Problem with file upload 
Author Message
 Problem with file upload
Hi there,

I'm using this same code in other places on the same site, and all works
fine. For some reason, in this one location, some of the photos being
uploaded stop displaying about halfway down (only half the photo is
visible). It's not a display glitch, there really is no more valid data --
the photo never changes how much is shown. Also, every time the photo is
uploaded, it always stops at exactly the same place. The photos are not
corrupt; I can open them from my hard drive just fine.

I don't know if it's a limitation of the mySQL database, or what. Could you
please look at my code and tell me if I'm doing something wrong?

I am submitting the photos in a form with enctype="multipart/form-data";
there's no actual problem doing the upload, as far as I can see, and some of
the photos are fine.

Thanks in advance!

  global $fileUpload;
  global $fileUpload_name;
  global $fileUpload_size;
  global $fileUpload_type;
  if ($fileUpload == "none") die("You must upload a file!");
  $fileHandle = fopen($fileUpload, "r");
  $fileContent = fread($fileHandle, $fileUpload_size);
  $fileContent = addslashes($fileContent);
  $postdate = date('j F Y');
  $status = mysql_query("INSERT INTO $table_photos VALUES('', '$owner',
'$postdate', '$charname', '$filename', '$caption', '', '$fileContent',
'$fileUpload_type')");



Sun, 26 Jun 2005 11:35:42 GMT  
 Problem with file upload
I'm not sure why you are having problems either, but may I make a couple
suggestion with regards to your process.

1. While it is possible to store pictures in a db, it is gennerally not a
good idea. Your db will quickly balloon in size. Rather move the pictures
into a sperate directory and store the filename in the db.
 if(is_uploaded_file($lb_logo)) {
  $label_pic_file = $lb_logo_name;
  move_uploaded_file($lb_logo, "../images/articles/$label_pic_file");
 }
// $lb_logo is the name of the submitting form field.

You might want to check out the is_uploaded_file PHP command.

2. It would also be a good idea to give the pictures a random name (you
could concantonate a random value with the original filename) so that if two
users upload two different pics with the same name they are not overwritten.
In the example above, you could concantonate $lb_logo (which will be a
random file name with no extention assigned to the file by PHP) with
$lb_logo_name (which is the actual file name retrieved by PHP).

3. You could then tell if the problem is in the uploading of the file, or
the storage of the file into the db. I would suggest the latter is probably
happening with your current process.

Irvin Amoraal.



Mon, 27 Jun 2005 00:50:59 GMT  
 Problem with file upload

Quote:

> 1. While it is possible to store pictures in a db, it is gennerally not a
> good idea. Your db will quickly balloon in size. Rather move the pictures
> into a sperate directory and store the filename in the db.
>  if(is_uploaded_file($lb_logo)) {
>   $label_pic_file = $lb_logo_name;
>   move_uploaded_file($lb_logo, "../images/articles/$label_pic_file");
>  }
> // $lb_logo is the name of the submitting form field.

On the flip side, if you're on a hosted service, this is patentedly a Bad
Idea. The major reason is that the web server is likely to run as the same
user for all accounts on that server (example: sourceforge.net). this has
two major problems:

a) you, as a shell user on the site, will not have permissions to
rm/chmod/mv the files.

b) anyone running on that server can delete your files by writing the right
PHP code (this has happened to me on sourceforge, where someone wiped out
my screenshots dir).

--
----- stephan beal
Registered Linux User #71917 http://counter.li.org
I speak for myself, not my employer. Contents may
be hot. Slippery when wet. Reading disclaimers makes
you go blind. Writing them is worse. You have been Warned.



Mon, 27 Jun 2005 01:00:23 GMT  
 Problem with file upload
Stephan,

Perhaps I am wrong, but I have been doing things this way for a couple of
years now with no problems. I would suggest that your site either had
permissions issues or you didn't validate a form field.

How would the user have gotten the code up to the site in the first place?

As for "rm/chmod/mv the files", try using an ftp program like wsFTP or
Dreamweaver.

Irvin.


Quote:

> > 1. While it is possible to store pictures in a db, it is gennerally not
a
> > good idea. Your db will quickly balloon in size. Rather move the
pictures
> > into a sperate directory and store the filename in the db.
> >  if(is_uploaded_file($lb_logo)) {
> >   $label_pic_file = $lb_logo_name;
> >   move_uploaded_file($lb_logo, "../images/articles/$label_pic_file");
> >  }
> > // $lb_logo is the name of the submitting form field.

> On the flip side, if you're on a hosted service, this is patentedly a Bad
> Idea. The major reason is that the web server is likely to run as the same
> user for all accounts on that server (example: sourceforge.net). this has
> two major problems:

> a) you, as a shell user on the site, will not have permissions to
> rm/chmod/mv the files.

> b) anyone running on that server can delete your files by writing the
right
> PHP code (this has happened to me on sourceforge, where someone wiped out
> my screenshots dir).

> --
> ----- stephan beal
> Registered Linux User #71917 http://counter.li.org
> I speak for myself, not my employer. Contents may
> be hot. Slippery when wet. Reading disclaimers makes
> you go blind. Writing them is worse. You have been Warned.



Mon, 27 Jun 2005 02:31:35 GMT  
 Problem with file upload

Quote:

> > 1. While it is possible to store pictures in a db, it is gennerally not
a
> > good idea. Your db will quickly balloon in size. Rather move the
pictures
> > into a sperate directory and store the filename in the db.
> >  if(is_uploaded_file($lb_logo)) {
> >   $label_pic_file = $lb_logo_name;
> >   move_uploaded_file($lb_logo, "../images/articles/$label_pic_file");
> >  }
> > // $lb_logo is the name of the submitting form field.

> On the flip side, if you're on a hosted service, this is patentedly a Bad
> Idea. The major reason is that the web server is likely to run as the same
> user for all accounts on that server (example: sourceforge.net). this has
> two major problems:

> a) you, as a shell user on the site, will not have permissions to
> rm/chmod/mv the files.

> b) anyone running on that server can delete your files by writing the
right
> PHP code (this has happened to me on sourceforge, where someone wiped out
> my screenshots dir).

I have my own domain and hosting service for that domain. In that scenario,
do you agree that moving the files to a location on my server would be the
best alternative? I'm open to either way -- I just want registered users of
my site to be able to upload photos, that's my only goal.

Thanks!



Mon, 27 Jun 2005 02:34:19 GMT  
 Problem with file upload
GF,

It's the only way I'd go. When I first started doing this, seperating the
pics out of the db was the advice I recieved from many other db programmers.
Check with the db newsgroup and see what they say.

While I don't know any specifics about Stephans problems, a determined
hacker may be able to find a way in to your site anyway you go. They find
ways in to sites that have employees to look after site security.  A web
site is only as secure as it's weakest link.

Quote:
>I just want registered users of  my site to be able to upload photos,

Validate the user, using directory permissions or htaccess, or db.

Your original complaint was that "only half the photo is visible".  Why
don't you create a simple upload page that moves or copies that file into an
images directory (using the code fragment I provided earlier), then display
the picture. Then you will know if the problem is in the upload process or
in the storage of the file.

The choice is yours as to stay with your current process or change it.

Irvin.



Quote:



> > > 1. While it is possible to store pictures in a db, it is gennerally
not
> a
> > > good idea. Your db will quickly balloon in size. Rather move the
> pictures
> > > into a sperate directory and store the filename in the db.
> > >  if(is_uploaded_file($lb_logo)) {
> > >   $label_pic_file = $lb_logo_name;
> > >   move_uploaded_file($lb_logo, "../images/articles/$label_pic_file");
> > >  }
> > > // $lb_logo is the name of the submitting form field.

> > On the flip side, if you're on a hosted service, this is patentedly a
Bad
> > Idea. The major reason is that the web server is likely to run as the
same
> > user for all accounts on that server (example: sourceforge.net). this
has
> > two major problems:

> > a) you, as a shell user on the site, will not have permissions to
> > rm/chmod/mv the files.

> > b) anyone running on that server can delete your files by writing the
> right
> > PHP code (this has happened to me on sourceforge, where someone wiped
out
> > my screenshots dir).

> I have my own domain and hosting service for that domain. In that
scenario,
> do you agree that moving the files to a location on my server would be the
> best alternative? I'm open to either way -- I just want registered users
of
> my site to be able to upload photos, that's my only goal.

> Thanks!



Mon, 27 Jun 2005 03:12:13 GMT  
 Problem with file upload
Good advice. I'll try the move method and see what happens. If all looks
good, it sounds like the way to go. I only started placing them in the
database because I didn't understand how to move the file. :-)

I already have the member authorization in place; it's used for many other
features of the site. Just didn't know how to avoid the mess of having
members upload their photos via FTP and then have me do the final work.

Does anyone have complete code for the parsing of the fileUpload data, and
the moving (I heard that's preferred to Copy, but not sure why) of the
file(s)?


Quote:
> GF,

> It's the only way I'd go. When I first started doing this, seperating the
> pics out of the db was the advice I recieved from many other db
programmers.
> Check with the db newsgroup and see what they say.

> While I don't know any specifics about Stephans problems, a determined
> hacker may be able to find a way in to your site anyway you go. They find
> ways in to sites that have employees to look after site security.  A web
> site is only as secure as it's weakest link.

> >I just want registered users of  my site to be able to upload photos,

> Validate the user, using directory permissions or htaccess, or db.

> Your original complaint was that "only half the photo is visible".  Why
> don't you create a simple upload page that moves or copies that file into
an
> images directory (using the code fragment I provided earlier), then
display
> the picture. Then you will know if the problem is in the upload process or
> in the storage of the file.

> The choice is yours as to stay with your current process or change it.



Mon, 27 Jun 2005 03:55:56 GMT  
 Problem with file upload
GF,
I supllied a code snippet earlier in this thread, but here it is again:

<script language="php">
 if(is_uploaded_file($lb_logo)) {
  $label_pic_file = $ID.$lb_logo_name;
  move_uploaded_file($lb_logo, "../images/articles/$label_pic_file");
 }
</script>

$ID is the USER ID, which I concantenate with the picture file name
$lb_logo_name.

if(is_uploaded_file($lb_logo))  checks to make sure the file is in fact
uploaded.
move_uploaded_file($lb_logo, "../images/articles/$label_pic_file"); moves
the uploaded file into your images directory.

What do you mean by 'parsing the upload data'? Do you want to look at the
bits and bytes of the pic?

Irvin.



Mon, 27 Jun 2005 05:09:21 GMT  
 Problem with file upload

Quote:
> GF,
> I supllied a code snippet earlier in this thread, but here it is again:

> <script language="php">
>  if(is_uploaded_file($lb_logo)) {
>   $label_pic_file = $ID.$lb_logo_name;
>   move_uploaded_file($lb_logo, "../images/articles/$label_pic_file");
>  }
> </script>

> $ID is the USER ID, which I concantenate with the picture file name
> $lb_logo_name.

> if(is_uploaded_file($lb_logo))  checks to make sure the file is in fact
> uploaded.
> move_uploaded_file($lb_logo, "../images/articles/$label_pic_file"); moves
> the uploaded file into your images directory.

> What do you mean by 'parsing the upload data'? Do you want to look at the
> bits and bytes of the pic?

No, I just meant the variables. :-)

Here's what I finally ended up with (a combination of your code, plus a way
to add a unique identifier to the end):

  global $fileUpload;
  global $fileUpload_name;
  global $fileUpload_size;
  global $fileUpload_type;
  if ($fileUpload != "none" && stristr($fileUpload_type, "image/")) {
    // Build filename
    $file_extension = explode(".",$fileUpload_name);
    $base_filename = "photos/$owner" . "_XXX." . $file_extension[1];
    $i = 1;
    $trial_filename = str_replace("XXX", $i, $base_filename);
    while (file_exists($trial_filename)) {
      $trial_filename = str_replace("XXX", $i, $base_filename);
      $i++;
      }
    move_uploaded_file($fileUpload, $trial_filename);
    $realphotopath = $trial_filename;

It seems to work; if there are problems, they're hiding from me. :-)

Thanks for all your help! Does the code look okay to your trained eye?



Mon, 27 Jun 2005 08:45:48 GMT  
 Problem with file upload

Quote:

> I have my own domain and hosting service for that domain. In that
> scenario, do you agree that moving the files to a location on my server
> would be the best alternative?

Oh, yes. It's much simpler (IMO) than dealing with files in a db, just as
Irvin suggested.

--
----- stephan beal
Registered Linux User #71917 http://counter.li.org
I speak for myself, not my employer. Contents may
be hot. Slippery when wet. Reading disclaimers makes
you go blind. Writing them is worse. You have been Warned.



Mon, 27 Jun 2005 17:52:49 GMT  
 Problem with file upload

Quote:

> Perhaps I am wrong, but I have been doing things this way for a couple of
> years now with no problems. I would suggest that your site either had
> permissions issues or you didn't validate a form field.

That's absolutely the case: permissions. On sf.net, for example, every web
server runs as the same user and the same group. If i upload a file then it
is owned by that user/group and i (using my own shell acount) cannot
move/chmod the file. Additionally, i cannot chown() it from a PHP script
because only root can do that and nobody runs their web server as root.

Quote:
> How would the user have gotten the code up to the site in the first place?

sf.net has trillions of users and they're all sharing the same virtual
filesystem. i don't think anyone did it on purpose - runaway
recursive-delete code could easily have done it (because that code runs as
the user who owns my web-uploaded files).

Quote:
> As for "rm/chmod/mv the files", try using an ftp program like wsFTP or
> Dreamweaver.

Not an option: the files uploaded via a web form are owned by another user,
thus my account cannot do anything with them but look at them. Of course, i
can upload files via ftp and they're owned by me, but that defeats the
purpose of the web front-end (and means average site users can't upload).

i DO agree with you that saving in the filesystem is generally more
desireable than files in a db, but it does bring specific problems on
servers such as sourceforge.net. For someone who admins their own server,
i'm all for saving to the filesystem.

--
----- stephan beal
Registered Linux User #71917 http://counter.li.org
I speak for myself, not my employer. Contents may
be hot. Slippery when wet. Reading disclaimers makes
you go blind. Writing them is worse. You have been Warned.



Mon, 27 Jun 2005 18:03:31 GMT  
 Problem with file upload



Quote:
> Hi there,

> I'm using this same code in other places on the same site, and all works
> fine. For some reason, in this one location, some of the photos being
> uploaded stop displaying about halfway down (only half the photo is
> visible). It's not a display glitch, there really is no more valid data --
> the photo never changes how much is shown. Also, every time the photo is
> uploaded, it always stops at exactly the same place. The photos are not
> corrupt; I can open them from my hard drive just fine.

> I don't know if it's a limitation of the mySQL database, or what. Could
you
> please look at my code and tell me if I'm doing something wrong?

> I am submitting the photos in a form with enctype="multipart/form-data";
> there's no actual problem doing the upload, as far as I can see, and some
of
> the photos are fine.

I've hit problems like this a couple of times, both had different causes.
The first time I was uploading files to sites and the resulting files were
corrupted.  As this was happening on various sites running different
software it obviously wasn't a PHP issue.  In the end it turned out that the
proxy my ISP was using was causing the problems.  If you're uploading
through a proxy, try bypassing it.

The other cause is a PHP issue if the server is a Windows based system.
Windows distinguishes between Binary and ASCII files, and if you send a file
as ASCII when it's actually binary it will get truncated.  Try using the 'b'
directive with file handling functions, such as fopen when processing the
files.



Tue, 28 Jun 2005 02:36:10 GMT  
 Problem with file upload

Quote:



> > I am submitting the photos in a form with enctype="multipart/form-data";
> > there's no actual problem doing the upload, as far as I can see, and
some
> of
> > the photos are fine.

> I've hit problems like this a couple of times, both had different causes.
> The first time I was uploading files to sites and the resulting files were
> corrupted.  As this was happening on various sites running different
> software it obviously wasn't a PHP issue.  In the end it turned out that
the
> proxy my ISP was using was causing the problems.  If you're uploading
> through a proxy, try bypassing it.

> The other cause is a PHP issue if the server is a Windows based system.
> Windows distinguishes between Binary and ASCII files, and if you send a
file
> as ASCII when it's actually binary it will get truncated.  Try using the
'b'
> directive with file handling functions, such as fopen when processing the
> files.

Neither seems to be the case here... I'm running on Linux, and don't have a
Proxy. I do have my own server, though, so I've modified the code and it's
now moving the files to a directory in the filesystem. All seems to be
working well.

Thanks to everyone who helped!!!



Wed, 29 Jun 2005 02:47:41 GMT  
 Problem with file upload
hello, can you give me a help ?

i do not know how can i get the variables below, $fileUpload , etc.
i set it in a post form.
Usually, i get posted variable by $v_name = $_POST['vname'], But it does not
work
when i post a file. How can you do it ?

thank you.



Quote:
> Hi there,

> I'm using this same code in other places on the same site, and all works
> fine. For some reason, in this one location, some of the photos being
> uploaded stop displaying about halfway down (only half the photo is
> visible). It's not a display glitch, there really is no more valid data --
> the photo never changes how much is shown. Also, every time the photo is
> uploaded, it always stops at exactly the same place. The photos are not
> corrupt; I can open them from my hard drive just fine.

> I don't know if it's a limitation of the mySQL database, or what. Could
you
> please look at my code and tell me if I'm doing something wrong?

> I am submitting the photos in a form with enctype="multipart/form-data";
> there's no actual problem doing the upload, as far as I can see, and some
of
> the photos are fine.

> Thanks in advance!

>   global $fileUpload;
>   global $fileUpload_name;
>   global $fileUpload_size;
>   global $fileUpload_type;
>   if ($fileUpload == "none") die("You must upload a file!");
>   $fileHandle = fopen($fileUpload, "r");
>   $fileContent = fread($fileHandle, $fileUpload_size);
>   $fileContent = addslashes($fileContent);
>   $postdate = date('j F Y');
>   $status = mysql_query("INSERT INTO $table_photos VALUES('', '$owner',
> '$postdate', '$charname', '$filename', '$caption', '', '$fileContent',
> '$fileUpload_type')");



Mon, 04 Jul 2005 10:33:06 GMT  
 Problem with file upload


Quote:
> hello, can you give me a help ?

> i do not know how can i get the variables below, $fileUpload , etc.
> i set it in a post form.
> Usually, i get posted variable by $v_name = $_POST['vname'], But it does not
> work
> when i post a file. How can you do it ?

> thank you.

This should help:

<http://www.php.net/manual/en/features.file-upload.php>

JP

--




Mon, 04 Jul 2005 13:47:07 GMT  
 
 [ 15 post ] 

 Relevant Pages 

1. File Upload Problems with binary files (ASCII works ok)

2. Uploading Data from BASIC file Problem

3. file upload-problem: my computer sometimes blocks

4. file upload problem

5. file size upload problem

6. PHP Expert needs help with file upload problem: permission denied

7. Problem while uploading a binary file using cgi module

8. File Upload Problems

9. NEWBIE: File upload problems

10. Solved: problem uploading large files after RH 8.0 upgrade

11. file uploading - charset problems

12. file upload problem

 

 
Powered by phpBB® Forum Software