0

Hi guys.. I have a page where I can add values and upload file. Example. I can add name age and upload a pdf file with it. After addingi can view in a table as a row where I can delete or edit the record. The uploaded file gets saved in a folder I created. And the file name goes to the databse and l can access the file by a link I created on the table view.. My problem is that. In my edit page.. Evrything gets edited correctly.. But my file name and actuall file does not update. Want I want to do is. in my edit page I should be able to update the file name in database and upload new file in folder for the selected record in table. If I only update values then it should work. But if I want to upload new file for that specific name. I should be able to upload new file in folder and change file name in database as well

3
Contributors
5
Replies
44
Views
2 Years
Discussion Span
Last Post by ernesto22
0

I'm sorry Enersto, I already tried really really hard. For some reason, I can't see it on my crystal ball. :)

1e4033c4e499e21349572cdd326c846e

image was lifted from here without permission.

Edited by veedeoo: more info added

0
  adding the values and uploading.php

   <?php
         $id= $_REQUEST['main_id'];

    require_once('sql.php');

       if ($_REQUEST['name']!='')
       { 

        $name = $_REQUEST['name'];
        $age = $_REQUEST['age'];
        $fload=($_FILES['FileUpLoad']['name']); 

                $folder = "upload/";
  // "FileUploaded" IS THE NAME OF THE INPUT WHERE I UPLOAD A FILE 
            $File = $_FILES["FileUpLoad"]['name'];      
        $folder = $folder . $File;  
        echo $folder . "<br>";
        $ok=1; 

            //This is our size condition 
        if ($FileUpLoad_size > 990000000){
            echo "Your file is too large.<br>";  
            $ok=0;  
        }  
        //This is our limit file type condition     
        if ($FileUpLoad_type =="text/php")  {
            echo "No PHP files<br>";  
            $ok=0;  
        } 


    $File = $_FILES["FileUpLoad"]['name'];
            echo("Die file = " . $File . "<br>");            
            if ($_FILES["FileUpLoad"]["name"]!="") {
                $fload =  $_FILES["FileUpLoad"]["name"] ;   
                while (file_exists("upload/" . $fload)) {
                  echo $File . " already exists. ";
                  $puntPos = strpos($fload,'.');
                  $len = strlen($fload);
                  $fload=substr($fload,0,$puntPos). "_" . rand(100,1000) . substr($puntPos,$fload) ;
                  $fload = rand(100,1000). "_".$_FILES["FileUpLoad"]["name"];   
                } 
                  $tmpName = $_FILES["FileUpLoad"]["tmp_name"];
                  echo "Die tydelike naam = " . $tmpName;   
                  move_FileUpLoad_file($_FILES["FileUpLoad"]["tmp_name"] ,
                  "upload/" . $fload);
            }


            $sql = "insert into tbl_gb (Name,Age,File,) values ('$name','$age','$fload')";
        mysqli_query($conn,$sql);

    }   


?>

<form name="form1" id="form1" method="POST"  enctype='multipart/form-data'>

<input type="text" name="name" id="name" /><br>

              <input type="age" name="age" id="age" ><br>
<label>upload:</label><input type="file" name="FileUpLoad" id="FileUpLoad" value="$fload"><br>

                <input type="button" value="save" />


this is my edit page

            edit.php

<?php
// update part************
if (isset($_REQUEST['update'])) 
        {    
            $name = $_REQUEST['name']; 
            $age = $_REQUEST['age']; 
            $fload = $_REQUEST['FileUpLoad']; 
            // here what i want to do is.. if no file is uploaded in the edit page then it should update without updating the file , which means file name and actuall file wont be affected
            if ($fload==""){
                 $query = "update tbl_gd set    Name='$name',Age='$age' where tbl_gd.r_id=$id";
             mysqli_query($conn,$query);
                }
                ///// here what i want to do is .. if a new file is uploaded at edit page then it should update file 
                 else
                                 $folder = "upload/";
  // "FileUploaded" IS THE NAME OF THE INPUT WHERE I UPLOAD A FILE 
            $File = $_FILES["FileUpLoad"]['name'];      
        $folder = $folder . $File;  
        echo $folder . "<br>";
        $ok=1; 

            //This is our size condition 
        if ($FileUpLoad_size > 990000000){
            echo "Your file is too large.<br>";  
            $ok=0;  
        }  
        //This is our limit file type condition     
        if ($FileUpLoad_type =="text/php")  {
            echo "No PHP files<br>";  
            $ok=0;  
        } 


    $File = $_FILES["FileUpLoad"]['name'];
            echo("Die file = " . $File . "<br>");            
            if ($_FILES["FileUpLoad"]["name"]!="") {
                $fload =  $_FILES["FileUpLoad"]["name"] ;   
                while (file_exists("upload/" . $fload)) {
                  echo $File . " already exists. ";
                  $puntPos = strpos($fload,'.');
                  $len = strlen($fload);
                  $fload=substr($fload,0,$puntPos). "_" . rand(100,1000) . substr($puntPos,$fload) ;
                  $fload = rand(100,1000). "_".$_FILES["FileUpLoad"]["name"];   
                } 
                  $tmpName = $_FILES["FileUpLoad"]["tmp_name"];
                  echo "Die tydelike naam = " . $tmpName;   
                  move_FileUpLoad_file($_FILES["FileUpLoad"]["tmp_name"] ,
                  "upload/" . $fload);
            }
                 $query = "update tbl_gd set    Name='$name',Age='$age',File='$fload' where tbl_gd.r_id=$id";
             mysqli_query($conn,$query);
                 {

                //}



//showing saved values*******
include('sql.php');
$id = $_REQUEST['main_id'];

$sql = "select * from tbl_gb where r_id=$id";

$rs = mysqli_query($conn,$sql);
$row = mysqli_fetch_assoc($rs);

$name = $row['Name'];
$age = $row['Age'];
$fload = $row['File'];
?>

<form>
<label>Name:</label><input type="text" name="name" id="name" value="<?php echo $name; ?>"/ >           <br>

        <label>age:</label><input type="text"  name="age" id="age" value="<?php echo $age;  ?>"/ ><br>

 <label>upload</label><input  type="file" name="FileUpLoad" id="FileUpLoad" ><br><br>

    <!--the input below is to display current uploaded file name>-->

 <input type="text" name="FileUpLoadCurrent"   value="<?php echo $fload ?>"/>




               <input type="submit" value="Edit" name="update"/>

</form>
0

Before giving response to your inquiries, please allow me to point out problem on your codes that needs to be fix immediately.

Please read one and two.

We must not use $_REQUEST when processing form data from user. The reason is that $_REQUEST is like a garbage disposal it will process "post" and "get" $_SERVER['REQUEST_METHOD']. We want to be more specific on which one to use. e.g. post or get.

Most hackers are focusing on PHP's superglobal variables vulnerabilities. To make the matter worse, your script is using $_REQUEST.

Although the link I have provided above is somewhat focused on the session exploits.

I wish I could explain this topic in great detail, but due to time constraint, I wrote a simple function for you to experiment and observe the behavior of the form processor with $_REQUEST.

In my humble opinion $_REQUEST is a lazy tool for a lazy developer. A developer who is lazy to define the appropriate method for the from processor.

Let's prove that your code will fail. Create a new file formtest.php

<?php 

    function adaptive_form($method)
    {

        $form ='<form method="'. $method .'" action="">
                <input type="text" name="name"/>
                <br/>
                <input type="password" name="pass"/>
                <br/>
                <input type="submit" name="submit" value="submit"/>
                </form>';

                return $form;

    }


    if(isset($_REQUEST['submit'])){
            echo $_REQUEST['name'];
            echo '<br/>';
            echo $_REQUEST['pass'];
    }

    ## call the function above with different params
    echo '<br/>';    
    //echo adaptive_form('');
    //echo adaptive_form('get');
      echo adaptive_form('post');

Uncomment one at a time and test by directing your browser to formtest.php

    //echo adaptive_form('');
    //echo adaptive_form('get');
      echo adaptive_form('post');

regardless of the value given to the method parameter, the form will be process. However, when method is equal to empty and get , the processor is shifted to get. Regardless if we make it a "post", the process is still open to all of the three.

so this one

<form action="testform.php" method="post">
<input type="text" name="name"/>
 <br/>
 <input type="password" name="pass"/>
  <br/>
  <input type="submit" name="submit" value="submit"/>
  </form>

can be easily overridden by simply doing this

http://localhost/testform.php?name=veedeoo&pass=password&submit=submit 

If you don't have a solid form validations and filters, someone can easily send a link to anyone with their valid credentials and the recipient can literally login on that account. Assuming that the system does not have any unique session identifier unique only to user. Even with a properly design session manager, cURL can still be use with a cookiejar to take care of the session verification issue. Again, the malicious user is more likely to penetrate your application.

So, what I am trying to suggest here is to remove the $_REQUEST on your script and change them with post e.g.

 if(isset($_POST['submit'])){
            echo $_POST['name'];
            echo '<br/>';
            echo $_POST['pass'];
    }

You should also set a unique upload id and then assign and verify using a session function.

After you have done that, we can move on to the real update problems.

Edited by veedeoo: more info added

0

thanx alot ! it was very interesting and stimulating. but this is a system that i will only be using alone locally, so security is not my main concern right now. And yes i have so far changed all all my public systems to a more secure stream. however my concern still applies in the update of the file being uploaded. please teach me more and help me tackle my challenge

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.