File Upload Issue

[likelylad]

Hi

I am trying to upload a file so that it can be emailed and also send the file path to a database.

The code is like the following

<form enctype="multipart/form-data" name="test" method="POST" action="filename.php">
<input type="hidden" name="MAX_FILE_SIZE" value="10000000" />
<div><input type="file"  id="find_file" name="find_file" Size="80"></div>
</form>
.
.
.
<?php
*** code to send info to mysql database ***
.
.
.
//Code For File Upload
$target_path = "uploads/";

$target_path = $target_path . basename( $_FILES['find_file']['name']); 

if(move_uploaded_file($_FILES['find_file']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['find_file']['name']). 
    " has been uploaded";
} else{
    echo "There was an error uploading the file, please try again!";
}


?>

With the above bit of code the file will upload but not send to the database.

Once I remove enctype="multipart/form-data", the information goes to the database but it will not upload the file.

Can anyone point me in the right direction as to how I would achieve both.

 

[vacunita]

Without your DB code its hard to say.

but I would first do all the file moving operations, and then once the file is located in the folder its going to reside in perform the DB operations.

The enctype part is required to send the uploaded file. However it should not interfere with any DB operations you may be running.

You'll need to show us the rest of your code if you want more than just vague suggestions.

----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[likelylad]

I had found the following but still no solution

http://bugs.php.net/bug.php?id=26004

 

[ingresman]

Can you add the following line to your code

print_r($_POST);

and run it with a small file as the upload.
Can you run it with the enc type and without and post your results back here (perhaps with a bit of editing !).
I'd just like to see if all the variables are getting into the script. Also can you post the entire script so we can see it (as per Vacunits's request).
Finally does it fail for all file sizes,the bug seems to go on about file size being an issue

 

[likelylad]

<form enctype="multipart/form-data" name="test" method="POST" action="filename.php">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000">
<div><label>Order Details</label>:</div>
<div><input name="order_details" Size="60"></div>
<div><label>Path To File</label>:</div>
<div><input type="file" name="find_file" Size="80"></div>
<div><label>Entered By</label>:</div>
<input type="text" name="entered_by">
<input type="submit" name="submit" value="submit">
</form>

<?php
//Insert Info Into Table
$db = mysqli_connect("servername", "username", "password") or die ;
mysqli_select_db($db,"database");

  $sql4 = "INSERT INTO tablename (Order_Desc,Attachment,Entered_By) VALUES ('$_POST[order_details]','$_POST[find_file]','$_POST[entered_by]')";

  $result4 = mysqli_query($db,$sql4);

  echo "Thank you! Information entered.\n";

//Upload File
$target_path = "uploads/";

$target_path = $target_path . basename( $_FILES['find_file']['name']); 

if(move_uploaded_file($_FILES['find_file']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['find_file']['name']). 
    " has been uploaded";
} else{
    echo "There was an error uploading the file, please try again!";
}


?>

When I add in print_r($_POST) I get the following, and the file is only a couple of KB
The file gets uploaded and all the information apart from the file location is saved to the database.

Array ( [MAX_FILE_SIZE] => 1000000 [order_details] => 1234567-12345678 [entered_by] => likelylad [submit] => submit ) Thank you! Information entered. The file boot.ini has been uploaded


When I remove the enctype="multipart/form-data" part, the file upload fails but it saves to the database.

Array ( [MAX_FILE_SIZE] => 1000000 [order_details] => 1234567-12345678 [find_file] => C:\\boot.ini [entered_by] => likelylad [submit] => submit ) Thank you! Information entered. There was an error uploading the file, please try again!

 

[jpadie]

you have:

* no conditionality around your database insert statements.
* no escaping of data prior to using them in queries
* not programmatically tested whether the php process can write to the uploads/ directory (is_writable).
* not programmatically tested whether the uploads/ directory actually exists.

bullets one or two are excusable if you have 100% verified this outside of the application.

bullet two is never excusable and is quite likely to be the problem in this case. However you have not provided the code that you use to save the location to the database so we are left in the dark. I assume, in saying this, that you are not relying on the browser to report the file name to you in the $_POST superglobal (although i do see a reference to this in your insert code). The browser has no need to provide this data to you, it is not part of the http requirements nor the (x)html schemas. Some do but most don't. do NOT rely on it. Use $_FILES[fieldname]['name'] instead. and always test the value of $_FILES[fieldname]['error'] first. before doing anything else. there are lots of things that can go wrong with file uploads and this error reporting is extremely useful.

 

[likelylad]

I couldn't find a solution to this issue, so what I decided to do, is create a new hidden "Text" field on the web page. Then I used some javascript to copy the content from the "File" field to the "Text" field. I then used the info from the "Text" field to get the information into MySQL.

 

[jpadie]

did you not read my post of 3 Feb 09 @ 8:27?

Use $_FILES[fieldname]['name'] instead

 

[likelylad]

Hi jpadie

Sorry I had tried that but it made no difference.

 

[jpadie]

then you did not do it properly. [obviously] fieldname should reflect the name of the field. in your case this is 'find_file'

this is the array element in which the name is stored. all browsers support it. by contrast using javascript is not always possible. some browsers will not allow you to address the value of a file input control. not to mention that not all browsers/users will support or have javascript turned on.