Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Why does this query blow up?

Posted on 2015-02-07
3
Medium Priority
?
118 Views
Last Modified: 2015-02-07
This works:

	public function attachment_upload() {

	global $mysqli;
	
	$novie_id=$_POST['id'];
	
	if(isset($_FILES['attachment_1'])&& !empty($_FILES['attachment_1']['name']))
		{
		$pathinfo = pathinfo($_FILES['attachment_1']['name']);
		$new_name = $pathinfo['filename'].'_'.$novie_id.'.'.$pathinfo['extension'];
		$base_directory= "../attachments/"; 
		$target = $base_directory.''.$new_name;
		$url = $new_name;
		$uploadOk=1; 
		$fileParts = pathinfo( $url );
		$extension = $fileParts['extension'];
			if($extension=="jpg" OR $extension=="jpeg" OR $extension=="JPG" OR $extension=="GIF" OR  $extension=="gif" OR $extension=="PNG" OR $extension=="png" OR $extension=="doc" or 
			$extension=="docx" or $extension=="pdf" OR $extension=="xls" OR $extension=="xlsx" OR $extension=="ppt" OR $extension=="pptx" OR $extension=="txt" OR $extension=="pub" OR $extension=="wps"
			or $extension=="bmp" OR $extension=="BMP")
			{
				$uploadOk = 1;
			} 
			else 
			{
				$uploadOk = 0;
				header("Location: ../project_badfile.php");
				exit();
			}
		
			
			if(!move_uploaded_file($_FILES['attachment_1']['tmp_name'], $target))  
			{
				header("Location: ../project_no_upload.php");
				exit();
			}
			else 
			{
			  
			$sql_10 = "insert into attachments (project_id, url) values ('$novie_id', '$url')";
				if(!$query_10=$mysqli->query($sql_10))
				{
					$err_10='your attachments info didn\'t get uploaded becasue:'
					. 'ERRNO: '
					.$mysqli->errno
					. 'ERROR: '
					.$mysqli->error
					. 'and the query itself looks like this: '
					.$sql_10
					.PHP_EOL;
					trigger_error($err_2, E_USER_NOTICE);
				}
			}
		}
	}

Open in new window


This, however does not:

	public function attachment_upload() {

	global $mysqli;
	
	$novie_id=$_POST['id'];
	
	if(isset($_FILES['attachment_1'])&& !empty($_FILES['attachment_1']['name']))
		{
		$pathinfo = pathinfo($_FILES['attachment_1']['name']);
		$new_name = $pathinfo['filename'].'_'.$novie_id.'.'.$pathinfo['extension'];
		$base_directory= "../attachments/"; 
		$target = $base_directory.''.$new_name;
		$url = $new_name;
		$uploadOk=1; 
		$fileParts = pathinfo( $url );
		$extension = $fileParts['extension'];
			if($extension=="jpg" OR $extension=="jpeg" OR $extension=="JPG" OR $extension=="GIF" OR  $extension=="gif" OR $extension=="PNG" OR $extension=="png" OR $extension=="doc" or 
			$extension=="docx" or $extension=="pdf" OR $extension=="xls" OR $extension=="xlsx" OR $extension=="ppt" OR $extension=="pptx" OR $extension=="txt" OR $extension=="pub" OR $extension=="wps"
			or $extension=="bmp" OR $extension=="BMP")
			{
				$uploadOk = 1;
			} 
			else 
			{
				$uploadOk = 0;
				header("Location: ../project_badfile.php");
				exit();
			}
		
			
			if(!move_uploaded_file($_FILES['attachment_1']['tmp_name'], $target))  
			{
				header("Location: ../project_no_upload.php");
				exit();
			}
			else 
			{
			  
			$sql_10 = "insert into attachments (project_id, url) values ('$novie_id', '$url')";
				if(!$query_10=$mysqli->query($sql_10))
				{
					$err_10='your attachments info didn\'t get uploaded becasue:'
					. 'ERRNO: '
					.$mysqli->errno
					. 'ERROR: '
					.$mysqli->error
					. 'and the query itself looks like this: '
					.$sql_10
					.PHP_EOL;
					trigger_error($err_2, E_USER_NOTICE);
				}
			}
		}
		
		if(isset($_FILES['attachment_2'])&& !empty($_FILES['attachment_2']['name']))
			{
			$pathinfo_1 = pathinfo($_FILES['attachment_2']['name']);
			$new_name_1 = $pathinfo_1['filename'].'_'.$novie_id.'.'.$pathinfo_1['extension'];
			$base_directory_1 = "../attachments/"; 
			$target_1 = $base_directory_1.''.$new_name_1;
			$url_1 = $new_name_1;
			$uploadOk_1=1; 
			$fileParts_1 = pathinfo( $url_1 );
			$extension_1 = $fileParts_1['extension'];
			if($extension_1=="jpg" OR $extension_1=="jpeg" OR $extension_1=="JPG" OR $extension_1=="GIF" OR  $extension_1=="gif" OR $extension_1=="PNG" OR $extension_1=="png" OR $extension_1=="doc" or 
			$extension_1=="docx" or $extension_1=="pdf" OR $extension_1=="xls" OR $extension_1=="xlsx" OR $extension_1=="ppt" OR $extension_1=="pptx" OR $extension_1=="txt" OR $extension_1=="pub" OR $extension_1=="wps" or $extension_1=="bmp" OR $extension_1=="BMP")
				{
					$uploadOk_1 = 1;
				} 
				else 
				{
					$uploadOk_1 = 0;
					header("Location: ../project_badfile.php");
					exit();
				}
			 
				if(!move_uploaded_file($_FILES['attachment_2']['tmp_name'], $target_1))  
				{
				header("Location: ../project_no_upload.php");
				exit();
				}
				else 
				{
				  
				$sql_2 = "insert into attachments (project_id, url) values ('$novie_id', '$url_1')";
					if(!$query_2=$mysqli->query($sql_2))
					{
						$err_2='your attachments info didn\'t get uploaded becasue:'
						. 'ERRNO: '
						.$mysqli->errno
						. 'ERROR: '
						.$mysqli->error
						. 'and the query itself looks like this: '
						.$sql_2
						.PHP_EOL;
						trigger_error($err_2, E_USER_NOTICE);
					}
				}
			}
		}
		

Open in new window


If I try to upload one file at a time using the "attachment_1," no problems. If I try to upload two files at the same time using both "attachment_1" and "attachment_2," it doesn't work.

What am I doing wrong?
0
Comment
Question by:brucegust
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 2000 total points
ID: 40595934
First step would be to deconstruct the process and add some diagnostics to the mix.  PHP file uploads will tell you whether they worked or not (see line 45 below).  This example shows how to upload multiple files and detect any errors that might be occurring in the upload process.  Once you know that part is right, then you might add the database stuff back in and see if the problem occurs there.

<?php // demo/upload_multiple_example.php
error_reporting(E_ALL);


// MANUAL REFERENCE PAGES YOU MUST UNDERSTAND TO UPLOAD FILES
// http://php.net/manual/en/reserved.variables.files.php
// http://php.net/manual/en/features.file-upload.php
// http://php.net/manual/en/features.file-upload.common-pitfalls.php
// http://php.net/manual/en/function.move-uploaded-file.php

// MANUAL PAGES THAT ARE IMPORTANT IF YOU ARE DEALING WITH LARGE FILES
// http://php.net/manual/en/ini.core.php#ini.upload-max-filesize
// http://php.net/manual/en/ini.core.php#ini.post-max-size
// http://php.net/manual/en/info.configuration.php#ini.max-input-time


// PHP 5.1+  SEE http://php.net/manual/en/function.date-default-timezone-set.php
date_default_timezone_set('America/Chicago');

// ESTABLISH THE NAME OF THE DESTINATION FOLDER ('uploads' DIRECTORY)
$uploads = 'storage';
if (!is_dir($uploads))
{
    mkdir($uploads);
}

// ESTABLISH THE BIGGEST FILE SIZE WE WILL ACCEPT - ABOUT 8 MB
$max_file_size = 8 * 1024 * 1024;

// ESTABLISH THE MAXIMUM NUMBER OF FILES WE WILL UPLOAD
$nf = 3;

// ESTABLISH THE KINDS OF FILE EXTENSIONS WE WILL ACCEPT
$file_exts = array
( 'jpg'
, 'gif'
, 'png'
, 'txt'
, 'pdf'
, 'doc'
, 'docx'
)
;

// LIST OF THE ERRORS THAT MAY BE REPORTED IN $_FILES[]["error"] (THERE IS NO #5)
$errors = array
( 0 => "Success!"
, 1 => "The uploaded file exceeds the upload_max_filesize directive in php.ini"
, 2 => "The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form"
, 3 => "The uploaded file was only partially uploaded"
, 4 => "No file was uploaded"
, 5 => "UNDEFINED ERROR"
, 6 => "Missing a temporary folder"
, 7 => "Cannot write file to disk"
)
;


// IF WE HAVE GOT SOMETHING IN $_POST - RUN THE ACTION SCRIPT
if (!empty($_POST))
{
    echo "<h2>Results: File Upload</h2>" . PHP_EOL;

    // ACTIVATE THIS TO SEE WHAT IS COMING THROUGH
    // echo "<pre>"; var_dump($_FILES); var_dump($_POST); echo "</pre>";

    // ITERATE OVER THE CONTENTS OF $_FILES
    foreach ($_FILES as $my_uploaded_file)
    {
        // SKIP OVER EMPTY SPOTS - NOTHING UPLOADED
        $error_code = $my_uploaded_file["error"];
        if ($error_code == 4) continue;

        // SYNTHESIZE THE NEW FILE NAME
        $f_type = explode('.', basename($my_uploaded_file['name']));
        $f_type = end($f_type);
        $f_type = trim(strtolower($f_type));

        $f_name = explode('.', basename($my_uploaded_file['name']));
        $f_name = current($f_name);
        $f_name = trim(strtolower($f_name));

        $my_new_file
        = getcwd()
        . DIRECTORY_SEPARATOR
        . $uploads
        . DIRECTORY_SEPARATOR
        . $f_name
        . '.'
        . $f_type
        ;
        $my_file
        = $uploads
        . DIRECTORY_SEPARATOR
        . $f_name
        . '.'
        . $f_type;

        // OPTIONAL TEST FOR ALLOWABLE EXTENSIONS
        if (!in_array($f_type, $file_exts))
        {
            trigger_error("$f_type Not allowed", E_USER_WARNING);
            continue;
        }

        // IF THERE ARE ERRORS
        if ($error_code != 0)
        {
            $error_message = $errors[$error_code];
            trigger_error("Upload error code: $error_code: $error_message", E_USER_WARNING);
            continue;
        }

        // GET THE FILE SIZE
        $file_size = number_format($my_uploaded_file["size"]);

        // IF THE FILE IS NEW (DOES NOT EXIST)
        if (!file_exists($my_new_file))
        {
            // IF THE MOVE FUNCTION WORKED CORRECTLY
            if (move_uploaded_file($my_uploaded_file['tmp_name'], $my_new_file))
            {
                $upload_success = 1;
            }
            // IF THE MOVE FUNCTION FAILED
            else
            {
                $upload_success = -1;
            }
        }

        // IF THE FILE ALREADY EXISTS
        else
        {
            echo "<br/><b><i>$my_file</i></b> already exists." . PHP_EOL;

            // SHOULD WE OVERWRITE THE FILE? IF NOT
            if (empty($_POST["overwrite"]))
            {
                $upload_success = 0;
            }
            // IF WE SHOULD OVERWRITE THE FILE, TRY TO MAKE A BACKUP
            else
            {
                $now    = date('Y-m-d\THis');
                $my_bak = $my_new_file . '.' . $now . '.bak';
                if (!copy($my_new_file, $my_bak))
                {
                    trigger_error("Backup Failed for $my_file", E_USER_WARNING);
                }
                if (move_uploaded_file($my_uploaded_file['tmp_name'], $my_new_file))
                {
                    $upload_success = 2;
                }
                else
                {
                    $upload_success = -1;
                }
            }
        }

        // REPORT OUR SUCCESS OR FAILURE
        if ($upload_success == 2) { echo "<br/>It has been overwritten." . PHP_EOL; }
        if ($upload_success == 1) { echo "<br/><b>$my_file</b> has been saved." . PHP_EOL; }
        if ($upload_success == 0) { echo "<br/><b>It was NOT overwritten.</b>" . PHP_EOL; }
        if ($upload_success < 0)  { echo "<br/><b>ERROR: $my_file NOT SAVED - SEE WARNING FROM move_uploaded_file() COMMAND</b>" . PHP_EOL; }
        if ($upload_success > 0)
        {
            echo "$file_size bytes uploaded." . PHP_EOL;
            if (!chmod ($my_new_file, 0755))
            {
                echo '<br/>chmod(0755) FAILED: fileperms() = ';
                echo substr(sprintf('%o', fileperms($my_new_file)), -4);
            }
            echo '<br/><a target="_blank" href="' . $my_file . '">See the file ' . $my_file . '</a>' . PHP_EOL;
        }
    // END FOREACH ITERATOR - EACH ITERATION PROCESSES ONE FILE
    }
// END ACTION SCRIPT
}


// FORM SCRIPT: CREATE THE INPUT STATEMENTS FOR THE FILES
$inputs = NULL;
for ($n = 0; $n < $nf; $n++)
{
    $inputs .= '<input name="userfile' . $n . '" type="file" size="80" /><br/>' . PHP_EOL;
}

// CREATE THE HTML FORM USING HEREDOC NOTATION
$form = <<<EOF
<h2>Upload from 1 to $nf file(s)</h2>
<!--
    SOME IMPORTANT THINGS TO NOTE ABOUT THIS FORM...
    ENCTYPE= ATTRIBUTE IN THE HTML <FORM> TAG
    MAX_FILE_SIZE HIDDEN CONTROL MUST PRECEDE THE FILE INPUT CONTROLS
    INPUT NAME= IN TYPE=FILE DETERMINES THE NAME YOU FIND IN _FILES ARRAY
    ABSENCE OF ACTION= ATTRIBUTE IN <FORM> TAG CAUSES POST TO SAME URL
-->
<form name="UploadForm" enctype="multipart/form-data" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="$max_file_size" />
<p>
Find the file(s) you want to upload and click the "Upload" button below.
</p>

$inputs

<br/>Check this box <input autocomplete="off" type="checkbox" name="overwrite" /> to <b>overwrite</b> existing files.
<input type="submit" value="Upload" />
</form>
EOF;

echo $form;

Open in new window

0
 

Author Comment

by:brucegust
ID: 40596006
That will do it!

Thanks!
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40596012
Thanks for the points and thanks for using E-E.  And best of luck with your project! ~Ray
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question