File uploads, keep people from uploading duplicates.

Keeldog · June 25th, 2009, 02:19 PM

Hi everybody,

I'm trying to create a simple app that allows people to upload a PDF to a folder while also updating the mySQL database with the file name, date, and a description.

It works as it is, but it doesn't have any catches in place to either see if the file already exists in the upload folder or check the database to see if the record exists.

Here's what I have in the actual upload action page:

Code:

<?php
// ==============
// Configuration
// ==============
$uploaddir = "upload"; // Where you want the files to upload to - Important: Make sure this folders permissions is 0777!
$allowed_ext = "pdf"; // These are the allowed extensions of the files that are uploaded
$max_size = "5000000"; // 5000000 is the same as 5MB
$max_height = ""; // This is in pixels - Leave this field empty if you don't want to upload images
$max_width = ""; // This is in pixels - Leave this field empty if you don't want to upload images
// Check Entension
$extension = pathinfo($_FILES['file']['name']);
$extension = $extension[extension];
$allowed_paths = explode(", ", $allowed_ext);
for($i = 0; $i < count($allowed_paths); $i++) {
 if ($allowed_paths[$i] == "$extension") {
 $ok = "1";
 }
}

// Check File Size
if ($ok == "1") {
if($_FILES['file']['size'] > $max_size)
{
print "File size is too big!";
exit;
}

// Check Height & Width
if ($max_width && $max_height) {
list($width, $height, $type, $w) = getimagesize($_FILES['file']['tmp_name']);
if($width > $max_width || $height > $max_height)
{
print "File height and/or width are too big!";
exit;
}
}

// The Upload Part
if(is_uploaded_file($_FILES['file']['tmp_name']))
	{
	move_uploaded_file($_FILES['file']['tmp_name'],$uploaddir.'/'.$_FILES['file']['name']);
	}
	$con = mysql_connect(//Server info here........I blocked it out on purpose);
		if (!$con)
		  {
		  die('Could not connect: ' . mysql_error());
		  }
		  
		mysql_select_db("dougkeeling", $con);
		
		$sql="INSERT INTO Newsletters (FileName, Date, Description)
		VALUES
		('$_POST[FileName]','$_POST[Date]','$_POST[Description]')";
		
		if (!mysql_query($sql,$con))
		  {
		  die('Error: ' . mysql_error());
		  }
		echo "Newsletter info has been added to the database.";
		mysql_close($con);
	print "Your file has been uploaded successfully!";
	
	
	} else {
	print "Incorrect file extension!";
	}
?>

I'm new to PHP in general. I've done pretty well with ColdFusion, but it's not as popular and I'd like to become better-versed in PHP.

If someone can help me out, I would greatly appreciate it. Thanks!

Dubbs · June 26th, 2009, 09:34 AM

You can use an if statement with the file_exist function that is built into PHP.

Here is an example of how it works.

Code:


			
<?php

$file = $_POST[submitted_file"];



if (file_exist($file)){

  // If the file is already on the server.

 echo "Error: A file with the same name already exist on the server.";

}else{

 YOUR CODE HERE

}

?>

Keeldog · June 26th, 2009, 11:43 AM

Thanks, that may help. Do I have to specify the directory in the file_exists() function? Like this:

Code:

$file = $_POST[submitted_file"];

if (file_exist("uploads/".$file)){ 

....

I haven't gotten it to work yet, but I'm plugging away at it.

Keeldog · June 26th, 2009, 12:21 PM

Apparently you do have to specify the directory. That's what I did and it's working now.

Ok so this is just an opinion question --- Do you think this is enough validation? Or should I try to also institute some kind of database check as well?

masonbarge · June 26th, 2009, 03:35 PM

Quote:

Originally Posted by Keeldog

Apparently you do have to specify the directory. That's what I did and it's working now.

Ok so this is just an opinion question --- Do you think this is enough validation? Or should I try to also institute some kind of database check as well?

Do you mean validation that it isn't a duplicate file, or validation in general?

Dubbs · June 26th, 2009, 04:33 PM

Quote:

Originally Posted by Keeldog

Apparently you do have to specify the directory. That's what I did and it's working now.

Ok so this is just an opinion question --- Do you think this is enough validation? Or should I try to also institute some kind of database check as well?

Yes, sorry I didn't make that clear.

Keeldog · June 26th, 2009, 08:33 PM

To masonbarge:

Yeah, I meant validation that it isn't a duplicate file. Should I query the DB to see if similar data already exists there?