Creating A File Upload Script

Home > php & mysql > Creating A File Upload Script

April 28th, 2009 Ahsun Taquveem Chohan Leave a comment Go to comments

I will teach you how to create a basic script that allow people to upload files and stores details of their uploads in a database. Follow up, it is not hard at all…. If you have questions, feel free to ask

First we need to create the database table with the following SQL:

CREATE TABLE `uploads` (
`id` int(10) unsigned NOT NULL auto_increment,
`whenuploaded` datetime NOT NULL default '0000-00-00 00:00:00',
`ipaddress` varchar(15) NOT NULL default 'unknown',
`imageloc` varchar(255) NOT NULL default 'unknown',
`imagesize` int(10) unsigned default NULL,
`imagetype` varchar(30) default NULL,
PRIMARY KEY (`id`)
) TYPE=MyISAM;

Then here’s the PHP code you need at the top of the page where you’re going to have your upload form. You need to change the database access details at the top and the ‘defines’ to specify your domain and path names. Create the DEST_DIR directory on the server with 777 permissions.

define('MAX_ALLOWED_FILE_SIZE', 1024000); // change 1024000 with the size you wish to allow people to upload
define("DEST_DIR", '/upload/'); / / set your upload dir
define('DEST_PATH', '/home/public_html' . DEST_DIR); //path to your dir
define('DEST_URL', 'http://yourwebsite.com' . DEST_DIR);

$allowed_types = array("image/gif", "image/pjpeg", "image/x-png", "image/bmp"); //set the allowed extensions

$dbhost = "localhost";
$dbname = "yourdb_name";
$dbuser = "yourdb_user";
$dbpass = "yourdb_password";

$errormessage = "Please enter file to be uploaded."; //change this message to whatever U want

if ((isset($_REQUEST['form_submit'])) && ('form_uploader' == $_REQUEST['form_submit']))
{
$picfile_name = $_FILES['picfile']['name'];
$picfile_type = $_FILES['picfile']['type'];
$picfile_size = $_FILES['picfile']['size'];
$picfile_temp = $_FILES['picfile']['tmp_name'];

if (MAX_ALLOWED_FILE_SIZE >= $picfile_size)
{
if (in_array($picfile_type, $allowed_types))
{
if (is_uploaded_file($_FILES['picfile']['tmp_name']))
{

if (file_exists(DEST_PATH . $picfile_name))
{
$unique_id = time();
$picfile_name = $unique_id . '_' . $picfile_name;
}

if (move_uploaded_file($picfile_temp, DEST_PATH . $picfile_name))
{
$errormessage = "File uploaded as:
" . DEST_URL . $picfile_name . "";

if(mysql_connect($dbhost, $dbuser, $dbpass))
{
if(mysql_select_db($dbname))
{
$sql1 = "INSERT INTO uploads (whenuploaded, ipaddress, imageloc, imagesize, imagetype) VALUES (";
$sql1 .= "'" . date("Y-m-d H:i:s") . "',";
$sql1 .= "'" . $_SERVER['REMOTE_ADDR'] . "',";
$sql1 .= "'" . DEST_DIR . $picfile_name . "',";
$sql1 .= "" . $picfile_size . ",";
$sql1 .= "'" . $picfile_type . "')";

if (!mysql_query($sql1))
{
$errormessage .= "
Query failed [$sql1].";
}
}
else
{
$errormessage .= "
Could not select database.";
}
}
else
{
$errormessage .= "
Could not connect to database.";
}
}
else
{
$errormessage = "File upload failed for obscure reasons (error code: " . $_FILES['picfile']['error'] . ").";
}
}
else
{
$errormessage = "No file uploaded.";
}
}
else
{
$errormessage = "Invalid file type.";
}
}
else
{
$errormessage = "File too big (maximum size is " . MAX_ALLOWED_FILE_SIZE . ").";
}
$_REQUEST['form_submit'] = "";
}

?>

Share on Facebook

Categories: php & mysql Tags: bmp, code, create, domain, extension, file, jpg, mysql, path, permission, php, script, tutorial, upload

Comments (1) Trackbacks (0) Leave a comment Trackback

Muhammad umair

June 9th, 2009 at 20:57 | #1

Reply | Quote

meray ooper se guzar gaya. php ka koi idea nai hai

No trackbacks yet.

What is a denial of service(DOS) attack? How to protect your computer from usb/flash drives viruses

Ahsun Taquveem Chohan