Jump to content

How to avoid uploading of videos dynamically upon “refreshing” the page in browser?


ak47

Recommended Posts

Here I can upload videos successfully into database and videos are saving in appropriate folder named "uploaded". As I mentioned in question, once after uploading the video, if I refresh the browser the previously uploaded video is going saving in my database. Another question is, if I click on the video(displayed name in myvideo.php), video is not going to display instead I am getting "Object Not Found" error. I request you people to give me solutions to solve these problems. Below I am posting my code:

myvideo.php:

<div class="content">
<div class="card">
<div class="header" id="stand-fix" style="border-bottom: 1px solid #E1E1E1;">
<?php
if(isset($_POST['submit']))
{
// $conn = mysqli_connect("localhost", "root", "", "videos") or die(mysqli_error());
$name = (isset($_FILES['file']['name']) ? $_FILES['file']['name'] : '');
$temp = (isset($_FILES['file']['tmp_name']) ? $_FILES['file']['tmp_name'] : '');
move_uploaded_file($temp, "uploaded/".$name);
$url = "http://localhost/xampp/htdocs/VS/uploaded/$name";
mysqli_query($database, "INSERT INTO video VALUE ('','$name','$url')");
}
?>
<form action="myvideo.php" method="post" enctype="multipart/form-data">
<div class="row">
<div class="col-md-7">
<h4 class="title">My Videos</h4>
</div>
<div class="col-md-3">
<input type="file" name="file" class="btn btn-primary" style="font-size: 15px;"><br />
</div>
<div class="col-md-2">
<input type="submit" name="submit" class="btn btn-primary pull-right" style="font-size: 15px;" value="Upload">
</div>
</div>
</form>
<?php
if(isset($_POST['submit']))
{
echo '<script language="javascript">';
echo 'alert("Your video has been successfully uploaded.")';
echo "window.location.href='dashboard.php'";
echo '</script>';
}
?>
<hr width="50%">
</div>
<div class="content" style="height: 30em; direction: ltr; overflow: auto;">
<div class="row" style="margin-left:4em;" style="direction: rtl;">
<?php
$database = mysqli_connect("localhost", "root", "", "videos") or die(mysqli_error());
$query = mysqli_query($database, "SELECT * FROM video");
while($row=mysqli_fetch_assoc($query))
{
$id = $row['id'];
$name = $row['name'];
$url = $row['url'];
echo "<p style='margin:0.5em;'><a href='watch.php?id=$id' style='color:red;'>$id&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$name</a></p><br />";
echo "<embed src='.$id.$url.'><video width='200' height='200' controls></video></embed>";
}
?>
</div>
</div>
</div>
</div>

watch.php

<?php
$conn = mysqli_connect("localhost", "root", "", "videos") or die(mysqli_error());
if(isset($_GET['id']))
{
$id = $_GET['id'];
$query = mysqli_query($conn, "SELECT * FROM video WHERE id='$id'");
while($row=mysqli_fetch_assoc($query))
{
$name = $row['name'];
$url = $row['url'];
}
echo "<p style='font-size:20px;'><center>You are watching ".$name."</center></p><br /><embed src='.$url.'><video width='600' height='400' controls></video></embed>";
}
else
{
echo "Error!";
}
?>

Link to comment
Share on other sites

Upon refreshing, the video is still uploaded to database ? Not the folder, because i might be thinking that it displays you the page because in database there is a video saved with an url but on your host in the videos folder there is no video with the url from db, that's mostly why you have that error. 

  • Like 1
Link to comment
Share on other sites

There are several problems with that upload code.  The major one is that you are doing no error checking or validation on the file that was uploaded.  If someone uses that form to upload a .php file, you'll just copy it to your server where someone can then access the URL, and now you're running some random PHP code that someone uploaded.  That's probably the single easiest way to get your server hacked.  You need to validate the file to make sure that it's allowed, and you also need to check for errors that may have happened during the upload:

http://php.net/manual/en/features.file-upload.errors.php

You also need to use prepared statements when you're sending data to the database.  Don't put variables right into the query, use a prepared statement with placeholders that you can use to send the data separately to protect your database.  The mysqli extension supports prepared statements:

http://php.net/manual/en/mysqli.quickstart.prepared-statements.php

To avoid re-submitting the form when someone refreshes the browser, after you finish processing the form you should send a location header to redirect the user.  Then if they refresh they will only refresh the redirected URL instead of the form submission.  You can redirect them to a thank you page, some other page that shows a message from the form, back to the form, etc.  You should also move all of your form processing code to the top of your file, before any HTML output.  If you're just going to end up redirecting the user there's no reason to send any HTML at all.  The first thing the file should do is figure out if it needs to process or display the form, and go from there.

Another question is, I cannot see or watch the videos.

For some reason you used an embed tag, you only need to use a video tag.  Look up the video reference to see how to use that.  You also messed up with the quotes in that string, if you view the source code of that page in the browser you'll see the problem.

  • Like 1
Link to comment
Share on other sites

11 hours ago, justsomeguy said:

There are several problems with that upload code.  The major one is that you are doing no error checking or validation on the file that was uploaded.  If someone uses that form to upload a .php file, you'll just copy it to your server where someone can then access the URL, and now you're running some random PHP code that someone uploaded.  That's probably the single easiest way to get your server hacked.  You need to validate the file to make sure that it's allowed, and you also need to check for errors that may have happened during the upload:

http://php.net/manual/en/features.file-upload.errors.php

You also need to use prepared statements when you're sending data to the database.  Don't put variables right into the query, use a prepared statement with placeholders that you can use to send the data separately to protect your database.  The mysqli extension supports prepared statements:

http://php.net/manual/en/mysqli.quickstart.prepared-statements.php

To avoid re-submitting the form when someone refreshes the browser, after you finish processing the form you should send a location header to redirect the user.  Then if they refresh they will only refresh the redirected URL instead of the form submission.  You can redirect them to a thank you page, some other page that shows a message from the form, back to the form, etc.  You should also move all of your form processing code to the top of your file, before any HTML output.  If you're just going to end up redirecting the user there's no reason to send any HTML at all.  The first thing the file should do is figure out if it needs to process or display the form, and go from there.

 

 

For some reason you used an embed tag, you only need to use a video tag.  Look up the video reference to see how to use that.  You also messed up with the quotes in that string, if you view the source code of that page in the browser you'll see the problem.

Yes, you are right. I know how to use prepare statements but for initiation I used directly. Yes, as you told about "re-submission upon refresh of page" I did that and really it worked for me nicely. I am on the way to make my videos viewable. If I really face problems in future, surely I will contact you.

Thank you so much for your valuable investment on my bugs and for your answers and suggestions.

Link to comment
Share on other sites

17 hours ago, Gabrielphp said:

Upon refreshing, the video is still uploaded to database ? Not the folder, because i might be thinking that it displays you the page because in database there is a video saved with an url but on your host in the videos folder there is no video with the url from db, that's mostly why you have that error. 

Thank You @Gabrielphp, Now the videos are not saving upon refreshing the page. I gave URL like this: $url = "http://localhost/xampp/htdocs/VS/uploaded/$name";

and the ip address of my local host is 127.0.0.1. I know the url path is wrong, but I don't know how to make it right. Can you help me please?

Here $name is "video name"

Link to comment
Share on other sites

First of all you don't need to save the all URL in the database, you just need to save the path like if your view_video.php (example) is in the home directory, where index and other pages are and your video is in uploaded/$name, then you need to insert into the DB only uploaded/$name. If your php page is in other folder like a folder named "videos" and there is your page but then you have your video in the "uploaded" folder outside the videos folder then the path will be ../uploaded/$name and so on.

And to stop uploading the URL in the DB you need to check whether the video has done uploading or not (and that's a bit hard cuz you need some kind of a library to check the percentage of the video uploading status) or you can just create a simple function that is being called every time you access the page, so the logic will be something like this "if(DB_URL == HOST_URL) { then show video } else { REDIRECT 404 NOT FOUND AND DELETE URL FROM DB}" this will be the logic, so if in the DB the url will be uploaded/$name but in the folder there is no such video with that url then it will redirect the user to 404 not found.

I hope i helped you.

Edited by Gabrielphp
  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...