Abraham Augustus Nortey
asked on
Creating an upload system
Hello am trying to create an upload system that that that automatically displays the uploaded contents( Doc, img, zip) and fetches and displays the id, first name and department of the user who uploaded the file from a database i already have whiles displaying
1.uploaded file name
2.Document name
3.size
4.Type
5.Download file button
6.Delete link
I have the information of the registered user and that of the upload system on different tables
The system should allow the user upload unlimited files without overwriting the previous ones
This is what i currently have for the upload.php
And this is for displaying the uploaded files
1.uploaded file name
2.Document name
3.size
4.Type
5.Download file button
6.Delete link
I have the information of the registered user and that of the upload system on different tables
The system should allow the user upload unlimited files without overwriting the previous ones
This is what i currently have for the upload.php
<?php
$page_title = "Databse System-Search";
include_once 'partials/headupload.php';
require_once('config/connect.php');
if(isset($_FILES) & !empty($_FILES)){
$name = $_FILES['profile']['name'];
$size = $_FILES['profile']['size'];
$type = $_FILES['profile']['type'];
$tmp_name = $_FILES['profile']['tmp_name'];
}
$location = "Doc-uploads/";
$maxsize = 10000000;
if(isset($name) &!empty($name)){
if($type == "image/jpeg" && $size <= $maxsize){
if(move_uploaded_file($tmp_name, $location.$name)){
$sql = "INSERT INTO `upload` (name, size, type, location) VALUES ('$name', '$size', '$type', '$location$name')";
$res = mysqli_query($connection, $sql);
if($res){
echo "Uploaded successfully";
}
}else{
echo "Failed to Upload";
}
}else{
echo "File should be jpeg image & only 100 kb in size";
}
}<form method="post" enctype="multipart/form-data">
<div class="form-group">
<label for="Uid"><b>User ID</b></label>
<input type="text" name="Uid" value="Staff <?php if(isset($_SESSION['id'])) echo $_SESSION['id']; ?>" class="form-control" id="Uid" required>
</div>
<div class="form-group">
<label for="upname"><b>Uploader Name</b></label>
<input type="text" name="upname" value="<?php if(isset($_SESSION['username'])) echo $_SESSION['username']; ?>" class="form-control" id="upname" required>
</div>
<div class="form-group">
<label for="min"><b>Ministry</b></label>
<input type="text" name="min" value="" class="form-control" id="min" required>
</div>
<div class="form-group">
<label for="DN"><b>Document Name</b></label>
<input name="DN" type="text" required class="form-control" id="DN" placeholder="Document Name" >
</div>
<div class="form-group">
<label for="exampleInputFile">File input</label>
<input type="file" name="profile" id="exampleInputFile">
<!-- <p class="help-block">Example block-level help text here.</p>-->
</div>
<button type="submit" class="btn btn-primary">Submit</button>
</form >And this is for displaying the uploaded files
<?php
$page_title = "Database System-";
include_once 'partials/upload-before.php';
require_once('config/connect.php');
$sql = "SELECT * FROM `upload`";
$res = mysqli_query($connection, $sql);
?><div class="row">
<table class="table">
<tr>
<th>S.No</th>
<th>Name</th>
<th>Size</th>
<th>Type</th>
<th>Location</th>
<th>Delete</th>
</tr>
<?php
while ($r = mysqli_fetch_assoc($res)) {
?>
<tr>
<td><?php echo $r['id']; ?></td>
<td><?php echo $r['name']; ?></td>
<td><?php echo $r['size']; ?></td>
<td><?php echo $r['type']; ?></td>
<td><?php echo $r['location']; ?></td>
<td><a href="delete.php?id=<?php echo $r['id']; ?>">Delete</a></td>
</tr>
<?php } ?>
</table>
</div>ASKER
Ok Sir. Will try and get back to you thx
ASKER
Hello Chris, i got this error but below is my code
$page_title = "Databse System-Search";
include_once 'partials/headsearch-before.php';
require_once('config/connect.php');
if(isset($_FILES) & !empty($_FILES)){
$name = $_FILES['profile']['name'];
$size = $_FILES['profile']['size'];
$type = $_FILES['profile']['type'];
$tmp_name = $_FILES['profile']['tmp_name'];
}
$location = "Doc-uploads/";
$maxsize = 10000000;
if(isset($name) &!empty($name)){
if($type == "image/jpeg" && $size <= $maxsize){
if(move_uploaded_file($tmp_name, $location.$name)){
$sql = "INSERT INTO `upload` (name, size, type, location, user_id) VALUES ('$name', '$size', '$type', '$location$name','$user_id')";
$res = mysqli_query($connection, $sql);
if($res){
echo "Uploaded successfully";
}
}else{
echo "Failed to Upload";
}
}else{
echo "File should be jpeg image & only 100 kb in size";
}
}
?> <form method="post" enctype="multipart/form-data">
<div class="form-group">
<label for="exampleInputFile">File input</label>
<input type="file" name="profile" id="exampleInputFile">
<!-- <p class="help-block">Example block-level help text here.</p>-->
</div>
<button type="submit" class="btn btn-primary">Submit</button>
</form ><?php
$page_title = "Databse System-Search";
include_once 'partials/headsearch-before.php';
require_once('config/connect.php');
$sql = "SELECT users.firstname, users.dept, upload.name, upload.size, upload.type,upload.location, upload.id
FROM users JOIN upload ON users.id = upload.user_id";
$res = mysqli_query($connection, $sql);
?>
<div class="row">
<table class="table">
<tr>
<th>S.No</th>
<th>First Name</th>
<th>Department</th>
<th>Name of doc</th>
<th>Size</th>
<th>Type</th>
<th>Location</th>
<th>Delete</th>
</tr>
<?php
while ($r = mysqli_fetch_assoc($res)) {
?>
<tr>
<td><?php echo $r['id']; ?></td>
<td><?php echo $r['firstname']; ?></td>
<td><?php echo $r['dept']; ?></td>
<td><?php echo $r['name']; ?></td>
<td><?php echo $r['size']; ?></td>
<td><?php echo $r['type']; ?></td>
<td><?php echo $r['location']; ?></td>
<td><a href="delete.php?id=<?php echo $r['id']; ?>">Delete</a></td>
</tr>
<?php } ?>
</table>
</div>
That error indicates that your SELECT query failed. You should add some error reporting in there to help diagnose the problem:
$sql = "SELECT users.firstname, users.dept, upload.name, upload.size, upload.type,upload.location, upload.id
FROM users JOIN upload ON users.id = upload.user_id";
$res = mysqli_query($connection, $sql);
if ( ! $res ) {
die( sprintf("Error: %s\n", mysqli_error($connection)) );
}
?>ASKER
Hello ,I got a blank page
Screenshot--122-.png
Screenshot--122-.png
OK. I can't tell what's going on from a blank screenshot!
I'd need to see your code as you now have it.
I'd need to see your code as you now have it.
ASKER
Ok. Sir
Below is the code for the upload page
And here is the page that displays the uploaded contents
Below is the code for the upload page
<?php
$page_title = "Parliamentary Databse System-Search";
include_once 'partials/headsearch-before.php';
require_once('config/connect.php');
if(isset($_FILES) & !empty($_FILES)){
$name = $_FILES['profile']['name'];
$size = $_FILES['profile']['size'];
$type = $_FILES['profile']['type'];
$tmp_name = $_FILES['profile']['tmp_name'];
}
$location = "Doc-uploads/";
$maxsize = 10000000;
if(isset($name) &!empty($name)){
if($type == "image/jpeg" && $size <= $maxsize){
if(move_uploaded_file($tmp_name, $location.$name)){
$sql = "INSERT INTO `upload` (name, size, type, location, user_id) VALUES ('$name', '$size', '$type', '$location$name','$user_id')";
$res = mysqli_query($connection, $sql);
if($res){
echo "Uploaded successfully";
}
}else{
echo "Failed to Upload";
}
}else{
echo "File should be jpeg image & only 100 kb in size";
}
}
?>
<div class="container">
<section class="col col-lg-7"><br><br><br><br><br><br>
<h3>Upload Documents Here </h3>
<p style="color: red">Files like Images and Documents</p>
<hr>
<form method="post" enctype="multipart/form-data">
<div class="form-group">
<div class="form-group">
<label for="exampleInputFile">File input</label>
<input type="file" name="profile" id="exampleInputFile">
<!-- <p class="help-block">Example block-level help text here.</p>-->
</div>
<button type="submit" class="btn btn-primary">Submit</button>
</form >
</div>And here is the page that displays the uploaded contents
<?php
$page_title = "Parliamentary Databse System-Search";
include_once 'partials/headsearch-before.php';
require_once('config/connect.php');
$sql = "SELECT users.firstname, users.dept, upload.name, upload.size, upload.type,upload.location, upload.id
FROM users JOIN upload ON users.id = upload.user_id";
$res = mysqli_query($connection, $sql);
if ( ! $res ) {
die( sprintf("Error: %s\n", mysqli_error($connection)) );
}
?>
<div class="container">
<section class="col col-lg-7"><br><br><br><br><br><br>
<h3>Recently Uploaded Documents </h3>
<div class="row">
<table class="table">
<tr>
<th>S.No</th>
<th>First Name</th>
<th>Department</th>
<th>Name of doc</th>
<th>Size</th>
<th>Type</th>
<th>Location</th>
<th>Delete</th>
</tr>
<?php
while ($r = mysqli_fetch_assoc($res)) {
?>
<tr>
<td><?php echo $r['id']; ?></td>
<td><?php echo $r['firstname']; ?></td>
<td><?php echo $r['dept']; ?></td>
<td><?php echo $r['name']; ?></td>
<td><?php echo $r['size']; ?></td>
<td><?php echo $r['type']; ?></td>
<td><?php echo $r['location']; ?></td>
<td><a href="delete.php?id=<?php echo $r['id']; ?>">Delete</a></td>
</tr>
<?php } ?>
</table>
</div>
OK. First of all, you should ALWAYS have error reporting turned ON when you're tetsing your scripts. Add this to the top of both your scripts:
error_reporting(E_ALL);
ini_set('display_errors', 1);
You haven't said which of those 2 files is giving you a blank output. I'm going to presume it's the upload page.
Couple of issues I see. When you're doing logical AND comparisons, you should be using the double ampersand, not the single one Lines 6 and 14):
isset($_FILES) && !empty($_FILES)
if(isset($name) && !empty($name)){
In your SQL for the upload, you're trying to insert the user_id:
$sql = "INSERT INTO `upload` (name, size, type, location, user_id) VALUES ('$name', '$size', '$type', '$location$name','$user_id')";
Nowhere in your code do you actually set a user_id, so I can't see where that comes from. That's likely to be the cause of your error. Once you've turned on error reporting, run your script again and see what it says.
error_reporting(E_ALL);
ini_set('display_errors', 1);
You haven't said which of those 2 files is giving you a blank output. I'm going to presume it's the upload page.
Couple of issues I see. When you're doing logical AND comparisons, you should be using the double ampersand, not the single one Lines 6 and 14):
isset($_FILES) && !empty($_FILES)
if(isset($name) && !empty($name)){
In your SQL for the upload, you're trying to insert the user_id:
$sql = "INSERT INTO `upload` (name, size, type, location, user_id) VALUES ('$name', '$size', '$type', '$location$name','$user_id')";
Nowhere in your code do you actually set a user_id, so I can't see where that comes from. That's likely to be the cause of your error. Once you've turned on error reporting, run your script again and see what it says.
ASKER
Well,I got the blank page because the database connection wasn't connected to the right database.The page that was blank was the display uploaded files page
After effecting the changes this is what i have
Screenshot--123-.png
After effecting the changes this is what i have
Screenshot--123-.png
ASKER
I added
error_reporting(E_ALL);
ini_set('display_errors', 1);
i dont have an errors on both pages
error_reporting(E_ALL);
ini_set('display_errors', 1);
i dont have an errors on both pages
ASKER
I found the Error Sir
ASKER
Upload Code
Display Uploaded files Code
<?php
$page_title = "Parliamentary Databse System-Search";
include_once 'partials/headsearch-before.php';
require_once('config/connect.php');
if(isset($_FILES) && !empty($_FILES)){
$name = $_FILES['profile']['name'];
$size = $_FILES['profile']['size'];
$type = $_FILES['profile']['type'];
$tmp_name = $_FILES['profile']['tmp_name'];
}
$location = "Doc-uploads/";
$maxsize = 10000000;
if(isset($name) && !empty($name)){
if($type == "image/jpeg" && $size <= $maxsize){
if(move_uploaded_file($tmp_name, $location.$name)){
$sql = "INSERT INTO `upload` (name, size, type, location) VALUES ('$name', '$size', '$type', '$location$name')";
$res = mysqli_query($connection, $sql);
if($res){
echo "Uploaded successfully";
}
}else{
echo "Failed to Upload";
}
}else{
echo "File should be jpeg image & only 100 kb in size";
}
}
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>Display Uploaded files Code
<?php
$page_title = "Databse System-Search";
include_once 'partials/headsearch-before.php';
require_once('config/connect.php');
$sql = "SELECT users.firstname, users.dept, upload.name, upload.size, upload.type,upload.location, upload.id
FROM users JOIN upload ON users.id = upload.id";
$res = mysqli_query($connection, $sql);
if ( ! $res ) {
die( sprintf("Error: %s\n", mysqli_error($connection)) );
}
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>
OK. Good stuff.
Now if you want to tag the uplaods with the user that uploaded it, you will need to integrate the user_id somehow. That will depend on how you track which user is uploading the file.
Now if you want to tag the uplaods with the user that uploaded it, you will need to integrate the user_id somehow. That will depend on how you track which user is uploading the file.
ASKER
it works but the upload table creates id's automatically for every upload,meaning if the users tables does not have an id matching the id from t he upload table
1. post wont be displayed
2. first name wont be displayed also
Screenshot--125-.png
Screenshot--126-.png
1. post wont be displayed
2. first name wont be displayed also
Screenshot--125-.png
Screenshot--126-.png
That was the point of my previous comment. You have a Users table, and in that table each record has an unique ID:
// Users
ID: 1, Name: Chris
ID: 2, Name: Abraham
Your upload table has an ID field, which is auto-generated and is the ID of the file. That's what it should be. That table also has a column called user_id, and you need to put the ID from the users table in that column:
//Uploads:
ID: 1, Filename: file1.jpg. UserID: 2
ID: 2, Filename: file2.jpg. UserID: 2
ID: 3, Filename: file3.jpg. UserID: 1
ID: 4, Filename: file4.jpg. UserID: 2
ID: 5, Filename: file5.jpg. UserID: 1
From that, you can see that file1, file2 and file4 belong to User 2 (Abraham) and file3 and file5 belong to User 1 (Chris)
To do that you will need to change your INSERT sql to include the user id:
$sql = "INSERT INTO `upload` (name, size, type, location, user_id) VALUES ('$name', '$size', '$type', '$location$name', '$user_id')";
But ... for that to work, you must know the user_id of who is uploading the file. How do you currently know which user that is?? Do you have that ID stored in a session variable somewhere (i.e. after a user has logged in)??
You would also need to change the SELECT query back so that it joined the 2 tables by using the ID from the Users table with the UserID from the Uploads table:
$sql = "SELECT users.firstname, users.dept, upload.name, upload.size, upload.type,upload.locatio
FROM users JOIN upload ON users.id = upload.user_id";
// Users
ID: 1, Name: Chris
ID: 2, Name: Abraham
Your upload table has an ID field, which is auto-generated and is the ID of the file. That's what it should be. That table also has a column called user_id, and you need to put the ID from the users table in that column:
//Uploads:
ID: 1, Filename: file1.jpg. UserID: 2
ID: 2, Filename: file2.jpg. UserID: 2
ID: 3, Filename: file3.jpg. UserID: 1
ID: 4, Filename: file4.jpg. UserID: 2
ID: 5, Filename: file5.jpg. UserID: 1
From that, you can see that file1, file2 and file4 belong to User 2 (Abraham) and file3 and file5 belong to User 1 (Chris)
To do that you will need to change your INSERT sql to include the user id:
$sql = "INSERT INTO `upload` (name, size, type, location, user_id) VALUES ('$name', '$size', '$type', '$location$name', '$user_id')";
But ... for that to work, you must know the user_id of who is uploading the file. How do you currently know which user that is?? Do you have that ID stored in a session variable somewhere (i.e. after a user has logged in)??
You would also need to change the SELECT query back so that it joined the 2 tables by using the ID from the Users table with the UserID from the Uploads table:
$sql = "SELECT users.firstname, users.dept, upload.name, upload.size, upload.type,upload.locatio
FROM users JOIN upload ON users.id = upload.user_id";
ASKER
Yes i have a session variable available
OK. Well if that session variable holds the user id, then use that to insert into your DB. Something like this:
$user_id = $_SESSION['user_id']; // retrieve the current user from the SESSION array.
$sql = "INSERT INTO `upload` (name, size, type, location, user_id) VALUES ('$name', '$size', '$type', '$location$name', '$user_id')";
$res = mysqli_query($connection, $sql);ASKER
Ok. this is what i did
$user_id = $_SESSION['id'];
the line 65 as indicated in the image is
<td><?php echo $r['user_id']; ?></td>
Screenshot--127-.png
$user_id = $_SESSION['id'];
the line 65 as indicated in the image is
<td><?php echo $r['user_id']; ?></td>
Screenshot--127-.png
ASKER
Corrected
<tr>
<td><?php echo $r['uid']; ?></td>
<td><?php echo $_SESSION['id']; ?></td>
<td><?php echo $r['firstname']; ?></td>
<td><?php echo $r['dept']; ?></td>
<td><?php echo $r['name']; ?></td>
<td><?php echo $r['size']; ?></td>
<td><?php echo $r['type']; ?></td>
<td><?php echo $r['location']; ?></td>
<td><a href="delete.php?id=<?php echo $r['id']; ?>">Delete</a></td>
</tr>ASKER
Image of the above
Screenshot--128-.png
Screenshot--128-.png
Right. Look at your SELECT query:
$sql = "SELECT users.firstname, users.dept, upload.name, upload.size, upload.type, upload.location, upload.id
FROM users JOIN upload ON users.id = upload.user_id";
Nowhere in there are you SELECTing the user_id field, so it won't exist when you try to echo it out. The fields you do have available are firstname, dept, name, size, type, location, id.
If you really want to echo out the user_id, then include it in your query.
$sql = "SELECT users.firstname, users.dept, upload.name, upload.size, upload.type, upload.location, upload.id, upload.user_id
FROM users JOIN upload ON users.id = upload.user_id";
$sql = "SELECT users.firstname, users.dept, upload.name, upload.size, upload.type, upload.location, upload.id
FROM users JOIN upload ON users.id = upload.user_id";
Nowhere in there are you SELECTing the user_id field, so it won't exist when you try to echo it out. The fields you do have available are firstname, dept, name, size, type, location, id.
If you really want to echo out the user_id, then include it in your query.
$sql = "SELECT users.firstname, users.dept, upload.name, upload.size, upload.type, upload.location, upload.id, upload.user_id
FROM users JOIN upload ON users.id = upload.user_id";
See my previous comment. The way you now have it, it will show the ID of the logged in user and not the ID of the user that owns that file.
You also seemed to have changed $id to $uid somewhere along the way, so now your Delete link probably won't work.
ASKER
Understood.its working now
<td><?php echo $r['user_id']; ?></td>
<td><?php echo $r['user_id']; ?></td>
ASKER
How can i integrate the download link and view file option into this and also make it such that accepts any file type eg..zip file type, documents and images
ASKER
Also after uploading the file i noticed that i dont get the sucess message
<?php
$page_title = "Parliamentary Databse System-Search";
include_once 'partials/headsearch-before.php';
require_once('config/connect.php');
if(isset($_FILES) && !empty($_FILES)){
$name = $_FILES['profile']['name'];
$size = $_FILES['profile']['size'];
$type = $_FILES['profile']['type'];
$tmp_name = $_FILES['profile']['tmp_name'];
}
$location = "Doc-uploads/";
$maxsize = 10000000;
if(isset($name) && !empty($name)){
if($type == "image/jpeg" && $size <= $maxsize){
if(move_uploaded_file($tmp_name, $location.$name)){
$user_id = $_SESSION['id']; // retrieve the current user from the SESSION array.
$sql = "INSERT INTO `upload` (name, size, type, location, user_id) VALUES ('$name', '$size', '$type', '$location$name','$user_id')";
$res = mysqli_query($connection, $sql);
if($res){
echo "Uploaded successfully";
}
}else{
echo "Failed to Upload";
}
}else{
echo "File should be jpeg image & only 100 kb in size";
}
}
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>
I don't know why you're not getting the Success message, as we're only seeing a part of your page. If that script is called before any HTML output, then it'l possible that it's being echoed out, but it's just not visible in a webpage.
To allow for other types of upload, you could just add the allowed types to an array and then check tht against the $type
As for viewing the file ... that's going to be a bit of a problem. Your browser is just not capable of viewing most file types. You could just add a link to file and see how you get on:
You might have to edit the path a little depending on where you actually store the files.
To allow for other types of upload, you could just add the allowed types to an array and then check tht against the $type
$allowed=[
'image/jpeg',
'text',
'someothertype',
];
if( in_array($type, $allowed) && $size <= $maxsize){
...
} else {
echo "File type is not allowed or is bigger than 100 kb in size";
}As for viewing the file ... that's going to be a bit of a problem. Your browser is just not capable of viewing most file types. You could just add a link to file and see how you get on:
<a href="<?= $r['location'] ?>">Link to file</a>You might have to edit the path a little depending on where you actually store the files.
ASKER
You are right about the message being echoed plus i noticed that contents in there shifted a bit down but nothing visible
Once you've uploaded a file, view the source of your page and see if the message is in there somewhere
ASKER
It displays the message behind the header
ASKER
Please with the file type,It still doesnt allow for other type
<?php
$page_title = "Parliamentary Databse System-Search";
include_once 'partials/headsearch-before.php';
require_once('config/connect.php');
if(isset($_FILES) && !empty($_FILES)){
$name = $_FILES['profile']['name'];
$size = $_FILES['profile']['size'];
$type = $_FILES['profile']['type'];
$tmp_name = $_FILES['profile']['tmp_name'];
}
$location = "Doc-uploads/";
$maxsize = 10000000;
$allowed=[
'image/jpeg',
'Doc/text',
'File/zip',
];
if(isset($name) && !empty($name)){
if( in_array($type, $allowed) && $size <= $maxsize){
if(move_uploaded_file($tmp_name, $location.$name)){
$user_id = $_SESSION['id']; // retrieve the current user from the SESSION array.
$sql = "INSERT INTO `upload` (name, size, type, location, user_id) VALUES ('$name', '$size', '$type', '$location$name','$user_id')";
$res = mysqli_query($connection, $sql);
if($res){
echo "Uploaded successfully";
}
}else{
echo "Failed to Upload";
}
}else{
echo "File type is not allowed or is bigger than 100 kb in size";
}
}
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>ASKER
And also i wanted to know if i can upload to two different locations?With the second location being the backup
$location = "Doc-uploads/";
$location = "Doc-uploads/";
OK.
You can't just make up the file types:
$allowed=[
'image/jpeg',
'Doc/text',
'File/zip',
];
The Doc/text and File/zip aren't valid mime-types. For example, a zip file will probably be of type application/zip or application/x-zip-compress
Each file will have it's own mime type. You can do search to find out some of the common ones, or you could just upload a file of a given type yourself and do a var_dump on the file info:
If you want to upload to 2 locations, simply do a file copy:
You can't just make up the file types:
$allowed=[
'image/jpeg',
'Doc/text',
'File/zip',
];
The Doc/text and File/zip aren't valid mime-types. For example, a zip file will probably be of type application/zip or application/x-zip-compress
Each file will have it's own mime type. You can do search to find out some of the common ones, or you could just upload a file of a given type yourself and do a var_dump on the file info:
if(isset($_FILES) && !empty($_FILES)){
var_dump($_FILES['profile']);
...
}If you want to upload to 2 locations, simply do a file copy:
if(move_uploaded_file($tmp_name, $location.$name)){
copy( $location.$name, $dest);ASKER
Okay Sir. thanks
ASKER
Hello, In relation to the MIME types, i found some online
But when i tried uploading any media type above i get the message file type is not allowed
'image/jpeg',
'application/pdf',
'image/png',
'image/gif',
'application/zip',
'application/pdf',
'application/msword (.doc)',
'application/vnd.openxmlformats-officedocument.wordprocessingml.document(.docx)',
'application/vnd.ms-excel (.xls)',
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet (.xlsx)',
'application/vnd.ms-powerpoint (.ppt)',
'application/vnd.openxmlformats-officedocument.presentationml.presentation (.pptx)',But when i tried uploading any media type above i get the message file type is not allowed
<?php
$page_title = "Parliamentary Databse System-Search";
include_once 'partials/headsearch-before.php';
require_once('config/connect.php');
if(isset($_FILES) && !empty($_FILES)){
$name = $_FILES['profile']['name'];
$size = $_FILES['profile']['size'];
$type = $_FILES['profile']['type'];
$tmp_name = $_FILES['profile']['tmp_name'];
}
$location = "Doc-uploads/";
$maxsize = 10000000;
$allowed=[
'image/jpeg',
'application/pdf',
'image/png',
'image/gif',
'application/zip',
'application/pdf',
'application/msword (.doc)',
'application/vnd.openxmlformats-officedocument.wordprocessingml.document(.docx)',
'application/vnd.ms-excel (.xls)',
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet (.xlsx)',
'application/vnd.ms-powerpoint (.ppt)',
'application/vnd.openxmlformats-officedocument.presentationml.presentation (.pptx)',
];
if(isset($name) && !empty($name)){
if( in_array($type, $allowed) && $size <= $maxsize){
//if($type == "image/jpeg" && $size <= $maxsize){
if(move_uploaded_file($tmp_name, $location.$name)){
$user_id = $_SESSION['id']; // retrieve the current user from the SESSION array.
$sql = "INSERT INTO `upload` (name, size, type, location, user_id) VALUES ('$name', '$size', '$type', '$location$name','$user_id')";
$res = mysqli_query($connection, $sql);
if($res){
echo "Uploaded successfully";
}
}else{
echo "Failed to Upload";
}
}else{
echo "File type is not allowed or is bigger than 100 kb in size";
}
}
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>
Hey Abraham,
For this to work, you need to be very specific about the mime-types. If there is not an exact match, then your file won't upload. In your code above, you have added the file extension in brackets to the end of the mime-type:
'application/msword (.doc)'
This won't work, because now it's not a valid mime-type. As I've said previously, if you var_dump the data, you'll see the exact string you need to use:
if(isset($_FILES) && !empty($_FILES)){
var_dump($_FILES['profile'
...
}
Whatever the filetype is when you dump that data, that's what you need to use - EXACTLY!
For this to work, you need to be very specific about the mime-types. If there is not an exact match, then your file won't upload. In your code above, you have added the file extension in brackets to the end of the mime-type:
'application/msword (.doc)'
This won't work, because now it's not a valid mime-type. As I've said previously, if you var_dump the data, you'll see the exact string you need to use:
if(isset($_FILES) && !empty($_FILES)){
var_dump($_FILES['profile'
...
}
Whatever the filetype is when you dump that data, that's what you need to use - EXACTLY!
ASKER
Thanks. Using the if(isset($_FILES) && !empty($_FILES)){
var_dump($_FILES['profile'
var_dump($_FILES['profile'
$allowed=[
'image/jpeg',
'application/pdf',
'image/png',
'image/gif',
'application/zip',
'application/x-zip-compressed',
'multipart/x-zip',
'application/x-compressed',
'application/pdf',
'application/msword',
'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
'application/vnd.ms-excel (.xls)',
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
'application/vnd.ms-powerpoint',
'application/vnd.openxmlformats-officedocument.presentationml.presentation',
];ASKER
A Quick question sir when uploading to 2 locations
I tried the following below, What am i doing wrong
I tried the following below, What am i doing wrong
if(move_uploaded_file($tmp_name, $location.$name)){
copy( $location.$name, $DocUp);
if(move_uploaded_file($tmp_name, $location.$name)){
copy( $location.$name, "C:\xampp\htdocs\Parliament web\Login\DocUp");ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Chris.Forever grateful
Couple of things. If you want to tag an upload with a User, then you're going to need to store the User ID in the upload table. To do that, add a column to the upload table called something like user_id. Then when you insert your new record, make sure you insert the user id as well:
INSERT INTO upload (name, size, type, location, user_id) VALUES (?, ?, ?, ?, ?);
Once you've done that, then you can do a query with a JOIN to select the files and the user information in one go.
SELECT users.name, users.email, upload.name, upload.type, upload.id
FROM users
JOIN upload
ON users.id = upload.user_id
For your upload form, don't rely on a form input to store the User ID. Keep that value in a SESSION variable and use that instead - it's safer.