I was wondering how to make a upload form and then it puts the filename into a database then a web page will display all the names in the database and link each one to the uploaded file. My friend says its simple but he didnt have time to tell me how to do it, he also recommended a security feature but all i can think of i only allowing someone to upload 1 file a day based on their ip.

Please explain the code so i learn from it

Thanks

A security feature is propably to check the file which is being uploaded. I think you should not limit one image per IP

To get the upload-an-image code, simply google it, it is straiugh forward php script

The form will be a simple HTML upload form, which is like this...


print "<form name=\"Uploadimage1\" method=\"POST\" action=\"/handle_image.php\" enctype=\"multipart/form-data\" id=\"Form\">";
echo "<input type=\"submit\" name=\"SUBMIT\" class=\"bu\" value=\"Upload Image\">";
print"</form>";

Hope this info helps

This is for 3 images to be uploaded


//increase the number of files uploaded
$anythingyouwant = 'Put something here that randomizes incase 2 images with the same file name are put in or down below where the variable is referenced also it should increase at the start of this function';
$success = 0;
$fail = 0;
$uploaddir = 'uploads/';
for ($i=0;$i<3;$i++)
{
if($_FILES['userfile']['name'][$i])
{
$uploadfile = $anythingyouwant. basename($_FILES['userfile']['name'][$i]);
$ext = strtolower(substr($uploadfile,strlen($uploadfile)-3,3));
if (preg_match("/(jpg|gif|png|bmp)/",$ext))
{
if (move_uploaded_file($_FILES['userfile']['tmp_name'][$i], $uploadfile))
{
$success++;
}
else
{
echo "Error Uploading the file. Retry after sometime.\n";
$fail++;
}
}
else
{
$fail++;
}
}
}
echo '<div style="margin-top:210px" text-align:center;>';
echo "<br /> Number of files Uploaded:".$success;
echo "<br /> Number of files Failed:".$fail;
echo '</div>';
}
?>

This is the html i use


<form enctype="multipart/form-data" action="nameofthephpfileabove.php" method="post">
Image1: <input name="userfile[]" type="file" /><br />
Image2: <input name="userfile[]" type="file" /><br />
Image3: <input name="userfile[]" type="file" />
<input type="submit" value="Upload" />
</form>

Actually bluewalrus I don't think the $anythingyouwant variable is necessary. I would check to see if the file exists- if it does it would add a [0], if that exist it would add a [1] - and so on.

I didn't write this code but found it on another forum for anyone that wanted it. I alter it somewhat for my functions then altered it back here for this posters functions. Do you mean I should add that in or that is what this line is doing, and that makes the extra variable pointless since its already being done?


if($_FILES['userfile']['name'][$i])

I thought that this line only checked files being uploaded since $i was being set in this function, on the upload, and that files, in the directory already, it would not know about.

$anythingyouwant = 'Put something here that randomizes incase 2 images with the same file name are put in or down below where the variable is referenced also it should increase at the start of this function';

This line of code is used for something like this:


$anythingyouwant = rand(rand(0,10),rand(1000,5000));


Witch will then make something you upload changed to:
2930upload.php
This will make sure no duplicated are provided - and nothing is overwritten. Get it?

Oo yeah I get it. I have a similiar method in mine I have it read a text file, write the value of it to a variable, use that variable to write to the filename, then add one to that value, then open that file back up and overwrite it with the new value, that way it would never overlap. I thought that you meant just adding [] somewhere would do it. I know somewhere earlier someone told me that, that keeps track in php of how many actions have been passed.
The random function probably is better for load time though and space huh?

It may be - I'm saying it would be better to do something like this:


if(file_exists($uploaddiir."/".$_FILES['userfile']['tmp_name'][$i])){
echo "I'm sorry - that file already exists.";
}

From a security standpoint, you should rename user submitted files so the user can not know the file name stored on the server. This is just one more precaution you can take to avoid having a hacker run a malicious script on your site.

So, you should still check to see if a file with the same name exists before writing a new file to your server, but only after you assign it a random name or a name that is only meaningful to you. And if there is a file with the same name on the server, I wouldn't let the user know it.

As far as pictures go, it is even possible to put malicious code into them. You know how you can get information about image files, such as the camera brand and type that took the picture, the shutter speed, etc, etc? Malicious code can be put into the file as this information and won't be detected unless your script looks at this information too. This might be overkill in some cases, but you can never be too careful with user submitted content.

Good Luck

JasonD

Yes, Jason you have a point. I once had a site and allowed people to upload files - and somebody did put a file that had like a file manager. I suggest disabling PHP files.

thanks guys but when did i say they were uploading pictures they will be uploading video files and you still haven't said anything/much about displaying all the uploaded files on a page (so i can sort them but still allow people to view them)

Hi dad,

What you are asking for is fairly involved. If I was you I would start out with the HTML and go from there. When you get stuck somewhere, ask a specific question here and many people will help out.

If you don't know where to start, buying a good PHP book or doing some online tutorials is going to be a lot better than anything any one is going to post in this thread. Unless someone has a ton of time and is really good at explaining things, you are better off with a good book.

I recommend "PHP 6 and MySQL Visual Quickpro Guide" by Larry Ullman.

Good Luck,

JasonD