Page 1 of 2

Stop overwriting of user uploaded files if file name exists

Posted: Sun Feb 29, 2004 1:55 pm
by mikegotnaild
EDIT* FIXED*

Code: Select all

<?
//MySQL Variables
$host = "host";
$login_name = "loginname";
$password = "pass";

//Connecting to MYSQL
MySQL_connect("$host","$login_name","$password");

//Select the database
MySQL_select_db("bandsandmembers") or die("Could not select database");

//Assign contents of form to variables
$bandname = $_POST['band_name'];
$description = $_POST['description'];
$history = $_POST['history'];
$influences = $_POST['influences'];
$genra = $_POST['genra'];
$email = $_POST['email'];
$website = $_POST['website'];
$imagefile = $_FILES['imagefile']['name']; 
$mp3file = $_FILES['mp3file']['name'];
$types = array("image/gif","image/jpeg","image/bmp","image/pjpeg","image/x-windows-bmp");
$types2 = array("audio/mpeg","audio/mp3","audio/x-mpeg-3","audio/x-mp3","audio/m3u","audio/x-m3u","application/x-compressed","application/zip","multipart/x-zip","application/x-troff-msvideo","video/msvideo","video/x-msvideo","application/x-compressed","video/avi","video/mpeg","audio/mpeg3","video/mpeg","video/x-mpeg");


    
   //This is the File upload part
   $uploaddir = $_SERVER['DOCUMENT_ROOT'].'/localmm/upload/';
   $uploadfile1 = $uploaddir . $_FILES['imagefile']['name']; 
   $uploadfile2 = $uploaddir . $_FILES['mp3file']['name'];
   
   
   //Check to see weather there is a file in our upload folder with the same name
   if (file_exists($_SERVER['DOCUMENT_ROOT'].'/localmm/upload/'.$imagefile)) {
		echo "There is already a file called <b>$imagefile</b> on our server. <b>Please rename this file.</b> <br><br>Click the Back button and RE-SUBMIT.";
		exit();
		}
		
     //Check to see weather there is a file in our upload folder with the same name   
	if (file_exists($_SERVER['DOCUMENT_ROOT'].'/localmm/upload/'.$mp3file)) {
		echo "There is already a file called <b>$mp3file</b> on our server. <b>Please rename this file.</b> <br><br>Click the Back button and RE-SUBMIT.";
		exit();
		} 
   
   if (in_array($_FILES['imagefile']['type'], $types)){
   move_uploaded_file($_FILES['imagefile']['tmp_name'], $uploadfile1);
       }else{
	   echo "There was an error when uploading. Your file could have been too big. or Check to see if you uploaded the correct file type. Allowd file types are. .gif, .jpg, .jpeg, .bmp";
}
   if (in_array($_FILES['mp3file']['type'], $types2)){ 
   move_uploaded_file($_FILES['mp3file']['tmp_name'], $uploadfile2);
   }else{
	   echo "There was an error when uploading. Your file could have been too big. or Check to see if you uploaded the correct file type. Allowd file types are. .mp3, .avi, .mpg, .mpeg, .zip";
}    
   

$sql = "INSERT INTO $genra (band_name, description, history, influences, genra, email, website, imagefile, mp3file) VALUES ('$bandname','$description','$history','$influences','$genra','$email','$website','$imagefile','$mp3file')";



$result = mysql_query($sql);

//Code to check if statement executed properly and display message
if ($result) {

} else {
echo("An error has occured");
}
//Close connection with MySQL
MySQL_close()
?>
?>
?>

Re: Stop overwriting of user uploaded files if file name exi

Posted: Sun Feb 29, 2004 5:21 pm
by phuts
Well, as far as the filename overwriting problem, you need to tell the script to stop if you encounter an existing file with the same name. With the code you have, all you do is tell the user that the filename already exists, but the script keeps executing anyways. Perhaps try:

Code: Select all

<?php
   //Check to see weather there is a file in our upload folder with the same name
  if (file_exists($imagefile)) {
		echo "<b>The file $imagefile chose to upload has the same name as a file on our server. Please rename it.</b>";
      exit();
		}
		
     //Check to see weather there is a file in our upload folder with the same name   
	if (file_exists($mp3file)) {
		echo "<b>The file $mp3file has the same name as a file on our server. Please rename it.</b>";
      exit();
		}
?>
the "exit();" lines will keep the rest of the code from executing, just make sure that your upload code is below these lines.

Posted: Sun Feb 29, 2004 5:23 pm
by mikegotnaild
Thank you :) . Im newb what can i say :)

Posted: Sun Feb 29, 2004 5:33 pm
by phuts
mikegotnaild wrote:Im newb what can i say :)
Check out how many posts I've made.. heh. Anywho, you can also easily include an upload form before the "exit()" function in each case so that the user can choose a different file without having to hit the back button (and possibly fill in the entire form again). Users like the option to be lazy :)

Posted: Sun Feb 29, 2004 5:48 pm
by mikegotnaild
hmm. Well this still isnt working. The file still overwrites.

Posted: Sun Feb 29, 2004 6:06 pm
by Illusionist
is the file that checks for the files that are being uploaded int he same directory as the file thats being overwrited? Meaning is that file above in the same upload directory? Because if its not, then your going to want to include the directory path to the file when checking if it exists....

Posted: Sun Feb 29, 2004 6:19 pm
by phuts
If I understand correctly, Illusionist is saying to make sure you are checking for the existing file in the correct directory.. I'm not sure if this is the correct syntax, but something like:

Code: Select all

<?php
 if (file_exists($_SERVER['DOCUMENT_ROOT'].'/localmm/upload/'.$imagefile))

?>
to replace:

Code: Select all

<?php
 if (file_exists($imagefile)) 
?>

Posted: Sun Feb 29, 2004 6:22 pm
by mikegotnaild
I had done that before but i was getting bad results until i found that i was doing something stupid and i forgot about doing that and im just not making sense right now lol BUT i understand what your saying.

Posted: Sun Feb 29, 2004 6:25 pm
by Illusionist
bad results, like...

Posted: Sun Feb 29, 2004 6:26 pm
by mikegotnaild
WORKS!! Thanks guys.

phuts.. If you dont mind could u give me an example of doing that form thing like you said? But if you dont want to thats fine.

ILLUSIONIST
I had called a totally different upload.php from my FORM.php than this one im working on.

IM A "PROGRAMMER" NOW lol. 100+ posts

Posted: Sun Feb 29, 2004 6:34 pm
by Illusionist
lol, glad u got it working! lol

Posted: Sun Feb 29, 2004 6:48 pm
by phuts
mikegotnaild wrote:phuts.. If you dont mind could u give me an example of doing that form thing like you said?
Sure, but it might be easier if you post your code for the original form first, in order to base it off of the original.

Posted: Sun Feb 29, 2004 6:51 pm
by mikegotnaild
Sorry for taking so long to reply.

Code: Select all

<FORM enctype="multipart/form-data" ACTION="http://naild.com/localmm/modules.php?name=Band_Submit&file=upload" METHOD="POST"> 
Band Name:<br>
<input type="text" name="band_name"size=40><br>
Description:<br>
<textarea cols=65 rows=10 name="description"></textarea><br>
History:<br>
<textarea cols=65 rows=10 name="history"></textarea><br> 
Influences:<br>
<input type="text" name="influences"size=65><br>
<br>
Select Genra:<br>
<select name="genra"><br>
<option>------Click Here-----</option>
<option value="Acoustic">Acoustic</option> 
<option value="Alternative">Alternative</option>
<option value="Blues">Blues</option>
<option value="Christian">Christian</option> 
<option value="Classic_Rock">Classic Rock</option> 
<option value="Classical">Classical</option> 
<option value="Country">Country</option> 
<option value="Cover_Bands">Cover Bands</option> 
<option value="Death_Metal">Death Metal</option> 
<option value="Disc_Jockey">Disc Jockey</option> 
<option value="Easy_Listening">Easy Listening</option> 
<option value="Electronic">Electronic</option> 
<option value="Emo">Emo</option>
<option value="Experimental">Experimental</option> 
<option value="Folk">Folk</option> 
<option value="Funk">Funk</option> 
<option value="Gospel">Gospel</option> 
<option value="Gothic">Gothic</option> 
<option value="Grunge">Grunge</option> 
<option value="Hardcore">Hardcore</option> 
<option value="Hip_Hop">Hip Hop</option> 
<option value="Instrumental">Instrumental</option> 
<option value="Jazz">Jazz</option> 
<option value="Metal">Metal</option> 
<option value="Modern_Rock">Modern Rock</option>
<option value="Progressive">Progressive</option>
<option value="Punk">Punk</option>
<option value="Rap">Rap</option> 
<option value="Reggae">Reggae</option> 
<option value="Rock">Rock</option>
<option value="Ska">Ska</option>
<option value="Speed_Metal">Speed Metal</option> 
<option value="Swing">Swing </option>
</select>
<br>
<br> 
   Email:<br>
   <input type="text" name="email"size=40><br>
   <br>
   Website:<br>
   <input type="text" name="website"size=40 value="http://"><br>
   <br>
   Upload files:<BR>
    <i>Click Browse than browse to your file</i><br>
   <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="200000" />
   Image File: (200 kb max)<br>
   <INPUT TYPE="FILE" NAME="imagefile" SIZE="50">&nbsp <i>(IF you do select an image file or mp3 file to upload, UPLOAD TIMES MAY VARY. The page will appear to be loading, but thats the upload in progress)</i><BR>
   <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="6000000" />
   Mp3/.avi/.mpg/.mpeg/.zip File: (6MB max)<br>
   <INPUT TYPE="FILE" NAME="mp3file"  SIZE="50"><BR> 
   <INPUT TYPE="submit" name="submit" value="submit"><BR>
</form>

Posted: Sun Feb 29, 2004 6:55 pm
by d3ad1ysp0rk

Code: Select all

<option value="Progressive">Progressive</option 
><option value="Punk">Punk</option> 
<option value="Rap">Rap</option>
to

Code: Select all

<option value="Progressive">Progressive</option 
<option value="Punk">Punk</option> 
<option value="Rap">Rap</option>

Posted: Sun Feb 29, 2004 6:59 pm
by mikegotnaild
:) just a simple typo.