1

I am using the Valum AJAX upload script from: https://github.com/valums/file-uploader I am having trouble on how to get the file name and path stored into mySQL database.

Using the php.php I see there is the $pathinfo and $filename already

$pathinfo = pathinfo($this->file->getName());
$filename =  rawurlencode(str_replace(' ', '-', strtolower($pathinfo['filename'])));

I tried doing this, to store it into my db, but it doesn't seem to be storing anything.

<?php require_once('../../Connections/connSQL.php'); ?>
<?php

/**
 * Handle file uploads via XMLHttpRequest
 */
class qqUploadedFileXhr {
    /**
     * Save the file to the specified path
     * @return boolean TRUE on success
     */
    function save($path) {    
        $input = fopen("php://input", "r");
        $temp = tmpfile();
        $realSize = stream_copy_to_stream($input, $temp);
        fclose($input);

        if ($realSize != $this->getSize()){            
            return false;
        }

        $target = fopen($path, "w");        
        fseek($temp, 0, SEEK_SET);
        stream_copy_to_stream($temp, $target);
        fclose($target);

        return true;
    }
    function getName() {
        return $_GET['qqfile'];
    }
    function getSize() {
        if (isset($_SERVER["CONTENT_LENGTH"])){
            return (int)$_SERVER["CONTENT_LENGTH"];            
        } else {
            throw new Exception('Getting content length is not supported.');
        }      
    }   
}

/**
 * Handle file uploads via regular form post (uses the $_FILES array)
 */
class qqUploadedFileForm {  
    /**
     * Save the file to the specified path
     * @return boolean TRUE on success
     */
    function save($path) {
        if(!move_uploaded_file($_FILES['qqfile']['tmp_name'], $path)){
            return false;
        }
        return true;
    }
    function getName() {
        return $_FILES['qqfile']['name'];
    }
    function getSize() {
        return $_FILES['qqfile']['size'];
    }
}

class qqFileUploader {
    private $allowedExtensions = array();
    private $sizeLimit = 10485760;
    private $file;

    function __construct(array $allowedExtensions = array(), $sizeLimit = 10485760){        
        $allowedExtensions = array_map("strtolower", $allowedExtensions);

        $this->allowedExtensions = $allowedExtensions;        
        $this->sizeLimit = $sizeLimit;

        $this->checkServerSettings();       

        if (isset($_GET['qqfile'])) {
            $this->file = new qqUploadedFileXhr();
        } elseif (isset($_FILES['qqfile'])) {
            $this->file = new qqUploadedFileForm();
        } else {
            $this->file = false; 
        }
    }

    private function checkServerSettings(){        
        $postSize = $this->toBytes(ini_get('post_max_size'));
        $uploadSize = $this->toBytes(ini_get('upload_max_filesize'));        

        if ($postSize < $this->sizeLimit || $uploadSize < $this->sizeLimit){
            $size = max(1, $this->sizeLimit / 1024 / 1024) . 'M';             
            die("{'error':'increase post_max_size and upload_max_filesize to $size'}");    
        }        
    }

    private function toBytes($str){
        $val = trim($str);
        $last = strtolower($str[strlen($str)-1]);
        switch($last) {
            case 'g': $val *= 1024;
            case 'm': $val *= 1024;
            case 'k': $val *= 1024;        
        }
        return $val;
    }

    /**
     * Returns array('success'=>true) or array('error'=>'error message')
     */
    function handleUpload($uploadDirectory, $replaceOldFile = FALSE){
        if (!is_writable($uploadDirectory)){
            return array('error' => "Server error. Upload directory isn't writable.");
        }

        if (!$this->file){
            return array('error' => 'No files were uploaded.');
        }

        $size = $this->file->getSize();

        if ($size == 0) {
            return array('error' => 'File is empty');
        }

        if ($size > $this->sizeLimit) {
            return array('error' => 'File is too large');
        }

        $pathinfo = pathinfo($this->file->getName());
        $filename =  rawurlencode(str_replace(' ', '-', strtolower($pathinfo['filename'])));
        //$filename = md5(uniqid());
        $ext = $pathinfo['extension'];

        if($this->allowedExtensions && !in_array(strtolower($ext), $this->allowedExtensions)){
            $these = implode(', ', $this->allowedExtensions);
            return array('error' => 'File has an invalid extension, it should be one of '. $these . '.');
        }

        if(!$replaceOldFile){
            /// don't overwrite previous files that were uploaded
            while (file_exists($uploadDirectory . $filename . '.' . $ext)) {
                $filename .= rand(10, 99);
            }
        }

        if ($this->file->save($uploadDirectory . $filename . '.' . $ext)){
            return array('success'=>true);
        } else {
            return array('error'=> 'Could not save uploaded file.' .
                'The upload was cancelled, or server error encountered');
        }

    }    
}


// list of valid extensions, ex. array("jpeg", "xml", "bmp")
$allowedExtensions = array();
// max file size in bytes
$sizeLimit = 10 * 1024 * 1024;

$uploader = new qqFileUploader($allowedExtensions, $sizeLimit);
$result = $uploader->handleUpload('uploads/');
// to pass data through iframe you will need to encode all html tags
echo htmlspecialchars(json_encode($result), ENT_NOQUOTES);

?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}


  $updateSQL = sprintf("UPDATE filefolder SET file_title=%s, file_url=%s WHERE m_id=%s",
                       GetSQLValueString($row_Recordset1['m_id'], "text"),
                       GetSQLValueString($row_Recordset1['m_id'], "text"),
                       GetSQLValueString($row_Recordset1['m_id'], "int"));

  mysql_select_db($database_connSQL, $connSQL);
  $Result1 = mysql_query($updateSQL, $connSQL) or die(mysql_error());


mysql_select_db($database_connSQL, $connSQL);
$query_Recordset1 = "SELECT *, (filefolder.file_url) AS m_file FROM member INNER JOIN filefolder ON member.m_id = filefolder.m_id";
$Recordset1 = mysql_query($query_Recordset1, $connSQL) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?>

<?php
mysql_free_result($Recordset1);
?>

It uploads successfully, just doesn't store. Can anyone point me out the problem or provide an alternative solution to this?

Thanks so much for your help in advance!

Best,

-AC

Improve this question
3
  • Updated to provide full script Commented Jul 26, 2012 at 20:38
  • What is GetSQLValueString? It seems like a very odd way to do SQL escaping. Commented Jul 30, 2012 at 17:49
  • I don't think you're executing the query. Commented Jul 30, 2012 at 17:50

2 Answers 2

Reset to default
1

I imagine your query is failing because you are not single-quoting nay of the string values you are inserting in your SQL query try this:

UPDATE filefolder SET file_title='%s', file_url='%s' WHERE m_id=%s

When troubleshooting SQL queries it can save you a ton of time to simply dump the resulting query string and try it directly in MySQL to see if its broken. MySQL will give you good hints about what might be going wrong. Also you can get the mysql_error information as well to understand what SQL issues you are having.

Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

So what PHP errors are you seeing, if any? Can you give a sample of the actual value of $updateSQL and $connSQL (which should return a database resource). Have you tried to get mysql_error information?
Hmm, there is no error, perhaps it is not running the script for some reason. I will update the post to include the full script.
make sure your error_reporting is set (I would recommend E_ALL_ for a dev environment) and make sure display_errors is on.
I thought it might be the $pathinfo and $filename not passing through so I changed the update values but still not working.
When you say that something is just "not working" what is not working? Have you tried to insert debug statements into the code to find out at what line the code is failing? Are you getting PHP errors? Just "not working" is not vary helpful to troubleshoot. Can you verify the code is even parsing correctly?
|
1

After searching online for awhile, I found the solution:

apparently, there are two methods for upload in valums script, qqUploadedFileXhr and qqUploadedFileForm. If you use example script, then you use a default one : qqUploadedFileXhr.

so, to get the files info you can use : $file_name = $_GET['qqfile']; that's it, just filename only.

but, if use the 'qqUploadedFileForm', you can get the files info : - $_FILES['qqfile']['name'] for filename - $_FILES['qqfile']['size'] for size - etc

Fullscript here:

$file_name = $_GET['qqfile'];
$uploader = new qqFileUploader($allowedExtensions, $sizeLimit);
$m_id = $row_RecUser['m_id'];
$file_type = $_REQUEST['param1'];

if (strcmp($file_type,'resume') == 0) {
$result = $uploader->handleUpload('uploader/files/resume'); }
else if (strcmp($file_type,'certificates') == 0) {
$result = $uploader->handleUpload('uploader/files/certificates/'); }

    $insertSQL = sprintf("INSERT INTO filefolder (m_id, file_type, file_title) VALUES (%s, %s, %s)",
                    GetSQLValueString($m_id, "int"),
                    GetSQLValueString($file_type, "text"),
                    GetSQLValueString($file_name, "text"));
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.