properly save file upload contents to MySQL DB to retrieve as a link

Question

I am trying to build an upload component that saves the file information to a MySQL DB table. My first issue is that each time a user uploads a file, two entries are added to the database.

My next issue is that I was to grab an uploaded file and display it as a link for the user to click on to view in a new tab. Right now, the upload saves the file's server directory path. When I go to click on the file, I get an error message saying the directory path could not be found.

My biggest issue is the link problem to view the uploads. Then, if someone also has a suggestion for the double entry problem, that would also be appreciated.

My Code:

HTML: File upload feature - Successfully uploads all variables twice...

  <form id="sgFileUpload" action='sg_addupload.php' target='hiddenFrame' method="POST" enctype="multipart/form-data">

<fieldset id='uploadBtnField'>

  <input type="hidden" name="MAX_FILE_SIZE" value="50000000"/> 

  <input type='hidden' name='sgRef' id='sgRef' value='<?php echo $sgref ?>'>

  <input type='file' name='searchFile' id='searchFile' multiple>

  <input type='submit' name='startUpload' id='startUpload' value='Upload'>


</fieldset>

</form> <!-- End Form Input -->

My PHP: File upload to DB

if(isset($_POST['sgRef'])) {

$sgref=$_POST['sgRef'];

}

$fileName = $_FILES['searchFile']['name'];

    $fSize = $_FILES['searchFile']['size'];
    $fType = $_FILES['searchFile']['type'];

    $target = "../bms/uploads/";        
    $fileTarget = $target.$fileName;    
    $tempFileName = $_FILES["searchFile"]["tmp_name"];
    //$docType = $_POST['docType']; 
    $result = move_uploaded_file($tempFileName,$fileTarget);

if ($result) {

  //run DB Connection code...

  //Writes the information to the database
        $sql="INSERT sg_uploads(sgref,file,type,size,content,doctype) VALUES('$sgref','$fileName','$fType','$fSize','$fileTarget','Other')";

        $conn->query($sql);

        if($conn->query($sql)) {
            echo 'Your file <html><b><i>'.$fileName.'</i></b></html> has been successfully uploaded!';
        } else {
            //Gives an error if its not
            echo "Sorry, there was a problem uploading your file.";
        }


        //Free the result variables. 
         $sql->free();


         $result->free();


        //Close the Database connection.
         $conn->close();


    }//End If Statement.

PHP CODE: To display links from DB (PHP CODE FOR RETRIEVAL IS SUCCESSFUL)

    <?php
while ($row = $result->fetch_array()) {

              echo "<tbody>";
              echo "<tr>";
              echo "<td>" . "<a href=".$row['content']."' >".$row['file']."</a>". "</td>";
              echo "<br/>";
              echo "<br/>";
              }//end while.
              echo "</tr>";
              echo "</tbody>"; 

$filename = $row[0];
    echo "<p></p>";


?>

All help is appreciated! Thank you!

NOTE: the 'file' column in the database is a datatype of 'blob'.

the duplicate entries are caused by `$conn->query($sql); if($conn->query($sql)) {` - this answers "one" of your questions. — Funk Forty Niner, Jan 06 '17 at 17:40
*"When I go to click on the file, I get an error message saying the directory path could not be found."* - check your path then. Error reporting will help you here. — Funk Forty Niner, Jan 06 '17 at 17:41
@Fred Yes that was it! Thank you so much for the easy fix for that part! Any ideas on the file Link issue? This is my first time building an upload feature so I'm unsure of the proper way to save the file to the database. Should I save only the filename and directory, etc or should I attempt to save the actual file contents for retrieval purposes? — rdimouro, Jan 06 '17 at 17:45
welcome. again, check your file path and the row for it. If you're wanting to upload in db as blob, then you need to escape the file data. http://php.net/manual/en/function.error-reporting.php that could tell you if anything's wrong with the path, if it's just a path issue. — Funk Forty Niner, Jan 06 '17 at 17:47
@Fred when I open debugging for the specific issue, it lists a 404 not found error and displays the directory its trying to look for. However, that is the correct directory and when I physically check that directory, the exact upload is there as it should be, spelling correct and all. So i'm not sure why its unable to find the directory. — rdimouro, Jan 06 '17 at 17:48
check your logs then.Whatever was uploaded to `$target = "../bms/uploads/";` should point to those folders. I.e.: `` type of thing. Look at your html source also. Best I can do here. `/bms` assuming is under the root of course. — Funk Forty Niner, Jan 06 '17 at 17:49
Do you know of any reputable guides for properly escaping the file data to research further? — rdimouro, Jan 06 '17 at 17:50
@Fred, yes it was a directory issue. Upon fixing this issue, I was able to successfully link the the page and view it. If you summarize your two suggestions as an answer, I will mark your response as the correct answer. Thank you! — rdimouro, Jan 06 '17 at 18:04

Funk Forty Niner · Accepted Answer · 2017-01-06T18:11:05.763

"@Fred, yes it was a directory issue. Upon fixing this issue, I was able to successfully link the the page and view it. If you summarize your two suggestions as an answer, I will mark your response as the correct answer. Thank you!"

As I stated in comments:

The duplicate entries are caused by $conn->query($sql); if($conn->query($sql))

where there were two instances of query() being used.

You can just use the conditional statement and omit $conn->query($sql);.

For the path issue, this was also stated in comments that the folder's path wasn't properly indexed.

Footnotes:

You're presently open to an SQL injection. Best you use a prepared statement.

https://en.wikipedia.org/wiki/Prepared_statement

properly save file upload contents to MySQL DB to retrieve as a link

1 Answers1