How to retrieve uploaded files using php

Asked  1 Year ago    Answers:  5   Viewed   14 times

Ok. I have searching on this site Since August 24 2011.(not that it matters) for a way to display files that have been uploaded by a user. I have my form on the admin side and everything is working fine. I also have a table displaying whatever the user has filled in the form which also works. But I can not view the file or its name on the table.

My database table has a primary id auto_increment int(11) unsigned.

Here is the code I wrote:

//This gets all the other information from the form 
$company=$_POST['company']; 
$location=$_POST['location'];
$pic=($_FILES['userfile']['name']);

$query = "INSERT INTO user_DB VALUES ('','$company', '$location', '$userfile' )";

//target to the path of my files
$target_path = "uploads/post_id/";
if(!is_dir($target_path)) mkdir($target_path);
$uploadfile = $target_path . basename($_FILES['userfile']['name']);

//Move the uploaded file to $taget_path
(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile));

On the form which you fill in the details I have the following:

<tr>
<td><label for="company_name">Company Name</label></td>
<td><input type="text" name="company" id="company" value="" size="38" /></td>
</tr>
<tr>
<td><label for="location">Location</label></td>
<td><input type="text" name="location" id="location" value="" /></td>
</tr>
<tr>
<td>Upload a File:</td>
<td><input name="userfile" id="userfile" type="file" /></td>
</tr>

The table which is on the front end that displays the query results looks like this, just the file feild.

echo "<td>";
echo "<a href=../admin/uploads/post_id/> $row'userfile'</a>";
echo "</td>";

So as you can see I am trying to get the file name as well as the file itself. If its a pdf/ jpg/doc I should be able to view/download it when I click the link.

Ant ideas ...

 Answers

4

Some suggestions for what you could change to get this working.

1. Upload form

What does your form tag look like? Don't forget to include the enctype parameter as per below:

<form type="post" action="" enctype="multipart/form-data">
    ...
</form>

2. Sanitisation

$company  = mysql_real_escape_string($_POST['company']); 
$location = mysql_real_escape_string($_POST['location']);
$pic      = mysql_real_escape_string($_FILES['userfile']['name']);

The above lines are the first step in helping to prevent your queries from suffering SQL injection attacks.

3. SQL Query

$userfile does not exist as you have actually assigned the file name to $pic instead so your query should look like this:

$query = "INSERT INTO user_DB 
          VALUES ('','$company', '$location', '$pic')";

4. HTML Output

Now to link to the file in your output table:

echo "<td>";
echo "<a href=" . $target_path . basename($row['userfile']) . ">
         {$row['userfile']}</a>";
echo "</td>";
Thursday, April 1, 2021
 
Norgul
 
Norgul
2

I have same feature in our latest project, the client want to have video recording from webcam and the video appear in the user's profile page.

For the server, we implement the RED5 server. It need a Java virtual machine in your hosting. You can read the detail requirement and installation instruction in the website.

To handle recording, we develop our own flash application, because the client request a custom interface to match with the overall website interface. I don't know the detail, since we outsource it to a fellow flash developer. Maybe you can see follow this thread, the development of flash recording by JeroenW.

To play recorded video, you can use any flash video player that support playing rtmp video source. You cannot play the recorded flv file in RED5 directly, since the file lack of metadata required by the player. Serving the recorded file as rtmp is done by RED5.

Thursday, April 1, 2021
 
Easen
 
Easen
4

You can set up a directory containing the FLV files on your webserver that can only be accessed by PHP, then in your PHP script you can authenticate the user as usual and simply send a header to the browser telling it to expect an FLV, then echo the raw FLV data:

<?php
// here is where
// you want your
// user authentication

if ($isAuthenticated)
{
  header("Content-type: video/flv");
  echo file_get_contents($pathToFLV);
}
?>

As Chad Birch discussed, this will only prevent people from linking directly to the video - you can't prevent piracy this way.

Saturday, May 29, 2021
 
insomiac
 
insomiac
5

I've used the following sequence before, which seems to work nicely, and will store any data into the db, including images, pdfs, arrays of data, etc... :)

Storing the data (can be a string, array, object, etc.);

First, turn the data into a base64 encoded string

$strData = strtr(
             base64_encode(
               addslashes(
                 gzcompress( serialize($dataToStore) , 9)
                 )
               ) , '+/=', '-_,');

Then store that string data in the db...

Retrieving the data;

Extract the string data from the db

decode the data back to what you want (you may need to perform an extra step after this depending on the input data, array, image, etc.)

$returnData = unserialize(
                gzuncompress(
                  stripslashes(
                    base64_decode(
                      strtr($strDataFromDb, '-_,', '+/=')
                    )
                  )
                )
              );

This certainly helped me to store what I needed to store in a mySQL db!

Saturday, May 29, 2021
 
iftheshoefritz
 
iftheshoefritz
4

The below just uses the mime types to validate a file, then checks the size of both. For a list of most mime types see here or google.

function allowed_file(){

//Add the allowed mime-type files to an 'allowed' array 
 $allowed = array('application/doc', 'application/pdf', 'another/type');

//Check uploaded file type is in the above array (therefore valid)  
    if(in_array($_FILES['resume']['type'], $allowed) AND in_array($_FILES['reference']['type'], $allowed)){

   //If filetypes allowed types are found, continue to check filesize:

  if($_FILES["resume"]["size"] < 400000 AND $_FILES["reference"]["size"] < 400000 ){

    //if both files are below given size limit, allow upload
    //Begin filemove here....

    }

    }

}
Friday, June 11, 2021
 
aWebDeveloper
 
aWebDeveloper
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
 
Share
Related Answers
9
 How to record voice files using PHP, FLASH
4
 How to create .po files using xgettext on Windows?
11
 How to upload the files using HTTP and and command line tools?
4
 How to serve .flv files using PHP?
9
 How to get uploaded files after form submit using uploadify?
5
 What's the best way to write to linux system files using PHP
11
 How to allow downloading files with PHP, but deny direct access to directory listings
8
 How to Upload Image files Using Codeigniter? [closed]
7
 How to ignore hidden files using os.listdir()?
2
 Is there a way to uncompress .Z files using php?
Top Answers Related To

php,mysql,file-upload,download

14
 upload a file to a MySql DB with PHP
13
 PHP File Upload Creating Directory
14
 PHP File upload security - keeping the original file name
12
 Flash file upload vs php file upload - which one to choose?
11
 PHP MYSQL file contents escape problem
6
 Downloading a file from a PHP server via a website [closed]
5
 Changing a file upload script to allow a blank file field
10
 How to rename uploaded file before saving it into a directory?
16
 php file upload, how to restrict file upload type
5
 binary file content shown in php print_r but not saved in mysql
Copyrights Full Stack User 2022 · Privacy · About Us · Terms of Use · Contact us ·