views:

21

answers:

1
<?php
if(isset($_POST['upload']))
{
 //$albumid = $_POST['id'];
  // Check to see if the type of file uploaded is a valid image type
  function is_valid_type($file)
  {
          // This is an array that holds all the valid image MIME types
          $valid_types = array("image/jpg", "image/jpeg", "image/bmp", "image/gif");

          if (in_array($file['type'], $valid_types))
                  return 1;
          return 0;
  }
  // Just a short function that prints out the contents of an array in a manner that's easy to read
  // I used this function during debugging but it serves no purpose at run time for this example
  function showContents($array)
  {
          echo "<pre>";
          print_r($array);
          echo "</pre>";
  }

// Set some constants
//$TARGET_PATH = "video/temp/";
$TARGET_PATH = "video/";

// Get our POSTed variables
$vidname = $_POST['vidname'];
$vidout = "$vidname.wmv";
$thumbname = "$vidname";
$video = $_FILES['video'];
$vidin = $video['name'];

// Sanitize our inputs
$vidname = mysql_real_escape_string($vidname);
//$video['name'] = mysql_real_escape_string($video['name']);
$vidin = $video['name'];

// Build our target path full string.  This is where the file will be moved do
// i.e.  images/picture.jpg
$TARGET_PATH .= $video['name'];
  // Make sure all the fields from the form have inputs
  if ( $vidname == "" || $video['name'] == "" )
  {
          echo "mali 1";
    $_SESSION['error'] = "All fields are required";
         // header("Location: uploadvid.php");
  }
     // Lets attempt to move the file from its temporary directory to its new home
     if (move_uploaded_file($video['tmp_name'], $TARGET_PATH))
     {   
       //see FFMPEG-PHP for windows
       //convert any video format into WMV format
       //exec('c:/ffmpeg/bin/ffmpeg.exe -i video/temp/'.$vidin.' -ar 11025 -ab 32 -f flv -s 320x240 video/'.$vidout.'');
       //create and get a frame from the video uploaded, to make it thumbnail.
       exec('c:/ffmpeg/bin/ffmpeg.exe -i video/'.$vidin.' -vcodec png -vframes 1 -an -f rawvideo -s 320×240 video/thumb/'.$thumbname.'');
       exec('c:/ffmpeg/bin/ffmpeg.exe -i video/'.$vidout.' -an -ss 00:00:03 -t 00:00:01 -r 1 -y -s 320x240 video/thumb/'.$thumbname.'');
             //unlink("video/temp/".$vidin);

       // NOTE: This is where a lot of people make mistakes.
             // We are *not* putting the image into the database; we are putting a reference to the file's location on the server


          echo $v_id = $_SESSION['v_id'];
       $sql = "select * from tvideo where videoId= '$v_id'";
       $result=mysql_query($sql);
       $myrow = mysql_num_rows($result);

       if ($myrow == 0)
       {
       $sql1 = "insert into tvideo (vthumbnail, vfilename) values ('$thumbname', '$vidin')";
       $result = mysql_query($sql1) or die ("Could not insert data into DB: " . mysql_error());
       }

       else{
       $sql2 = "update tvideo set vthumbnail='$thumbname', vfilename = '$vidin' where videoId = '$v_id'";
       $result = mysql_query($sql2) or die ("Could not update data into DB: " . mysql_error());
       }


       //echo "hello<br>";
       $tname = $vidout;
       //echo "$tname";

       //header("Location: index_1.php");
             //exit;
     }
      else
      {
              // A common cause of file moving failures is because of bad permissions on the directory attempting to be written to
              // Make sure you chmod the directory to be writeable
              $_SESSION['error'] = "Could not upload file.  Check read/write persmissions on the directory";
              //header("Location: index_1.php");
              exit;
      }
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data">

        <label>
        <div align="center"><span class="style14 style31">Kindly type your Full Name: </span></div>
</label>
        <div align="center"><span class="style9">
          <input type="text" name="vidname"  />
          <br>
          <br>
          <br>
            </span></div>
        <span class="style9"><label>
        <div align="center" class="style11"><span class="style9 style29">Locate the path containing your Video.</span></div>
        <br>
        <span class="style9">
        </label>
        </span>
        <div align="center">
          <span class="style9"><span class="style31">File to upload:</span>
            <input type="file" name="video" />
          </span></div>
           <br><label>
        <div align="center"><span class="style14 style31">
     <span class="style32">
                            Note:<li>Maximum video size (???)</li>
                            </span>
        </span> </div>
        </label>


<div align="center"><br />

                <input type="hidden" name="MAX_FILE_SIZE" value="100" />
                <input type="submit" name="upload" id="submit" value="UPLOAD" onClick="return confirm('Warning: Previous video will be overwritten.')" />                      
                <input type="reset" name="reset" id="reset" value="CLEAR" />
          </div>
</form>
</div></td>
   </tr>
  </table>
</center>
</body>
</html>
+1  A: 

You can get the file size with

$_FILES['userfile']['size']

and abort if it's too big.

PS: I don't think you sanitized the input correctly - mysql_real_escape_string($vidname) doesn't modify a path like C:\Windows\explorer.exe

Otto Allmendinger
where should i particularly put that code?
schatzie
I guess before you process the file
Otto Allmendinger
$_FILES['userfile']['size']
schatzie
ok thank you,, i'll try it
schatzie