Asked  1 Year ago    Answers:  5   Viewed   14 times

Ok. I have searching on this site Since August 24 2011.(not that it matters) for a way to display files that have been uploaded by a user. I have my form on the admin side and everything is working fine. I also have a table displaying whatever the user has filled in the form which also works. But I can not view the file or its name on the table.

My database table has a primary id auto_increment int(11) unsigned.

Here is the code I wrote:

//This gets all the other information from the form 
$company=$_POST['company']; 
$location=$_POST['location'];
$pic=($_FILES['userfile']['name']);

$query = "INSERT INTO user_DB VALUES ('','$company', '$location', '$userfile' )";

//target to the path of my files
$target_path = "uploads/post_id/";
if(!is_dir($target_path)) mkdir($target_path);
$uploadfile = $target_path . basename($_FILES['userfile']['name']);

//Move the uploaded file to $taget_path
(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile));

On the form which you fill in the details I have the following:

<tr>
<td><label for="company_name">Company Name</label></td>
<td><input type="text" name="company" id="company" value="" size="38" /></td>
</tr>
<tr>
<td><label for="location">Location</label></td>
<td><input type="text" name="location" id="location" value="" /></td>
</tr>
<tr>
<td>Upload a File:</td>
<td><input name="userfile" id="userfile" type="file" /></td>
</tr>

The table which is on the front end that displays the query results looks like this, just the file feild.

echo "<td>";
echo "<a href=../admin/uploads/post_id/> $row'userfile'</a>";
echo "</td>";

So as you can see I am trying to get the file name as well as the file itself. If its a pdf/ jpg/doc I should be able to view/download it when I click the link.

Ant ideas ...

 Answers

4

Some suggestions for what you could change to get this working.

1. Upload form

What does your form tag look like? Don't forget to include the enctype parameter as per below:

<form type="post" action="" enctype="multipart/form-data">
    ...
</form>

2. Sanitisation

$company  = mysql_real_escape_string($_POST['company']); 
$location = mysql_real_escape_string($_POST['location']);
$pic      = mysql_real_escape_string($_FILES['userfile']['name']);

The above lines are the first step in helping to prevent your queries from suffering SQL injection attacks.

3. SQL Query

$userfile does not exist as you have actually assigned the file name to $pic instead so your query should look like this:

$query = "INSERT INTO user_DB 
          VALUES ('','$company', '$location', '$pic')";

4. HTML Output

Now to link to the file in your output table:

echo "<td>";
echo "<a href=" . $target_path . basename($row['userfile']) . ">
         {$row['userfile']}</a>";
echo "</td>";
Thursday, April 1, 2021
 
Norgul
 
2

I have same feature in our latest project, the client want to have video recording from webcam and the video appear in the user's profile page.

For the server, we implement the RED5 server. It need a Java virtual machine in your hosting. You can read the detail requirement and installation instruction in the website.

To handle recording, we develop our own flash application, because the client request a custom interface to match with the overall website interface. I don't know the detail, since we outsource it to a fellow flash developer. Maybe you can see follow this thread, the development of flash recording by JeroenW.

To play recorded video, you can use any flash video player that support playing rtmp video source. You cannot play the recorded flv file in RED5 directly, since the file lack of metadata required by the player. Serving the recorded file as rtmp is done by RED5.

Thursday, April 1, 2021
 
Easen
 
4

You can set up a directory containing the FLV files on your webserver that can only be accessed by PHP, then in your PHP script you can authenticate the user as usual and simply send a header to the browser telling it to expect an FLV, then echo the raw FLV data:

<?php
// here is where
// you want your
// user authentication

if ($isAuthenticated)
{
  header("Content-type: video/flv");
  echo file_get_contents($pathToFLV);
}
?>

As Chad Birch discussed, this will only prevent people from linking directly to the video - you can't prevent piracy this way.

Saturday, May 29, 2021
 
5

I've used the following sequence before, which seems to work nicely, and will store any data into the db, including images, pdfs, arrays of data, etc... :)

Storing the data (can be a string, array, object, etc.);

First, turn the data into a base64 encoded string

$strData = strtr(
             base64_encode(
               addslashes(
                 gzcompress( serialize($dataToStore) , 9)
                 )
               ) , '+/=', '-_,');

Then store that string data in the db...


Retrieving the data;

Extract the string data from the db

decode the data back to what you want (you may need to perform an extra step after this depending on the input data, array, image, etc.)

$returnData = unserialize(
                gzuncompress(
                  stripslashes(
                    base64_decode(
                      strtr($strDataFromDb, '-_,', '+/=')
                    )
                  )
                )
              );

This certainly helped me to store what I needed to store in a mySQL db!

Saturday, May 29, 2021
4

The below just uses the mime types to validate a file, then checks the size of both. For a list of most mime types see here or google.

function allowed_file(){

//Add the allowed mime-type files to an 'allowed' array 
 $allowed = array('application/doc', 'application/pdf', 'another/type');

//Check uploaded file type is in the above array (therefore valid)  
    if(in_array($_FILES['resume']['type'], $allowed) AND in_array($_FILES['reference']['type'], $allowed)){

   //If filetypes allowed types are found, continue to check filesize:

  if($_FILES["resume"]["size"] < 400000 AND $_FILES["reference"]["size"] < 400000 ){

    //if both files are below given size limit, allow upload
    //Begin filemove here....

    }

    }

}
Friday, June 11, 2021
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :