当前位置: 动力学知识库 > 问答 > 编程问答 >

mysql - No file selected while uploading in php

问题描述:

I am trying to upload the video and on same page trying to insert into database.

Here is What I m trying to do. But it gives me No File Selected Message.

<?php

if( true == isset($_POST['upload']))

{

$name=$_FILES['uploadvideo']['name'];

$type=$_FILES['uploadvideo']['type'];

//$size=$_FILES['uploadvideo']['size'];

$cname=str_replace(" ","_",$name);

$tmp_name=$_FILES['uploadvideo']['tmp_name'];

$target_path="test_upload/";

$target_path=$target_path.basename($cname);

if(move_uploaded_file($_FILES['uploadvideo']['tmp_name'],$target_path))

{

echo $sql="INSERT INTO video(name,type) VALUE('".$cname."','".$type."')";

$result=mysql_query($sql);

echo "Your video ".$cname." has been successfully uploaded";

}

}

<form name="video" enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

<input name="MAX_FILE_SIZE" value="100000000000000" type="hidden"/>

<input type="file" name="uploadvideo" />

<input type="submit" name="upload" value="SUBMIT" />

</form>

?>

网友答案:

you need to create a folder test_upload in the directory where you have php file

add

error_reporting(E_ALL); 

at beginning of php code so you can see errors in page.

网友答案:

The mysql family of functions are deprecated and have been totally removed from PHP 7+ so you should upgrade your code to either mysqli or PDO and take advantage of prepared statements to help prevent malicious SQL injection. I would suggest also that as you are allowing users to upload files you ought to do more processing of the uploaded file to ensure that it is of the expected type!

<!doctype html>
<html>
    <head>
        <title>Video upload</title>
    </head>
    <body>
        <?php

            function getmimetypes(){
                $url='http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types';
                $types=array();

                array_walk( file( $url ), function( $line, $key, $types ){
                    if( $line && !empty( $line ) && strpos( $line, chr( 35 ) )===false ){
                        list( $m, $e )=array_values( array_filter( preg_split( '@\[email protected]', trim( $line ) ) ) );
                        if( strpos( $e, chr( 32 ) ) ){
                            $o=explode( chr( 32 ), $e );
                            foreach( $o as $e ) $types[ $e ]=$m;
                        } else {
                            $types[ $e ]=$m;
                        }
                    }                       
                }, &$types );
                return $types;
            }

            if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_FILES['uploadvideo'], $_POST['upload'] ) ){

                /* permitted extensions */
                $exts=array( 'mp4', 'mov', 'avi' );

                /* permitted mimetypes */
                $mimetypes=array( 'video/mp4', 'video/quicktime', 'video/x-msvideo' );

                /* Get an array of possible Mimetypes */
                $types = getmimetypes();


                /* For simplicity, cast as an object */
                $obj=(object)$_FILES['uploadvideo'];
                $name=$obj->name;
                $tmp=$obj->tmp_name;
                $size=$obj->size;
                $type=$obj->type;
                $error=$obj->error;

                $cname=str_replace( " ", "_", $name );

                /* get file extension */
                $ext = pathinfo( $name, PATHINFO_EXTENSION );

                /* set the target path */
                $target="test_upload/{$cname}";

                /* process the uploaded file */
                if( is_uploaded_file( $tmp ) && $error == UPLOAD_ERR_OK ){

                    /*
                        additional checks on file - is it of the correct extension and mimetype?
                    */
                    if( in_array( $ext, $exts ) && in_array( $type, $mimetypes ) ){

                        $result = @move_uploaded_file( $tmp, $target );

                        $sql='insert into `video` ( `name`,`type` ) values ("'.$cname.'","'.$type.'");';
                        if( $result ){
                            $result = mysql_query( $sql );
                            echo $result ? 'Your video '.$cname.' has been successfully uploaded and saved' : 'There was a problem saving your video';
                        } else {
                            echo 'Unable to move your video to it\'s new location';
                        }
                    }
                } else {
                    echo 'Error: Possible attack';
                }
            }
        ?>
        <form enctype='multipart/form-data' method='post'>
            <input name='MAX_FILE_SIZE' value='100000000000000' type='hidden' />
            <input type='file' name='uploadvideo' />
            <input type='submit' name='upload' value='Upload' />
        </form>
    </body>
</html>
分享给朋友:
您可能感兴趣的文章:
随机阅读: