM

I would just like to point out if someone uploads a file called zipped.rar both of your if statements will be true so it will update $id twice.

regards to why it is going through without actually having the uploaded file completely uploaded. I beleive it is because you are checking if the temp file is there which of course it is just its not complete (it exists until the end of the execution of the script). You should be checking the existence of the moved file.

csmaster2005 · 06-17-2004, 11:53 AM

It isn't checking the temp file, it's actually moving it. I think I got that problem fixed though.
Also, thanks for pointing out the zipped.rar issue

(All I gota do is make it search for .zip instead of zip and problem solved)

Peter · 06-17-2004, 02:09 PM

sorry think we are crossed slightly, what i meant was look at the following code

$filename=$file_array['name'];
$id=(Some VALUE GOTTEN FROM A QUERY);

if(strstr($filename, "zip") || strstr($filename, "rar")){

if(strstr($filename, "zip"))
$id=$id.".zip";
if(strstr($filename, "rar"))
$id=$id.".rar";
// print "Filename= $id<br>";
move_uploaded_file($file_array['tmp_name'], $file_dir. $id) or die("couldnt copy");
????: NamePros.com http://www.namepros.com/showthread.php?t=34348
// $filename=$file_array['name'];
$query="INSERT INTO somedatabase my information;
mysql_query($query) or die(mysql_errno().":".mysql_error());
print "Thank you for your submission! It will be reviewed shortly!";
}

you are checking that the filename contains rar or zip. all the code above is within the if statement so even if it cant move the file it will execute the query regardless. I may be completely off the mark ive never dealt too much with moving files, anything I have done just required me to do something with its content.

Anyway no probs with the rar and zip problem I know how easy it is to miss little thingas like this but of course they can create a big prolem

Pablo · 06-18-2004, 06:43 AM

Simple solution, i had the same prob with my script, first of all u goto get the size of the file and tell them that the d/l will take a while, my advice would be to use a javascript popup window that tells them d/l will take time why recdirecting the main page to upload the file. once the file is uploaded, get the user to confirm and write soemthing about the file, then when they submit thats when you add the query string with the file info.
????: NamePros.com http://www.namepros.com/showthread.php?t=34348
To provent file uploading and then close browser spammers, just so they fill up your server. my advice would be to check all the files and the query string to matches, make sure u have an upload date and time if the file hasnt been done by 1hr from upload get the page to delete the file (page as in main media page) or u can use cron jobs to automaticly get the page to delete them.

06-16-2004, 01:24 PM	THREAD STARTER #1 (permalink)
csmaster2005 Senior Member Join Date: Mar 2004 Location: U.S.A. Posts: 1,985	file upload Hi, I'm working on a file upload for my site, and I'm having one problem with it. The file that's going to be uploaded should be either .zip or .rar, and after the file is uploaded I need to run a query to add the information into a database. The code I have is below: $file_dir = "_______"; foreach($HTTP_POST_FILES as $file_name => $file_array){ if(is_uploaded_file($file_array['tmp_name'])){ $filename=$file_array['name']; $id=(Some VALUE GOTTEN FROM A QUERY); ????: NamePros.com http://www.namepros.com/programming/34348-file-upload.html if(strstr($filename, "zip") \|\| strstr($filename, "rar")){ if(strstr($filename, "zip")) $id=$id.".zip"; if(strstr($filename, "rar")) $id=$id.".rar"; // print "Filename= $id<br>"; move_uploaded_file($file_array['tmp_name'], $file_dir. $id) or die("couldnt copy"); // $filename=$file_array['name']; $query="INSERT INTO somedatabase my information; mysql_query($query) or die(mysql_errno().":".mysql_error()); print "Thank you for your submission! It will be reviewed shortly!"; } else print "please make sure the file type is .zip or .rar!"; } else print "ERROR!"; Now, the problem is that if the file is big and takes some time to upload, and user closes the browser or goes to another page or something of that nature, the file isn't uploaded, but the last query is still executed. How can this be fixed? Also, sometimes when I chose a rar file to upload, it says "please make sure the file is .zip or .rar" but when I select a different file that is .rar it works. (meaning it doesnt work for some but works for others) And one last problem is that sometimes on .zip files or other extensions (ones that I do not allow, such as .exe) it prints "ERROR" Can anyone please help me solve the above issues? Thanks

06-16-2004, 04:49 PM	#4 (permalink)
Peter NamePros Expert Join Date: Nov 2003 Location: Scotland Posts: 5,069	unless you accidentally deleted it when editing your query line you are missing a closing " in the if statements checking what format the file is you do not have an opening or a closing curly brace (nor in your else statements for that matter) the curly braces really should be there so php knows where the end of the if is. also declare $id to be something from the database then almost immediately replace it with the file extension, between the point of defining it and replacing it you don't use it unless of course you have edited out some code that goes there. instead of having the 2 if statements setting $id you could just have:- $id = stristr($filename, '.'); also notice i used stristr instead of strstr as you cant verify that the file the person uploads is going to be in the case your checks use. stristr is case insensitive as opposed to strstr which is case sensitive. The way your script is at the moment if I tried uploading test. RAR it would fail as RAR does not match your check for rar also a small note which isnt going to cause any problems. you use print all the time, echo is actually slightly faster see the following for info (link taken from php.net) http://www.faqts.com/knowledge_base/...l/aid/1/fid/40 __________________ Manage your portfolio using my new Domain Portfolio Management script. Securing Your Domain Name From Theft Last edited by filth; 06-16-2004 at 05:03 PM.

06-17-2004, 06:40 AM	#6 (permalink)
Peter NamePros Expert Join Date: Nov 2003 Location: Scotland Posts: 5,069	I would just like to point out if someone uploads a file called zipped.rar both of your if statements will be true so it will update $id twice. regards to why it is going through without actually having the uploaded file completely uploaded. I beleive it is because you are checking if the temp file is there which of course it is just its not complete (it exists until the end of the execution of the script). You should be checking the existence of the moved file. __________________ Manage your portfolio using my new Domain Portfolio Management script. Securing Your Domain Name From Theft

06-17-2004, 02:09 PM	#8 (permalink)
Peter NamePros Expert Join Date: Nov 2003 Location: Scotland Posts: 5,069	sorry think we are crossed slightly, what i meant was look at the following code $filename=$file_array['name']; $id=(Some VALUE GOTTEN FROM A QUERY); if(strstr($filename, "zip") \|\| strstr($filename, "rar")){ if(strstr($filename, "zip")) $id=$id.".zip"; if(strstr($filename, "rar")) $id=$id.".rar"; // print "Filename= $id<br>"; move_uploaded_file($file_array['tmp_name'], $file_dir. $id) or die("couldnt copy"); ????: NamePros.com http://www.namepros.com/showthread.php?t=34348 // $filename=$file_array['name']; $query="INSERT INTO somedatabase my information; mysql_query($query) or die(mysql_errno().":".mysql_error()); print "Thank you for your submission! It will be reviewed shortly!"; } you are checking that the filename contains rar or zip. all the code above is within the if statement so even if it cant move the file it will execute the query regardless. I may be completely off the mark ive never dealt too much with moving files, anything I have done just required me to do something with its content. Anyway no probs with the rar and zip problem I know how easy it is to miss little thingas like this but of course they can create a big prolem __________________ Manage your portfolio using my new Domain Portfolio Management script. Securing Your Domain Name From Theft

06-18-2004, 06:43 AM	#9 (permalink)
Pablo NamePros Member Join Date: Nov 2003 Posts: 44	Simple solution, i had the same prob with my script, first of all u goto get the size of the file and tell them that the d/l will take a while, my advice would be to use a javascript popup window that tells them d/l will take time why recdirecting the main page to upload the file. once the file is uploaded, get the user to confirm and write soemthing about the file, then when they submit thats when you add the query string with the file info. ????: NamePros.com http://www.namepros.com/showthread.php?t=34348 To provent file uploading and then close browser spammers, just so they fill up your server. my advice would be to check all the files and the query string to matches, make sure u have an upload date and time if the file hasnt been done by 1hr from upload get the page to delete the file (page as in main media page) or u can use cron jobs to automaticly get the page to delete them. __________________ Click Link for Java IRC PHP-Live IRC: pgardner.net:6667, Channel: #php.

06-16-2004, 01:30 PM	#2 (permalink)
adam_uk Senior Member Join Date: May 2003 Posts: 2,187	you could place the query in a seperate file or switch and then replace the query with header("Location: file.php"); and place the execute query in that file

06-16-2004, 02:42 PM	THREAD STARTER #3 (permalink)
csmaster2005 Senior Member Join Date: Mar 2004 Location: U.S.A. Posts: 1,985	but that still doesn't explain why it is calling the query before the file is done uploading. Also, I dont think what you said will work because the script is still going past where it should be... Any more ideas anyone?

06-16-2004, 06:56 PM	THREAD STARTER #5 (permalink)
csmaster2005 Senior Member Join Date: Mar 2004 Location: U.S.A. Posts: 1,985	now.. I already know all of what you said except I didn't think about the case sesitivity. Alot of the stuff was cause I modified the code to put here, and forgot to fix. Also, about the opening/closing braces... you don't have to have them, if you don't have them, php and most other lanuages automatically just read in the next line as the thing to run with the "if" or the "else"

06-17-2004, 11:53 AM	THREAD STARTER #7 (permalink)
csmaster2005 Senior Member Join Date: Mar 2004 Location: U.S.A. Posts: 1,985	It isn't checking the temp file, it's actually moving it. I think I got that problem fixed though. Also, thanks for pointing out the zipped.rar issue (All I gota do is make it search for .zip instead of zip and problem solved)

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)