tags:

views:

391

answers:

5
Q: 

PHP file upload

Hi, I am trying to upload files to my server using php to save them into a binary form into my mysql database but I cant get it to work, here is the script I’m using, I believe it has something to do with "$_FILES" because when I take this out "&& $_FILES['userfile']['size'] > 0" the script starts to run but then the variables underneath that use "$_FILES" aren’t defined.

if(isset($_POST['upload']) && $_FILES['userfile']['size'] >  0) {
$fileName = $_FILES['userfile']['name'];
$tmpName  = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];

$fp      = fopen($tmpName, 'r');
$content = fread($fp, filesize($tmpName));
$content = addslashes($content);
fclose($fp);

if(!get_magic_quotes_gpc())
{
    $fileName = addslashes($fileName);
}

db_connect();
db_select();

$query = "INSERT INTO upload (name, size, type, content ) ".
"VALUES ('$fileName', '$fileSize', '$fileType', '$content')";

mysql_query($query) or die('Error, query failed');
db_disconnect();

echo "<br>File $fileName uploaded<br>";
}

Thanks, Stanni

+1  A: 

I assume your field that's being posted is named "userfile"?

Also, this is not directly germane to your question, but it's generally considered a better practice to store files in the filesystem rather than in MySQL. Filesystems are designed to store large blocks of binary data, while databases are not.

Jeremy DeGroot  2009-02-23 15:43:26
I was storing the files in a file system first off but tried this to make sure the error wanst something to do with the server not allowing uploads or something.
Ryan  2009-02-23 15:50:14
+3  A: 

You should better use the file upload status to check whether the upload was successful.

And don’t use the addslashes function for MySQL queries. Use the mysql_real_escape_string instead.

Gumbo  2009-02-23 15:49:40
+2  A: 

If you upload the files with a form, does it have a 'enctype="multipart/form-data"' in the "form" tag?

Carsten  2009-02-23 15:53:35
+1  A: 

I assume from your example that your input name is upload. <input type="file" /> results in PHP are not sorted in $_POST but in $_FILES. The documentation uses $_FILES['userfile'] as their example field, but if your input is declared as <input type="file" name="upload" />, you should simply use $_FILES['upload'].

Andrew Moore  2009-02-23 15:53:43
Nope this is my form code:<input type="hidden" name="MAX_FILE_SIZE" value="2000000"><input name="userfile" type="file" id="userfile">
Ryan  2009-02-23 16:20:12
+2  A: 

This is a 2 fold process, first the upload itself and then the manipulation on the server. The first validation would be to make sure the file was even uploaded. For that you can use after the line

$fileName = $_FILES['userfile']['name'];

Use:

if(is_uploaded_file($fileName)) {
  // Here goes all the file manipulation/storage/etc
} else {
  echo 'Error: File could not be uploaded.';
}

Try to use that and maybe re-post if the file was actually uploaded. Just because $_FILES has content it does not necessarily mean that the file was uploaded to the server.

GiladG  2009-02-23 21:24:44

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL