0

Hi everyone, i wanted to upload an excel file in a form and then display/edit the file from the form. Currently, the file can be uploaded at localhost but when i try to upload in server it was not successful. I would also want to view/edit the file and save the changes. Appreciate for your advise. Thanks a lot.

form.html

<form enctype="multipart/form-data" action="upload.php" method="POST"> 
    Please choose a file: <input name="uploaded" type="file" /><br /> <input type="submit" value="Upload" /> 
</form>

upload.php

<?php

$con=mysqli_connect("localhost","user","","pq");
// Check connection
if (mysqli_connect_errno()) 

    {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();

    }

$uploaded_size ='';
$uploaded_type = "";
$uploaded = "" ;
 $target = "upload/";  $target = $target . basename( $_FILES['uploaded']['name']) ;  $ok=1;   
 //This is the sizing condition
   if ($uploaded_size > 350000)  

   {  echo "Your file is too large.<br>";  $ok=0;  }  
//This is the file type limit condition
    if ($uploaded_type =="text/php")  {  echo "No PHP files<br>";  $ok=0;  }

      if ($uploaded_type =="text/css")  {  echo "No CSS files<br>";  $ok=0;  }

         if ($uploaded_type =="text/javascript")  {  echo "No Javascript files<br>";  $ok=0;  }

            if ($ok==0)  {  Echo "Sorry your file was not uploaded";  }

          else  {  
          if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))  
          {  echo "The file ". basename( $_FILES['uploaded']['name']). " has been uploaded";  }  
          else  
          {  echo "Sorry, there was a problem uploading your file.";  
          } 
          }
?>

Edited by pritaeas: Fixed markdown.

3
Contributors
2
Replies
30
Views
2 Years
Discussion Span
Last Post by Taywin
0

Hi, change:

$target = "upload/";

To:

$target = $_SERVER['DOCUMENT_ROOT'] . "/upload/";

Otherwise move_uploaded_file() will try to write the destination relatively to the script path. Then it should work.

A note: the conditional statements that you're using to detect Javascript, CSS and PHP will mostly fail, as the browser will probably set their mime to text/plain.

I don't see where you set the $uploaded_type variable but I suppose you're using $_FILES['uploaded']['type'], this is not defined by PHP, since is set by the browser it can be altered by the uploader, tricking your statements.

You're using a blacklist approach. In this case you should use a whitelist approach: check only for the allowed types, i.e. the excel mime types:

I would also want to view/edit the file and save the changes.

Have you tried PHPExcel?

1

I would actually stop at line 17 first. You declared value for $uploaded_size variable to an empty string, and then compared the value with an int? It means your variable is equal to 0 by default... You need to assign the real size of the supposed to be uploaded first (line 12), or it will fail right there.

Also, if $_FILES['...'] is not set, your script will fail...

Another point, if this is just an assignment, you don't need to worry about it. However, if you are doing this for your job, you should NEVER display any error from the server side on to client display! You should push the message into your log file and display other friendly error message back to the client instead!

Edited by Taywin

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.