Tube Nations Tube Nations - 6 months ago 25
PHP Question

php upload script not uploading - but it is adding to database?

A weird problem when i am trying to make a banner art upload system for user profiles.

I have searched for answers, but none have solved it.

It is not a permissions problem, my chmod is 755 on uploads folder and in the upload.php file.

code below:

if ($_POST && !empty($_FILES)) {
$formOk = true;

//Assign Variables
$path = $_FILES['image']['tmp_name'];
$name = $_FILES['image']['name'];
$size = $_FILES['image']['size'];
$type = $_FILES['image']['type'];

if ($_FILES['image']['error'] || !is_uploaded_file($path)) {
$formOk = false;
echo "Error: Error in uploading file. Please try again.";
}

//check file extension
if ($formOk && !in_array($type, array('image/png', 'image/x-png', 'image/jpeg', 'image/pjpeg', 'image/gif'))) {
$formOk = false;
echo "Error: Unsupported file extension. Supported extensions are JPG / PNG.";
}
// check for file size.
if ($formOk && filesize($path) > 500000) {
$formOk = false;
echo "Error: File size must be less than 3 MB.";
}

if ($formOk) {
// read file contents
$content = file_get_contents($path);

//connect to mysql database
if ($conn = mysqli_connect('localhost', 'hidden', 'hidden', 'hidden')) {
$user_id = mysqli_real_escape_string($conn, $_POST['user_id']);
$username = mysqli_real_escape_string($conn, $_POST['username']);
$content = mysqli_real_escape_string($conn, $content);
$sql = "insert into banners (user_id, username, name, size, type, content) values ('{$user_id}','{$username}','{$name}', '{$size}', '{$type}', '{$content}')";

if (mysqli_query($conn, $sql)) {
$uploadOk = true;
$imageId = mysqli_insert_id($conn);
} else {
echo "Error: Could not save the data to mysql database. Please try again.";
}

mysqli_close($conn);
} else {
echo "Error: Could not connect to mysql database. Please try again.";
}
}


And the form is:

<form method="post" enctype="multipart/form-data" action="<?=$_SERVER['PHP_SELF']?>" >
<div>
<h3>Image Upload:</h3>
</div>
<div>
<label>Image</label>
<img src="<?php print_r($path); ?>"/>
<?php print_r($_FILES); ?>
<input type="text" name="user_id" value="<?php echo $user->data["user_id"]; ?>" readonly/>
<br />
<input type="text" name="username" value="<?php echo $user->data["username"]; ?>" readonly/>
<input type="hidden" name="MAX_FILE_SIZE" value="500000">
<input type="file" name="image" />
<input name="submit" type="submit" value="Upload">
</div>
</form>


I have the form in the same file upload.php along with my include header and footer.

So basically it stores the data into the database, but just will not upload what so ever, i also checked the phpinfo and so on, and all is ok, it is turned on, and file limit in phpinfo is 64mb, so i don't get why it wont upload?

any help would be appreciated, thanks

Answer

Simple: You didn't move that file anywhere, as in move_uploaded_file().

Base yourself on the following example taken from the manual:

<?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.

$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\n";
} else {
    echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";

and check for errors too.

Comments