Creating an upload system

Hello am trying to create an upload system that that that automatically displays the uploaded contents( Doc, img, zip) and fetches and displays the id, first name and department of the user who uploaded the file from a database i already have whiles displaying

1.uploaded file name
2.Document name
3.size
4.Type
5.Download file button
6.Delete link

I have the information of the registered user and that of the upload system on different tables
The system should allow the user upload unlimited files without overwriting the previous ones

This is what i currently have for the upload.php

<?php
$page_title = "Databse System-Search";
include_once 'partials/headupload.php';

require_once('config/connect.php');
if(isset($_FILES) & !empty($_FILES)){
	$name = $_FILES['profile']['name'];
	$size = $_FILES['profile']['size'];
	$type = $_FILES['profile']['type'];
	$tmp_name = $_FILES['profile']['tmp_name'];
}
$location = "Doc-uploads/";
$maxsize = 10000000;
if(isset($name) &!empty($name)){
	if($type == "image/jpeg" && $size <= $maxsize){
		if(move_uploaded_file($tmp_name, $location.$name)){
			
			$sql = "INSERT INTO `upload` (name, size, type, location) VALUES ('$name', '$size', '$type', '$location$name')";
			$res = mysqli_query($connection, $sql);
			if($res){
				echo "Uploaded successfully";
			}
		}else{
			echo "Failed to Upload";
		}
	}else{
		echo "File should be jpeg image & only 100 kb in size";
	}
}

Open in new window




<form method="post" enctype="multipart/form-data">
							  
							          <div class="form-group">
                        <label for="Uid"><b>User ID</b></label>
                        <input type="text" name="Uid" value="Staff <?php if(isset($_SESSION['id'])) echo $_SESSION['id']; ?>" class="form-control" id="Uid" required>
                    </div>
							  <div class="form-group">
                        <label for="upname"><b>Uploader Name</b></label>
                        <input type="text" name="upname" value="<?php if(isset($_SESSION['username'])) echo $_SESSION['username']; ?>" class="form-control" id="upname" required>
                    </div> 
							  <div class="form-group">
                        <label for="min"><b>Ministry</b></label>
                        <input type="text" name="min" value="" class="form-control" id="min" required>
                    </div>
               <div class="form-group">
                 <label for="DN"><b>Document Name</b></label>
                   <input name="DN" type="text" required class="form-control" id="DN" placeholder="Document Name" >
                 </div>
				
                  <div class="form-group">
		    <label for="exampleInputFile">File input</label>
		    <input type="file" name="profile" id="exampleInputFile">
		   <!-- <p class="help-block">Example block-level help text here.</p>-->
		  </div>

		  <button type="submit" class="btn btn-primary">Submit</button>
             </form >

Open in new window





And this is for displaying the uploaded files

<?php
$page_title = "Database System-";
include_once 'partials/upload-before.php';
require_once('config/connect.php');
$sql = "SELECT * FROM `upload`";
$res = mysqli_query($connection, $sql);

?>

Open in new window


<div class="row">
		<table class="table">
			<tr>
				<th>S.No</th>
				<th>Name</th>
				<th>Size</th>
				<th>Type</th>
				<th>Location</th>
				<th>Delete</th>
			</tr>
			<?php 
				while ($r = mysqli_fetch_assoc($res)) {
			?>
			<tr>
				<td><?php echo $r['id']; ?></td>
				<td><?php echo $r['name']; ?></td>
				<td><?php echo $r['size']; ?></td>
				<td><?php echo $r['type']; ?></td>
				<td><?php echo $r['location']; ?></td>
				<td><a href="delete.php?id=<?php echo $r['id']; ?>">Delete</a></td>
			</tr>
			<?php } ?>
		</table>
	</div>

Open in new window

Abraham Augustus NorteyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris StanyonWebDevCommented:
Hi Abraham,

Couple of things. If you want to tag an upload with a User, then you're going to need to store the User ID in the upload table. To do that, add a column to the upload table called something like user_id. Then when you insert your new record, make sure you insert the user id as well:

INSERT INTO upload (name, size, type, location, user_id) VALUES (?, ?, ?, ?, ?);

Once you've done that, then you can do a query with a JOIN to select the files and the user information in one go.

SELECT users.name, users.email, upload.name, upload.type, upload.id
FROM users
JOIN upload
ON users.id = upload.user_id

For your upload form, don't rely on a form input to store the User ID. Keep that value in a SESSION variable and use that instead - it's safer.
0
Abraham Augustus NorteyAuthor Commented:
Ok Sir. Will try and get back to you thx
0
Abraham Augustus NorteyAuthor Commented:
Hello Chris, i got this error but below is my code
$page_title = "Databse System-Search";
include_once 'partials/headsearch-before.php';

require_once('config/connect.php');
if(isset($_FILES) & !empty($_FILES)){
	$name = $_FILES['profile']['name'];
	$size = $_FILES['profile']['size'];
	$type = $_FILES['profile']['type'];
	$tmp_name = $_FILES['profile']['tmp_name'];
}
$location = "Doc-uploads/";
$maxsize = 10000000;
if(isset($name) &!empty($name)){
	if($type == "image/jpeg" && $size <= $maxsize){
		if(move_uploaded_file($tmp_name, $location.$name)){
			
			$sql = "INSERT INTO `upload` (name, size, type, location, user_id) VALUES ('$name', '$size', '$type', '$location$name','$user_id')";
			$res = mysqli_query($connection, $sql);
			if($res){
				echo "Uploaded successfully";
			}
		}else{
			echo "Failed to Upload";
		}
	}else{
		echo "File should be jpeg image & only 100 kb in size";
	}
}
?>

Open in new window



 <form method="post" enctype="multipart/form-data">
			<div class="form-group">
		    <label for="exampleInputFile">File input</label>
		    <input type="file" name="profile" id="exampleInputFile">
		   <!-- <p class="help-block">Example block-level help text here.</p>-->
		  </div>

		  <button type="submit" class="btn btn-primary">Submit</button>
             </form >

Open in new window



<?php
$page_title = "Databse System-Search";
include_once 'partials/headsearch-before.php';
require_once('config/connect.php');

$sql = "SELECT users.firstname, users.dept, upload.name, upload.size, upload.type,upload.location, upload.id
FROM users JOIN upload ON users.id = upload.user_id";
$res = mysqli_query($connection, $sql);

?>

<div class="row">
		<table class="table">
			<tr>
				<th>S.No</th>
				<th>First Name</th>
				<th>Department</th>
				<th>Name of doc</th>
				<th>Size</th>
				<th>Type</th>
				<th>Location</th>
				<th>Delete</th>
			</tr>
			<?php 
				while ($r = mysqli_fetch_assoc($res)) {
			?>
			<tr>
				<td><?php echo $r['id']; ?></td>
				<td><?php echo $r['firstname']; ?></td>
				<td><?php echo $r['dept']; ?></td>
				<td><?php echo $r['name']; ?></td>
				<td><?php echo $r['size']; ?></td>
				<td><?php echo $r['type']; ?></td>
				<td><?php echo $r['location']; ?></td>
				<td><a href="delete.php?id=<?php echo $r['id']; ?>">Delete</a></td>
			</tr>
			<?php } ?>
		</table>
	</div>

Open in new window

Screenshot--121-.png
0
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Chris StanyonWebDevCommented:
That error indicates that your SELECT query failed. You should add some error reporting in there to help diagnose the problem:

$sql = "SELECT users.firstname, users.dept, upload.name, upload.size, upload.type,upload.location, upload.id
FROM users JOIN upload ON users.id = upload.user_id";
$res = mysqli_query($connection, $sql);

if ( ! $res ) {
    die( sprintf("Error: %s\n", mysqli_error($connection)) );
}

?>

Open in new window

0
Abraham Augustus NorteyAuthor Commented:
Hello ,I got a blank page
Screenshot--122-.png
0
Chris StanyonWebDevCommented:
OK. I can't tell what's going on from a blank screenshot!

I'd need to see your code as you now have it.
0
Abraham Augustus NorteyAuthor Commented:
Ok. Sir
Below is the code for the upload page
<?php
$page_title = "Parliamentary Databse System-Search";
include_once 'partials/headsearch-before.php';

require_once('config/connect.php');
if(isset($_FILES) & !empty($_FILES)){
	$name = $_FILES['profile']['name'];
	$size = $_FILES['profile']['size'];
	$type = $_FILES['profile']['type'];
	$tmp_name = $_FILES['profile']['tmp_name'];
}
$location = "Doc-uploads/";
$maxsize = 10000000;
if(isset($name) &!empty($name)){
	if($type == "image/jpeg" && $size <= $maxsize){
		if(move_uploaded_file($tmp_name, $location.$name)){
			
			$sql = "INSERT INTO `upload` (name, size, type, location, user_id) VALUES ('$name', '$size', '$type', '$location$name','$user_id')";
			$res = mysqli_query($connection, $sql);
			if($res){
				echo "Uploaded successfully";
			}
		}else{
			echo "Failed to Upload";
		}
	}else{
		echo "File should be jpeg image & only 100 kb in size";
	}
}
?>



<div class="container">
    <section class="col col-lg-7"><br><br><br><br><br><br>
   <h3>Upload Documents Here </h3>
		
		<p style="color: red">Files like Images and Documents</p>
		<hr>
  <form method="post" enctype="multipart/form-data">
							  
 <div class="form-group">
 <div class="form-group">
		    <label for="exampleInputFile">File input</label>
		    <input type="file" name="profile" id="exampleInputFile">
		   <!-- <p class="help-block">Example block-level help text here.</p>-->
		  </div>

		  <button type="submit" class="btn btn-primary">Submit</button>
             </form >

</div>

Open in new window



And here is the page that displays the uploaded contents
<?php
$page_title = "Parliamentary Databse System-Search";
include_once 'partials/headsearch-before.php';
require_once('config/connect.php');

$sql = "SELECT users.firstname, users.dept, upload.name, upload.size, upload.type,upload.location, upload.id
FROM users JOIN upload ON users.id = upload.user_id";
$res = mysqli_query($connection, $sql);

if ( ! $res ) {
    die( sprintf("Error: %s\n", mysqli_error($connection)) );
}

?>


<div class="container">
    <section class="col col-lg-7"><br><br><br><br><br><br>
   <h3>Recently Uploaded Documents  </h3>
		

    <div class="row">
		<table class="table">
			<tr>
				<th>S.No</th>
				<th>First Name</th>
				<th>Department</th>
				<th>Name of doc</th>
				<th>Size</th>
				<th>Type</th>
				<th>Location</th>
				<th>Delete</th>
			</tr>
			<?php 
				while ($r = mysqli_fetch_assoc($res)) {
			?>
			<tr>
				<td><?php echo $r['id']; ?></td>
				<td><?php echo $r['firstname']; ?></td>
				<td><?php echo $r['dept']; ?></td>
				<td><?php echo $r['name']; ?></td>
				<td><?php echo $r['size']; ?></td>
				<td><?php echo $r['type']; ?></td>
				<td><?php echo $r['location']; ?></td>
				<td><a href="delete.php?id=<?php echo $r['id']; ?>">Delete</a></td>
			</tr>
			<?php } ?>
		</table>
	</div>

Open in new window

0
Chris StanyonWebDevCommented:
OK. First of all, you should ALWAYS have error reporting turned ON when you're tetsing your scripts. Add this to the top of both your scripts:

error_reporting(E_ALL);
ini_set('display_errors', 1);

You haven't said which of those 2 files is giving you a blank output. I'm going to presume it's the upload page.

Couple of issues I see. When you're doing logical AND comparisons, you should be using the double ampersand, not the single one Lines 6 and 14):

isset($_FILES) && !empty($_FILES)
if(isset($name) && !empty($name)){

In your SQL for the upload, you're trying to insert the user_id:

$sql = "INSERT INTO `upload` (name, size, type, location, user_id) VALUES ('$name', '$size', '$type', '$location$name','$user_id')";

Nowhere in your code do you actually set a user_id, so I can't see where that comes from. That's likely to be the cause of your error. Once you've turned on error reporting, run your script again and see what it says.
0
Abraham Augustus NorteyAuthor Commented:
Well,I got the blank page because the database connection wasn't connected to the right database.The page that was blank was the display uploaded files page
After effecting the changes this is what i have
Screenshot--123-.png
0
Abraham Augustus NorteyAuthor Commented:
I added
error_reporting(E_ALL);
ini_set('display_errors', 1);

i dont have an errors on both pages
0
Abraham Augustus NorteyAuthor Commented:
I found the Error Sir
0
Abraham Augustus NorteyAuthor Commented:
Upload Code
<?php
$page_title = "Parliamentary Databse System-Search";
include_once 'partials/headsearch-before.php';

require_once('config/connect.php');
if(isset($_FILES) && !empty($_FILES)){
	$name = $_FILES['profile']['name'];
	$size = $_FILES['profile']['size'];
	$type = $_FILES['profile']['type'];
	$tmp_name = $_FILES['profile']['tmp_name'];
}
$location = "Doc-uploads/";
$maxsize = 10000000;
if(isset($name) && !empty($name)){
	if($type == "image/jpeg" && $size <= $maxsize){
		if(move_uploaded_file($tmp_name, $location.$name)){
			
			$sql = "INSERT INTO `upload` (name, size, type, location) VALUES ('$name', '$size', '$type', '$location$name')";
			$res = mysqli_query($connection, $sql);
			if($res){
				echo "Uploaded successfully";
			}
		}else{
			echo "Failed to Upload";
		}
	}else{
		echo "File should be jpeg image & only 100 kb in size";
	}
}
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>

Open in new window




Display Uploaded files Code

<?php
$page_title = "Databse System-Search";
include_once 'partials/headsearch-before.php';
require_once('config/connect.php');

$sql = "SELECT users.firstname, users.dept, upload.name, upload.size, upload.type,upload.location, upload.id
FROM users JOIN upload ON users.id = upload.id";
$res = mysqli_query($connection, $sql);

if ( ! $res ) {
    die( sprintf("Error: %s\n", mysqli_error($connection)) );
}
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>

Open in new window

Screenshot--124-.png
0
Chris StanyonWebDevCommented:
OK. Good stuff.

Now if you want to tag the uplaods with the user that uploaded it, you will need to integrate the user_id somehow. That will depend on how you track which user is uploading the file.
0
Abraham Augustus NorteyAuthor Commented:
it works but the upload table creates id's automatically for every upload,meaning if the users tables does not have an id matching the id from t he upload table
1. post wont be displayed
2. first name wont be displayed also
Screenshot--125-.png
Screenshot--126-.png
0
Chris StanyonWebDevCommented:
That was the point of my previous comment. You have a Users table, and in that table each record has an unique ID:

// Users
ID: 1, Name: Chris
ID: 2, Name: Abraham

Your upload table has an ID field, which is auto-generated and is the ID of the file. That's what it should be. That table also has a column called user_id, and you need to put the ID from the users table in that column:

//Uploads:
ID: 1, Filename: file1.jpg. UserID: 2
ID: 2, Filename: file2.jpg. UserID: 2
ID: 3, Filename: file3.jpg. UserID: 1
ID: 4, Filename: file4.jpg. UserID: 2
ID: 5, Filename: file5.jpg. UserID: 1

From that, you can see that file1, file2 and file4 belong to User 2 (Abraham) and file3 and file5 belong to User 1 (Chris)

To do that you will need to change your INSERT sql to include the user id:

$sql = "INSERT INTO `upload` (name, size, type, location, user_id) VALUES ('$name', '$size', '$type', '$location$name', '$user_id')";

But ... for that to work, you must know the user_id of who is uploading the file. How do you currently know which user that is?? Do you have that ID stored in a session variable somewhere (i.e. after a user has logged in)??

You would also need to change the SELECT query back so that it joined the 2 tables by using the ID from the Users table with the UserID from the Uploads table:

$sql = "SELECT users.firstname, users.dept, upload.name, upload.size, upload.type,upload.location, upload.id
FROM users JOIN upload ON users.id = upload.user_id";
0
Abraham Augustus NorteyAuthor Commented:
Yes i have a session variable available
0
Chris StanyonWebDevCommented:
OK. Well if that session variable holds the user id, then use that to insert into your DB. Something like this:

$user_id = $_SESSION['user_id']; // retrieve the current user from the SESSION array.
$sql = "INSERT INTO `upload` (name, size, type, location, user_id) VALUES ('$name', '$size', '$type', '$location$name', '$user_id')";
$res = mysqli_query($connection, $sql);

Open in new window

Obvioulsy, you'll need to edit the code to match whatever your SESSION key is called.
0
Abraham Augustus NorteyAuthor Commented:
Ok. this is what i did

$user_id = $_SESSION['id'];

the line 65 as indicated in the image is
      <td><?php echo $r['user_id']; ?></td>
Screenshot--127-.png
0
Abraham Augustus NorteyAuthor Commented:
Corrected
<tr>
				<td><?php echo $r['uid']; ?></td>
				<td><?php echo $_SESSION['id']; ?></td>
				<td><?php echo $r['firstname']; ?></td>
				<td><?php echo $r['dept']; ?></td>
				<td><?php echo $r['name']; ?></td>
				<td><?php echo $r['size']; ?></td>
				<td><?php echo $r['type']; ?></td>
				<td><?php echo $r['location']; ?></td>
				<td><a href="delete.php?id=<?php echo $r['id']; ?>">Delete</a></td>
			</tr>

Open in new window

0
Abraham Augustus NorteyAuthor Commented:
Image of  the above
Screenshot--128-.png
0
Chris StanyonWebDevCommented:
Right. Look at your SELECT query:

$sql = "SELECT users.firstname, users.dept, upload.name, upload.size, upload.type, upload.location, upload.id
FROM users JOIN upload ON users.id = upload.user_id";

Nowhere in there are you SELECTing the user_id field, so it won't exist when you try to echo it out. The fields you do have available are firstname, dept, name, size, type, location, id.

If you really want to echo out the user_id, then include it in your query.

$sql = "SELECT users.firstname, users.dept, upload.name, upload.size, upload.type, upload.location, upload.id, upload.user_id
FROM users JOIN upload ON users.id = upload.user_id";
0
Chris StanyonWebDevCommented:
See my previous comment. The way you now have it, it will show the ID of the logged in user and not the ID of the user that owns that file.
0
Chris StanyonWebDevCommented:
You also seemed to have changed $id to $uid somewhere along the way, so now your Delete link probably won't work.
0
Abraham Augustus NorteyAuthor Commented:
Understood.its working now

<td><?php echo $r['user_id']; ?></td>
0
Abraham Augustus NorteyAuthor Commented:
How can i integrate the download link and view file option into this and also make it such that accepts any file type  eg..zip file type, documents and images
0
Abraham Augustus NorteyAuthor Commented:
Also after uploading the file i noticed that i dont get the sucess message
<?php
$page_title = "Parliamentary Databse System-Search";
include_once 'partials/headsearch-before.php';

require_once('config/connect.php');
if(isset($_FILES) && !empty($_FILES)){
	$name = $_FILES['profile']['name'];
	$size = $_FILES['profile']['size'];
	$type = $_FILES['profile']['type'];
	$tmp_name = $_FILES['profile']['tmp_name'];
}
$location = "Doc-uploads/";
$maxsize = 10000000;
if(isset($name) && !empty($name)){
	if($type == "image/jpeg" && $size <= $maxsize){
		if(move_uploaded_file($tmp_name, $location.$name)){
			$user_id = $_SESSION['id']; // retrieve the current user from the SESSION array.
			$sql = "INSERT INTO `upload` (name, size, type, location, user_id) VALUES ('$name', '$size', '$type', '$location$name','$user_id')";
			$res = mysqli_query($connection, $sql);
			if($res){
				echo "Uploaded successfully";
			}
		}else{
			echo "Failed to Upload";
		}
	}else{
		echo "File should be jpeg image & only 100 kb in size";
	}
}
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>

Open in new window

0
Chris StanyonWebDevCommented:
I don't know why you're not getting the Success message, as we're only seeing a part of your page. If that script is called before any HTML output, then it'l possible that it's being echoed out, but it's just not visible in a webpage.

To allow for other types of upload, you could just add the allowed types to an array and then check tht against the $type

$allowed=[
    'image/jpeg',
    'text',
    'someothertype',
];

if( in_array($type, $allowed) && $size <= $maxsize){
    ...
} else {
    echo "File type is not allowed or is bigger than 100 kb in size";
}

Open in new window

You'll need to tweak the contents of the array to match whatever files  you want to allow.

As for viewing the file ... that's going to be a bit of a problem. Your browser is just not capable of viewing most file types. You could just add a link to file and see how you get on:

<a href="<?= $r['location'] ?>">Link to file</a>

Open in new window


You might have to edit the path a little depending on where you actually store the files.
0
Abraham Augustus NorteyAuthor Commented:
You are right about the message being echoed plus i noticed that contents in there shifted a bit down but nothing visible
0
Chris StanyonWebDevCommented:
Once you've uploaded a file, view the source of your page and see if the message is in there somewhere
0
Abraham Augustus NorteyAuthor Commented:
It displays the message behind the header
0
Abraham Augustus NorteyAuthor Commented:
Please with the file type,It still doesnt allow for other type

<?php
$page_title = "Parliamentary Databse System-Search";
include_once 'partials/headsearch-before.php';

require_once('config/connect.php');
if(isset($_FILES) && !empty($_FILES)){
	$name = $_FILES['profile']['name'];
	$size = $_FILES['profile']['size'];
	$type = $_FILES['profile']['type'];
	$tmp_name = $_FILES['profile']['tmp_name'];
}
$location = "Doc-uploads/";
$maxsize = 10000000;


$allowed=[
    'image/jpeg',
    'Doc/text',
    'File/zip',
];

if(isset($name) && !empty($name)){
	if( in_array($type, $allowed) && $size <= $maxsize){
	
		if(move_uploaded_file($tmp_name, $location.$name)){
			$user_id = $_SESSION['id']; // retrieve the current user from the SESSION array.
			$sql = "INSERT INTO `upload` (name, size, type, location, user_id) VALUES ('$name', '$size', '$type', '$location$name','$user_id')";
			$res = mysqli_query($connection, $sql);
			if($res){
				echo "Uploaded successfully";
			}
		}else{
			echo "Failed to Upload";
		}
	}else{
		echo "File type is not allowed or is bigger than 100 kb in size";
	}
}
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>

Open in new window

0
Abraham Augustus NorteyAuthor Commented:
And also i wanted to know if i can upload to two different locations?With the second location being the backup
$location = "Doc-uploads/";
0
Chris StanyonWebDevCommented:
OK.

You can't just make up the file types:

$allowed=[
    'image/jpeg',
    'Doc/text',
    'File/zip',
];

The Doc/text and File/zip aren't valid mime-types. For example, a zip file will probably be of type application/zip or application/x-zip-compressed. A Word document could be application/msword, application/vnd.openxmlformats-officedocument.wordprocessingml.document or even the generic application/octet-stream

Each file will have it's own mime type. You can do search to find out some of the common ones, or you could just upload a file of a given type yourself and do a var_dump on the file info:

if(isset($_FILES) && !empty($_FILES)){
    var_dump($_FILES['profile']);
    ...
}

Open in new window

That will show you exactly what the file type is - that's what needs adding to your $allowed array.

If you want to upload to 2 locations, simply do a file copy:

if(move_uploaded_file($tmp_name, $location.$name)){
    copy( $location.$name, $dest);

Open in new window

Just edit or setup the $dest variable to where you want the file copying to
0
Abraham Augustus NorteyAuthor Commented:
Okay Sir. thanks
0
Abraham Augustus NorteyAuthor Commented:
Hello, In relation to the MIME types, i found some online
 'image/jpeg',
   	'application/pdf',
 	'image/png', 
 	'image/gif',
	'application/zip',
	'application/pdf',
	'application/msword (.doc)',
	'application/vnd.openxmlformats-officedocument.wordprocessingml.document(.docx)',
	'application/vnd.ms-excel (.xls)',
	'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet (.xlsx)',
	'application/vnd.ms-powerpoint (.ppt)',
	'application/vnd.openxmlformats-officedocument.presentationml.presentation (.pptx)',

Open in new window



But when i tried uploading any media type above i get the message file type is not allowed
<?php
$page_title = "Parliamentary Databse System-Search";
include_once 'partials/headsearch-before.php';

require_once('config/connect.php');
if(isset($_FILES) && !empty($_FILES)){
	$name = $_FILES['profile']['name'];
	$size = $_FILES['profile']['size'];
	$type = $_FILES['profile']['type'];
	$tmp_name = $_FILES['profile']['tmp_name'];
}
$location = "Doc-uploads/";

$maxsize = 10000000;


$allowed=[
    'image/jpeg',
   	'application/pdf',
 	'image/png', 
 	'image/gif',
	'application/zip',
	'application/pdf',
	'application/msword (.doc)',
	'application/vnd.openxmlformats-officedocument.wordprocessingml.document(.docx)',
	'application/vnd.ms-excel (.xls)',
	'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet (.xlsx)',
	'application/vnd.ms-powerpoint (.ppt)',
	'application/vnd.openxmlformats-officedocument.presentationml.presentation (.pptx)',
	];


if(isset($name) && !empty($name)){
	if( in_array($type, $allowed) && $size <= $maxsize){
	//if($type == "image/jpeg" && $size <= $maxsize){
		
if(move_uploaded_file($tmp_name, $location.$name)){
			
			
			$user_id = $_SESSION['id']; // retrieve the current user from the SESSION array.
			$sql = "INSERT INTO `upload` (name, size, type, location, user_id) VALUES ('$name', '$size', '$type', '$location$name','$user_id')";
			$res = mysqli_query($connection, $sql);
			if($res){
				echo "Uploaded successfully";
			}
		}else{
			echo "Failed to Upload";
		}
	}else{
		echo "File type is not allowed or is bigger than 100 kb in size";
	}
}
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>

Open in new window

Screenshot--129-.png
0
Chris StanyonWebDevCommented:
Hey Abraham,

For this to work, you need to be very specific about the mime-types. If there is not an exact match, then your file won't upload. In your code above, you have added the file extension in brackets to the end of the mime-type:

'application/msword (.doc)'

This won't work, because now it's not a valid mime-type. As I've said previously, if you var_dump the data, you'll see the exact string you need to use:

if(isset($_FILES) && !empty($_FILES)){
    var_dump($_FILES['profile']);
    ...
}

Whatever the filetype is when you dump that data, that's what you need to use - EXACTLY!
0
Abraham Augustus NorteyAuthor Commented:
Thanks. Using the if(isset($_FILES) && !empty($_FILES)){
    var_dump($_FILES['profile']); worked

$allowed=[
    'image/jpeg',
   	'application/pdf',
 	'image/png', 
 	'image/gif',
	'application/zip',
	'application/x-zip-compressed',
	'multipart/x-zip', 
	'application/x-compressed',
	'application/pdf',
	'application/msword',
	'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
	'application/vnd.ms-excel (.xls)',
	'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
	'application/vnd.ms-powerpoint',
	'application/vnd.openxmlformats-officedocument.presentationml.presentation',
	];

Open in new window

0
Abraham Augustus NorteyAuthor Commented:
A Quick question sir when uploading to 2 locations
I tried the following below, What am i doing wrong

if(move_uploaded_file($tmp_name, $location.$name)){
    copy( $location.$name, $DocUp);

if(move_uploaded_file($tmp_name, $location.$name)){
copy( $location.$name, "C:\xampp\htdocs\Parliament web\Login\DocUp");

Open in new window

0
Chris StanyonWebDevCommented:
You only need the first 2 lines. Move the uploaded file and then copy it. You probably need to specify the destination file name:

if(move_uploaded_file($tmp_name, $location.$name)){
    copy( $location.$name, $DocUp.$name);
}

Open in new window

You'll need to check the value of your $DocUp variable.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Abraham Augustus NorteyAuthor Commented:
Thanks Chris.Forever grateful
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SQL

From novice to tech pro — start learning today.