File Upload W3S Code not working

[mickeymouse]

I want to do an image file upload.  I copied the code from W3S but get errors:

1-  Notice: Undefined index: fileToUpload in C:\xampp\htdocs\Family Tree\FT_UploadFile.php on line 35

2-  Notice: Undefined index: fileToUpload in C:\xampp\htdocs\Family Tree\FT_UploadFile.php on line 55

                  (Strangely, I don't get the same error on lines 40, 55, 70 and 71 even if there is reference to "fileToUpload")

3-  Sorry, only JPG, JPEG, PNG & GIF files are allowed.Sorry, your file was not uploaded.

The file I'm trying to upload is definitely a "jpg" file as shown when I print the file name that was POSTed for uploading, i.e.,  C:\Users\Michael\Documents\PHOTOS\EASTER.jpg .  Perhaps this is only due to the previous problem.

 

The code in question is:

$target_dir = "C:/xampp/htdocs/acconts/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);   <---------- line 35
$uploadOk = 1;
$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
    $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);    <---------- line 40
    if($check !== false) {
        echo "File is an image - " . $check["mime"] . ".";
        $uploadOk = 1;
    } else {
        echo "File is not an image.";
        $uploadOk = 0;
    }
}
// Check if file already exists
if (file_exists($target_file)) {
    echo "Sorry, file \"$target_file\" already exists.";
    $uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 500000) {  <---------- line 55
    echo "Sorry, your file is too large.";
    $uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "JPG" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "JPEG" 
&& $imageFileType != "gif" ) {
    echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
    $uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
    echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {     <---------- line 70
        echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";  <---------- line 71
    } else {
        echo "Sorry, there was an error uploading your file.";
    }
}

Thank you.

[dsonesuk]

Usually means it references a index value that does not exist when submission takes place. IE attribute name value for input type file, it must match exactly uppercase and lowercase characters.

[mickeymouse]

My code in request to upload is  <input type='file' name='filenm' size='80'>

My code in the upload program is  $filenm=$_POST['filenm'];

and this does give me the correct path & file name in my upload program.

However I have no idea what is this  "fileToUpload"  in the W3S statement   $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);

and this  "fileToUpload"  is what is giving the error.

If I replace  "fileToUpload"  with  "$filenm" , i.e., $target_file = $target_dir . basename($_FILES["$filenm"]["name"]);  I get error:

Notice: Undefined index: C:\Users\Michael\Downloads\Pinocchio.jpg in C:\xampp\htdocs\Family Tree\FT_UploadFile.php on line 35

 

[dsonesuk]

When you deal with INPUT file type you use '$_FILES["xxxx"]' "xxxx" refers to name attribute value (which should be 'filenm' and nothing more) and must match that! Exactly!

ALL index references for inputs on submission, refer to name attribute values which MUST exist.

 $_FILES["xxxxx"]["name"]

Refers to name attribute value and the original name '["name"]' of the file that is going to be uploaded

$_FILES["xxxxx"]["tmp_name"],

Refers to name attribute value and a temporary name '["tmp_name"]' that will be a temporary copy of original file stored on server while its processed.

Edited December 31, 2018 by dsonesuk

[mickeymouse]

So what you are telling me is that  'fileToUpload'  should be  'filenm'  (which is the name attribute I used in the request to upload).

I have tried that.  I've tried it pure, I've tried it with single quotes, I've tried it with double quotes and I always get the same error message.

[justsomeguy]

If you're getting an error on line 35 but not line 40, then $_POST['submit'] is not set, which sounds like the form wasn't submitted.  That PHP code should not access the file at all before making sure it's there.  The first thing it should do is check if the form was submitted.  The next thing it should do is check for file upload errors.  It should only try to handle the uploaded file if the form was submitted and there are no upload errors.

The code on this page is not good code:

https://www.w3schools.com/php/php_file_upload.asp

It does no error checking on the uploaded file, and it assumes you're hiding PHP error messages.

http://php.net/manual/en/features.file-upload.post-method.php

http://php.net/manual/en/features.file-upload.errors.php

[mickeymouse]

The POST is done upon Submit because, in the called program, I print "filenm" and the path & name are there and correct.

However, In the upload program, my first statement is    '$target_dir = "C:/uploads/"; '   but the file doesn't get uploaded in this, I presume, temporary directory.

Enough for tonight.  Happy New Year  and  talk to you next year.

Thanks

[dsonesuk]

I don't understand why you don't use the exactly script code from tutorial, get it to work from that and then adjust from there to your needs.

You also do not need to check for uppercase image file extensions because all extension are converted to lowercase beforehand.

Edited December 31, 2018 by dsonesuk

[justsomeguy]

The script in the tutorial has errors in it, line 35 is a legitimate error if the form has not been submitted or there was an error with the upload.

The code should be formatted like follows.  First, put a URL parameter in the action for the form:

<form action="upload.php?submit=true" method="post" enctype="multipart/form-data"...>

That's important.  Then, your code should be formatted like this:

if (isset($_GET['submit'])) {
    if (!empty($_FILES)) {
        if ($_FILES['filenm']['error'] == UPLOAD_ERR_OK) {
            // the form was submitted and there was no upload error, process the uploaded file here
        }
        else {
            // determine what the upload error was and show an error message, reject the form
        }
    }
    else {
        // the file was too large, show an error
    }
}

Only that one check should use $_GET, your other form data will be in $_POST and the file will be in $_FILES.

Any code that uses $_FILES or $_POST at all needs to go inside that if statement about the error checking.  If you put any code that uses $_FILES or $_POST, even something like line 35 where you're just setting a filename to be used later, it's going to be an error if there was a problem with the form.  That code goes inside after the error checking.