1

I am using this snippet below to get the filename and extension, which works, but how can i rename the file so that filename will equal bake23 + the extension of the file. 

  $variable = 'baKe23';


  $filename = $_FILES['filename']['name'];
  $ext = $_FILES["filename"]["type"];

Rename if a filename already exists:

       $filename = $_FILES['filename']['name']; 
  $extension = substr($filename, strpos($filename,'.'), 
  strlen($filename)-1);

         $sql="SELECT filename FROM documents WHERE person_id= '$pid'";  

     $result=mysql_query($sql);

    $query = mysql_query($sql) or die ("Error: ".mysql_error());

    if ($result == "")
    {
    echo "";
     }
    echo "";


   $rows = mysql_num_rows($result);

   if($rows == 0)
   {
  print("");

   }
   elseif($rows > 0)
   {
  while($row = mysql_fetch_array($query))
   {

  $existing = $row['filename'];

  print("");
   }

    }

    if ( $filename === $existing ) {
$filename = $rnd_id.strrchr($_FILES['filename']['name'], ".");

   } else {
   $filename = $_FILES['filename']['name'];;
    }
KPO
  • 890
  • 2
  • 20
  • 40

2 Answers2

4

Get the extension from the submitted filename and add it to your variable:

$filename = basename($filename);
$filename = $variable . (string) strrchr($filename, '.');

Edit: For your edited question, literally:

$filename =  $variable . '.' . $ext;

However, considering I would be uploading an image called banana-smiley.gif, the following would happen:

$filename = 'baKe23.image/gif';

This is not what you want I assume. You should not even rely on $_FILES[*]["type"] at all. What you need to do is inspect each uploaded file (determine the type, validate the type, run a virus checker on the uploaded file).

Question related to this are Secure File Upload and validating it and Is it important to verify that the uploaded file is an actual image file?.

Community
  • 1
  • 1
hakre
  • 193,403
  • 52
  • 435
  • 836
  • 1
    @KPO: It's the mime-type, not the file-type (extension). You probably are looking for a map from mime-type to file-extension. See http://www.php.net/manual/en/features.file-upload.post-method.php for a list of all the keys in `$_FILES`. – hakre Aug 09 '11 at 21:20
  • i am using this to avoid duplicate file names. do you think its better if i instead of renaming give each document a new folder within the users folder? – KPO Aug 09 '11 at 22:00
  • 2
    @KPO: Instead of a folder you can just prefix the files, or start to number them if a file of the same name already exists. But I would prefix them with some shorter random sequence, so filenames on disk are not predictable that easily. – hakre Aug 09 '11 at 22:04
  • @hakre thanks again. i did try to do a rename script but it doesn't work and instead changes all file upload names. Can you check, i have posted what i used. – KPO Aug 09 '11 at 22:48
3
$variable = 'baKe23';
$filename = $_FILES['filename']['name'];
$filename = $variable.strrchr($_FILES['filename']['name'], ".");

or

$variable = 'baKe23';
$filename = $_FILES['filename']['name'];
$filename = $variable.".".pathinfo($filename, PATHINFO_EXTENSION);
genesis
  • 50,477
  • 20
  • 96
  • 125
  • @KingCrunch: changed already. You should wait before downvoting a bit. just a mistake – genesis Aug 09 '11 at 21:10
  • If you've got a malicious file name submitted, the strrchr variant can be fooled to inject path patterns into the new name. I came to the conclusion it's best to combine strrchr and basename now. – hakre Aug 09 '11 at 21:23
  • i am using this to avoid duplicate file names. do you think its better if i instead of renaming give each document a new folder within the users folder? – KPO Aug 09 '11 at 22:01
  • 1
    @KPO: I think it will be better to create md5() value for these files – genesis Aug 09 '11 at 22:06