Welcome to WebmasterWorld Guest from 54.159.50.111

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

file upload

     
9:38 am on Aug 19, 2010 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 19, 2008
posts:49
votes: 0


The following form uploads video clips into video table.
The problem is that only files that are under 980kb are uploaded and they should be atleast 5MB.
I have set "post_max_size=15MB", "upload_max_filesize=10MB" in php.ini but still files over 980kb dont get uploaded.
Can a php/mysql expert help
__________________________________________________________

The form:

<form method="post" enctype="multipart/form-data" action="uploader_2.php">
<table align="center" bordercolor="#FF6600" class="box">
<tr bordercolor="#FF6633" bgcolor="#FF6633">
<td><font color="#FF6600"><strong><font color="#FFFFFF" size="-7" face="Tahoma">Description</font></strong></font></td>
<td><font color="#FF6600"><strong><font size="-7" face="Tahoma">
<textarea name="txtDescription" cols="29" rows="4"></textarea>
</font></strong></font></td>
</tr>
<tr bordercolor="#FF6633" bgcolor="#FF6633">
<td><font color="#FF6600"><strong><font color="#FFFFFF" size="-7" face="Tahoma">Video
by</font></strong></font></td>
<td><font color="#FF6600"><strong><font size="-7" face="Tahoma">
<input name="txtTaken_by" type="text" size="38" />
</font></strong></font></td>
</tr>
<tr bordercolor="#FF6633" bgcolor="#FF6633">
<td><font color="#FF6600"><strong><font color="#FFFFFF" size="-7" face="Tahoma">Email</font></strong></font></td>
<td><font color="#FF6600"><strong><font size="-7" face="Tahoma">
<input name="txtEmail" type="text" size="38" />
</font></strong></font></td>
</tr>
<tr bordercolor="#FF6633" bgcolor="#FF6633">
<td><font color="#FFFFFF" size="-7" face="Tahoma"><strong>Video</strong></font></td>
<td><font color="#FF6600"><strong><font size="-7" face="Tahoma">
<input name="userfile" type="file" size="26" />
</font></strong></font></td>
</tr>
<tr bordercolor="#FF6633" bgcolor="#FF6633">
<td><font color="#FF6600" size="-7">&nbsp;</font> </td>
<td><font color="#FF6600"><strong><font size="-7" face="Tahoma">
<input name="upload" type="submit" value="Upload" />
</font></strong></font></td>
</tr>
</table>
</form>

__________________________________________________________

Form handler "uploader_2.php":

<?php

$link_id = mysql_connect("localhost", "username", "password");

if(!$link_id) die ("could not connect");

mysql_select_db(test,$link_id);

if(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0)
{
$fileName = $_FILES['userfile']['name'];

$tmpName = $_FILES['userfile']['tmp_name'];

$fileSize = $_FILES['userfile']['size'];

$fileType = $_FILES['userfile']['type'];


$description = $_POST['txtDescription'];
$taken_by = $_POST['txtTaken_by'];
$email = $_POST['txtEmail'];

$fp = fopen($tmpName, 'r');
$content = fread($fp, filesize($tmpName));
$content = addslashes($content);
fclose($fp);

if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
}




$query = "INSERT INTO videos ( video, description, taken_by, email, name, size, type ) ".
"VALUES ( '$content', '$description', '$taken_by', '$email', '$fileName', '$fileSize', '$fileType')";


mysql_query($query) or die('Error, query failed');


echo "<br>Your video <i><b>$fileName</b></i> Is Succesfully uploaded Into Our video Database<br>";

}
?>

__________________________________________________________

DATABASE=test
table "video"structure:

id= int, primary key, not null, auto increment
video= longblob
description= text
taken_by= varchar (255)
email=varchar (255)
time= timestamp
name= varchar (255)
size= int(50)
type= varchar(10)

Thanking you in advance
10:27 am on Aug 19, 2010 (gmt 0)

Junior Member

5+ Year Member

joined:Dec 5, 2008
posts:94
votes: 0


Hi, when you say "dont get uploaded" could you provide the error message you are getting?
11:14 am on Aug 19, 2010 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 19, 2008
posts:49
votes: 0


Error, query failed
11:23 am on Aug 19, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Feb 22, 2009
posts:1396
votes: 0


Hi there phex,

Try this intead:-

$query = "INSERT INTO `videos` ( `video`, `description`, `taken_by`, `email`, `name`, `size`, `type` ) VALUES ('".$content."', '".$description."', '".$taken_by."', '".$email."', '".$fileName."', '".$fileSize."', '".$fileType."')";


That should do the trick :) Back ticks aren't necessary, I just find it better to always include them, and depending on the content of the vars you are submitting they may not need quoting (numerical values)

And hopefully, you are sanitising the data before using it in conjunction with the sql query?

Cheers,
MRb
11:53 am on Aug 19, 2010 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 19, 2008
posts:49
votes: 0


I still get the same "Error, query failed " message, and what do you mean by "And hopefully, you are sanitising the data before using it in conjunction with the sql query?
"? I am learning php on my own.

Over!
12:03 pm on Aug 19, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Feb 22, 2009
posts:1396
votes: 0


Hi there Phex,

Short form answer: look in to using strip_tags() & mysql_real_escape_string().

So:[uk.php.net ] and:[uk.php.net ]

These functions are used in conjunction with data being used in a sql query to make the data safe so that any information posted by the user should not harm your information stored on your database, all that it takes is for someone with know how to add: DROP Yourdatabase; in an input box and post that, and without some sanitising, that could be actioned, then your data is gone.

Hope that makes sense.

Cheers,
MRb
5:28 pm on Aug 19, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


phex, change this

mysql_query($query) or die('Error, query failed');

to this

mysql_query($query) or die('Query failed: ' . mysql_error());

to see what the error really is. Remove that change after deployment for security reasons.

The column count matches, so it won't be that - but it's LIKELY not escaping a ', are there any in your input?

I don't know if type and name conflict with internal functions, it **may** be that, which is a good case for backtics. This looks a little more complex, but give it a go.

$query = "INSERT INTO videos ( `video`, `description`, `taken_by`, `email`, `name`, `size`, `type` ) VALUES ( '" .
mysql_real_escape_string($content) . "', '" .
mysql_real_escape_string($description) . "', '" .
mysql_real_escape_string($taken_by) . "', '" .
mysql_real_escape_string($email) . "', '" .
mysql_real_escape_string($fileName) . "', '" .
mysql_real_escape_string($fileSize) . "', '" .
mysql_real_escape_string($fileType) . "')";

// revert to this when live
//mysql_query($query) or die('Query failed');

mysql_query($query) or die('Query failed: ' . mysql_error());
5:43 pm on Aug 19, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Feb 22, 2009
posts:1396
votes: 0


Hi all,

I just noticed something:-

>>mysql_query($query)

Make sure that you have a valid connection handle to the DB or you will get the failed to connect message after you adopt Rocknbil's approach.

Cheers,
MRb
2:43 am on Aug 20, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


I never use mysql_query($query,$connection), if you only have one database handle in the proggie it's not needed. :-)
8:04 am on Aug 20, 2010 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 19, 2008
posts:49
votes: 0


I used rockbil's code and I now get an error message "Query failed: Got a packet bigger than 'max_allowed_packet' bytes". What can be done?

$query = "INSERT INTO videos ( `video`, `description`, `taken_by`, `email`, `name`, `size`, `type` ) VALUES ( '" .
mysql_real_escape_string($content) . "', '" .
mysql_real_escape_string($description) . "', '" .
mysql_real_escape_string($taken_by) . "', '" .
mysql_real_escape_string($email) . "', '" .
mysql_real_escape_string($fileName) . "', '" .
mysql_real_escape_string($fileSize) . "', '" .
mysql_real_escape_string($fileType) . "')";

mysql_query($query) or die('Query failed: ' . mysql_error());
4:08 pm on Aug 20, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


Now yer' getting somewhere. :-)

max_allowed_packet [dev.mysql.com]

I should have caught this earlier, but it **looks** like you're storing the video itself right in the database, is that correct? ($content) Bad idea, this will make for a gargantuan DB. Suggest you store the video on the file system and just store the file name reference in your tables.
6:28 pm on Aug 20, 2010 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 19, 2008
posts:49
votes: 0


rocknbil:

what will the code for that be?
2:26 am on Aug 21, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


look around for some file upload samples, been a long day. Basically you define a variable somewhere,

$upload_dir = '/full/path/to/upload_dir';
$upload_url = /upload_dir',

and make sure upload_dir is writable by PHP. Then you use move_uploaded_file() to move it from it's temporary upload location to your file system. Use the URL variable to pull the file into your Flash player or whatver to play it in web pages.
7:42 am on Aug 22, 2010 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 19, 2008
posts:49
votes: 0


finally i got it right.thanks alot from all of you guys especialy because i followed more of your advises.

One last thing, what is the best media player you can suggest i embed on a webpage?
7:44 am on Aug 22, 2010 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 19, 2008
posts:49
votes: 0


finally i got it right.thanks alot from all of you guys especialy 'rocknbil' because i followed more of your advises.

One last thing, what is the best media player you can suggest i embed on a webpage?
5:40 pm on Aug 22, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


Depends on your video type.

I use ffmpeg to convert any uploaded format to .flv, then write my own players in Flash, but whatever you do if you're using < HTML5 or XHTML use .swf object to do the embed. There are a variety of Flash players out there, some of them free, some not.

If you use HTML5, you can use the video object that's now part of the spec, no Flash needed (Note, I have no direct experience with this yet, it's "on my list.") . The advantage to that is Mr. Jobs has vowed Flash will never be available on his precious iPad, so Mac users will be able to access the video as well.

You may still want to install and use ffmpeg to convert to a singular format so you can standardize your video output, as well as add watermarking to the video.