0

I want to upload file in server temporarily and then read the content of this file and insert the content to database. But when i run the html and upload a file it shows 404 not found error and nothing is uploaded. I cant find where is the error. Here goes the html code

<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>

<body>

<form method="POST" action="upload.php" enctype="multipart/form-data">

    <input type="hidden" name="MAX_FILE_SIZE" value="1000000">
    <br>File to upload:
    <br>
    <input type="file" id="userfile" name="userfile" size="40">
    <p>
        <input id="upload" type="submit" name="upload" value="upload">
</form>
</body>
</html>

and here goes upload.php

<?php
require_once('DBconnection.php');


ini_set('display_errors', 1);
ini_set('log_errors', 1);

if ($db -> connect_error){
    die("connection failed ".$db->connect_error);
}
else{
    echo "connection successful";
}

if(isset($_FILES['upload'])) {
    if ($_FILES['upload']['error'] == 0) {

        $fileName = $db->real_escape_string($_FILES['userfile']['name']);
        $tmpName = $db->real_escape_string($_FILES['userfile']['tmp_name']);
        $fileSize = intval($_FILES['userfile']['size']);
        $fileType = $db->real_escape_string($_FILES['userfile']['type']);

        $fp = fopen($tmpName, 'r');
        $content = fread($fp, filesize($tmpName));
        $content = addslashes($content);
        fclose($fp);

        if (!get_magic_quotes_gpc()) {
            $fileName = addslashes($fileName);
        }


        echo $fileSize;

        $ins_query = "INSERT INTO upload (filename, filesize, filetype, content ) " .
            "VALUES ('$fileName', '$fileSize', '$fileType', '$content')";
        $que = $db->query($ins_query);

        if ($que == true)
            echo "<br>File $fileName uploaded<br>";
        else
            echo "Error: " . $ins_query . "<br>" . mysqli_error($db);
    }
    else {
        echo 'Error! A file was not sent!';
    }
}

?>
Israt
  • 87
  • 1
  • 9
  • 1
    Your file-input field is named `userfile`, not `upload` (which is the button and must be accessed with `$_POST`) – M. Eriksson Aug 10 '17 at 15:22
  • 3
    are your `upload.php` and the html file in the same directory? – coderodour Aug 10 '17 at 15:22
  • @MagnusEriksson Would that cause a 404 error? I think it would just throw an error for php. Actually not even that it would just ignore the if statement – GrumpyCrouton Aug 10 '17 at 15:22
  • @GrumpyCrouton No, it wouldn't. I just read the title and then saw the script. :-) – M. Eriksson Aug 10 '17 at 15:23
  • 3
    [Little Bobby](http://bobby-tables.com/) says **[you are at risk for SQL Injection Attacks](https://stackoverflow.com/q/60174/)**. Learn about [Prepared Statements](https://en.wikipedia.org/wiki/Prepared_statement) for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even **[escaping the string](https://stackoverflow.com/q/5741187)** is not safe! I recommend `PDO`, which I [wrote a function for](https://stackoverflow.com/a/45514591) to make it extremely **easy**, very **clean**, and way more **secure** than using non-parameterized queries. – GrumpyCrouton Aug 10 '17 at 15:24
  • Change `action="upload.php"` to be relative from the document root instead of the current url. If it is in the root folder: `action="/upload.php"`, or if it's a sub dir: `action="/path/to/upload.php"` – M. Eriksson Aug 10 '17 at 15:26
  • 1
    First, Change `if(isset($_FILES['upload'])) {` to `if(isset($_POST['upload'])) {` – Nana Partykar Aug 10 '17 at 15:30
  • 1
    Second, Change `$_FILES['upload']['error'] == 0` to `$_FILES['userfile']['error'] == 0)` – M. Eriksson Aug 10 '17 at 15:35
  • Now it only shows connection successful without executing the rest part – Israt Aug 10 '17 at 16:38

3 Answers3

0

the 404 error is an http error there is no way the code in upload.php can show you this kind of error with the code you have, check if when you click the upload button you reach the exact url of your upload.php file (maybe the html and the php aren't in the same directory).

With the code you have in case the file doesn't upload the result of your php script will be "connection successful" and nothing else, maybe your error is because the file DBconnection.php isn't in the same directory of upload.php.

Daniel Forero
  • 95
  • 6
  • 1
    If `require_once` fails to load a file, it doesn't return 404 which, as you've already stated yourself, is a HTTP code, not PHP. – M. Eriksson Aug 10 '17 at 15:32
  • I would remove the bit about dbconnection.php as that is not possibly the issue for a 404 error as Magnus said. – GrumpyCrouton Aug 10 '17 at 15:35
  • They are both in the same directory. That 404 error is gone but it only shows connection successful without executing the rest part – Israt Aug 10 '17 at 16:40
  • what do you get if you put this: var_dump($_FILES); before if(isset($_FILES['upload']))? with this we can diagnose if the file is arriving. – Daniel Forero Aug 10 '17 at 18:54
  • I got this: connection successfularray(0) { } – Israt Aug 11 '17 at 01:40
  • ok, there is nothing arriving to the php, there's no files, try with var_dump($_POST); and var_dump($_REQUEST); I guess the problem, is in your HTML file but I can't figure out why because I have no PHP installed in this machine. – Daniel Forero Aug 11 '17 at 14:56
0

It seems to me your upload has failed, most probably due to some php directives being too limited, such as post_max_size & upload_max_filesize - have a look at PHP upload fail (empty $_FILES). I would also monitor the php.log to see if indeed such errors are present.

Eyal
  • 48
  • 7
  • I've increased the sizes in php.ini but still getting same thing. I can't find any error too, so i can't find where the problem is. – Israt Aug 11 '17 at 15:44
  • Could it be that the file you upload surpasses the MAX_FILE_SIZE setting you've placed in your html file (it is set to about 1MB limit) ? – Eyal Aug 13 '17 at 11:39
0

The problem was it was not getting the exact directory location which I solved by adding this $targetfolder = getcwd() . "/testupload/"; and also I was not receiving the values passed in PHP from HTML properly. So after fixing those issues, my problem is solved.

Israt
  • 87
  • 1
  • 9