File upload

[csmaster2005]

Hi,
I'm working on a file upload for my site, and I'm having one problem with it.
The file that's going to be uploaded should be either .zip or .rar, and after the file is uploaded I need to run a query to add the information into a database.
The code I have is below:
$file_dir = "_______";
foreach($HTTP_POST_FILES as $file_name => $file_array){
if(is_uploaded_file($file_array['tmp_name'])){

$filename=$file_array['name'];
$id=(Some VALUE GOTTEN FROM A QUERY);

if(strstr($filename, "zip") || strstr($filename, "rar")){

if(strstr($filename, "zip"))
$id=$id.".zip";
if(strstr($filename, "rar"))
$id=$id.".rar";
// print "Filename= $id<br>";
move_uploaded_file($file_array['tmp_name'], $file_dir. $id) or die("couldnt copy");
// $filename=$file_array['name'];
$query="INSERT INTO somedatabase my information;
mysql_query($query) or die(mysql_errno().":".mysql_error());
print "Thank you for your submission! It will be reviewed shortly!";
}
else
print "please make sure the file type is .zip or .rar!";

}
else
print "ERROR!";

Now, the problem is that if the file is big and takes some time to upload, and user closes the browser or goes to another page or something of that nature, the file isn't uploaded, but the last query is still executed.
How can this be fixed?
Also, sometimes when I chose a rar file to upload, it says "please make sure the file is .zip or .rar" but when I select a different file that is .rar it works. (meaning it doesnt work for some but works for others)
And one last problem is that sometimes on .zip files or other extensions (ones that I do not allow, such as .exe) it prints "ERROR"

Can anyone please help me solve the above issues?
Thanks

 

[adam_uk]

you could place the query in a seperate file or switch and then replace the query with

header("Location: file.php");

and place the execute query in that file

 

[csmaster2005]

but that still doesn't explain why it is calling the query before the file is done uploading. Also, I dont think what you said will work because the script is still going past where it should be...
Any more ideas anyone?

 

[Peter]

unless you accidentally deleted it when editing your query line you are missing a closing "

in the if statements checking what format the file is you do not have an opening or a closing curly brace (nor in your else statements for that matter)

the curly braces really should be there so php knows where the end of the if is.

also declare $id to be something from the database then almost immediately replace it with the file extension, between the point of defining it and replacing it you don't use it unless of course you have edited out some code that goes there.

instead of having the 2 if statements setting $id you could just have:-

$id = stristr($filename, '.');

also notice i used stristr instead of strstr as you cant verify that the file the person uploads is going to be in the case your checks use. stristr is case insensitive as opposed to strstr which is case sensitive.

The way your script is at the moment if I tried uploading test. RAR it would fail as RAR does not match your check for rar

also a small note which isnt going to cause any problems. you use print all the time, echo is actually slightly faster see the following for info (link taken from php.net) http://www.faqts.com/knowledge_base/view.phtml/aid/1/fid/40

 

[csmaster2005]

now.. I already know all of what you said except I didn't think about the case sesitivity.
Alot of the stuff was cause I modified the code to put here, and forgot to fix.
Also, about the opening/closing braces... you don't have to have them, if you don't have them, php and most other lanuages automatically just read in the next line as the thing to run with the "if" or the "else"

 

[Peter]

I would just like to point out if someone uploads a file called zipped.rar both of your if statements will be true so it will update $id twice.

regards to why it is going through without actually having the uploaded file completely uploaded. I beleive it is because you are checking if the temp file is there which of course it is just its not complete (it exists until the end of the execution of the script). You should be checking the existence of the moved file.

 

[csmaster2005]

It isn't checking the temp file, it's actually moving it. I think I got that problem fixed though.
Also, thanks for pointing out the zipped.rar issue (All I gota do is make it search for .zip instead of zip and problem solved)

 

[Peter]

sorry think we are crossed slightly, what i meant was look at the following code

$filename=$file_array['name'];
$id=(Some VALUE GOTTEN FROM A QUERY);

if(strstr($filename, "zip") || strstr($filename, "rar")){

if(strstr($filename, "zip"))
$id=$id.".zip";
if(strstr($filename, "rar"))
$id=$id.".rar";
// print "Filename= $id<br>";
move_uploaded_file($file_array['tmp_name'], $file_dir. $id) or die("couldnt copy");
// $filename=$file_array['name'];
$query="INSERT INTO somedatabase my information;
mysql_query($query) or die(mysql_errno().":".mysql_error());
print "Thank you for your submission! It will be reviewed shortly!";
}

you are checking that the filename contains rar or zip. all the code above is within the if statement so even if it cant move the file it will execute the query regardless. I may be completely off the mark ive never dealt too much with moving files, anything I have done just required me to do something with its content.

Anyway no probs with the rar and zip problem I know how easy it is to miss little thingas like this but of course they can create a big prolem

 

[Pablo]

Simple solution, i had the same prob with my script, first of all u goto get the size of the file and tell them that the d/l will take a while, my advice would be to use a javascript popup window that tells them d/l will take time why recdirecting the main page to upload the file. once the file is uploaded, get the user to confirm and write soemthing about the file, then when they submit thats when you add the query string with the file info.
To provent file uploading and then close browser spammers, just so they fill up your server. my advice would be to check all the files and the query string to matches, make sure u have an upload date and time if the file hasnt been done by 1hr from upload get the page to delete the file (page as in main media page) or u can use cron jobs to automaticly get the page to delete them.