Uploading file failed, db entry created anyway
Posted: Wed Jan 11, 2006 9:16 am
I have two problems with the foillowing code, one minor, the other major.
The major one first. If the viewer types in a filename of a file that does not exist the code above creates the database entry and unsets the $_SESSION var as if a file had been uploaded successfully. wtf?
And the minor one. The max file size defined in php.ini is 2Mb as is max upload etc. But if the user selects a file that is larger than that, the system waits a bit over sixty seconds before informing that the upload failed, despite the inclusion of the following in the form.
Shouldn't that trip the oversize file error faster than that?
Code: Select all
if (isset($_POST['AddFile'])) // the file/name upload has been attempted by client
{
ob_start();
if (is_uploaded_file($_FILES['Ifile']['tmp_name']))
{
$Dest = "incl/" . $_FILES['Ifile']['name']; // where to put it
if (move_uploaded_file($_FILES['Ifile']['tmp_name'], $Dest) != FALSE) // success
{
include "db_connect.php"; // connects and links to correct db
$F = $_FILES['Ifile']['name']; // don't need path in db name
$N = $_POST['Client'];
$Query = "INSERT INTO Clients (id,Name,File) VALUES (0,'$N','$F')";
mysql_query($Query,$Link);
unset($_SESSION['Add']); // kicks sysyem out of add mode
}
else $msg = "writing " . $_FILES['Ifile']['name']; // could not move uploaded file
}
else $msg = "uploading " . $_FILES['Ifile']['name']; // file did not upload
$Inform = "Client not created: " . $msg . " failed.";
ob_end_flush();
}And the minor one. The max file size defined in php.ini is 2Mb as is max upload etc. But if the user selects a file that is larger than that, the system waits a bit over sixty seconds before informing that the upload failed, despite the inclusion of the following in the form.
Code: Select all
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">