Upload video files via PHP and save them in appropriate folder and have a database entry

I want the user to be able to upload video files to my site and I want them arranged in proper folders plus a database entry so that later I can know the person who uploaded each particular file.

My HTML form is here:

<form method="post" enctype="multipart/form-data">
    <div><?php echo $message; ?></div>
    <?php echo $max_file_size_tag; ?>
    <input type="file" accept="video/*" ID="fileSelect" runat="server" size="20" name="filename" action="/vids/file-upload.php">
    <select name="course">
        <option value="select" selected>Select</option>
        <option value="java">Java</option>
        <option value="python">Python</option>
        <option value="vb">Visual Basic</option>
        <option value="c">C/C++</option>
        <option value="ruby">Ruby</option>
    </select>
    <input type="submit" value="Upload" name="submit">
</form>

And my PHP is here:

<?php

$folder  = isset($_POST["course"]);
$message = "1";

define('DESTINATION_FOLDER','/$folder);

define('MAX_FILE_SIZE', 0);

// Upload success URL. User will be redirected to this page after upload.
define('SUCCESS_URL','learn.learnbrix.com');

// Allowed file extensions. Will only allow these extensions if not empty.
// Example: $exts = array('avi','mov','doc');
$exts = array();

// rename file after upload? false - leave original, true - rename to some unique filename
define('RENAME_FILE', true);

$message = "renamed";
// put a string to append to the uploaded file name (after extension);
// this will reduce the risk of being hacked by uploading potentially unsafe files;
// sample strings: aaa, my, etc.
define('APPEND_STRING', '~');

$message = "string append";
// Need uploads log? Logs would be saved in the MySql database.
define('DO_LOG', false);

// MySql data (in case you want to save uploads log)
define('DB_HOST','  '); // host, usually localhost
define('DB_DATABASE','  '); // database name
define('DB_USERNAME','  '); // username
define('DB_PASSWORD','  '); // password

/* NOTE: when using log, you have to create MySQL table first for this script.
Copy-paste following into your MySQL admin tool (like PhpMyAdmin) to create a table
If you are on cPanel, then prefix _uploads_log on line 205 with your username, so it would be like myusername_uploads_log

CREATE TABLE _uploads_log (
  log_id int(11) unsigned NOT NULL auto_increment,
  log_filename varchar(128) default '',
  log_size int(10) default 0,
  log_ip varchar(24) default '',
  log_date timestamp,
  PRIMARY KEY  (log_id),
  KEY (log_filename)
);

*/

####################################################################
###  END OF SETTINGS.   DO NOT CHANGE BELOW
####################################################################

// Allow script to work long enough to upload big files (in seconds, 2 days by default)
@set_time_limit(172800);

// following may need to be uncommented in case of problems
// ini_set("session.gc_maxlifetime","10800");

function showUploadForm($message='') {
  $max_file_size_tag = '';
  if (MAX_FILE_SIZE > 0) {
    // convert to bytes
    $max_file_size_tag = "<input name='MAX_FILE_SIZE' value='".(MAX_FILE_SIZE*1024)."' type='hidden' >\n";
  }

  // Load form template
  include ('upload.html');
}

// errors list
$errors = array();

$message = '';

// we should not exceed php.ini max file size
$ini_maxsize = ini_get('upload_max_filesize');
if (!is_numeric($ini_maxsize)) {
  if (strpos($ini_maxsize, 'M') !== false)
    $ini_maxsize = intval($ini_maxsize)*1024*1024;
  elseif (strpos($ini_maxsize, 'K') !== false)
    $ini_maxsize = intval($ini_maxsize)*1024;
  elseif (strpos($ini_maxsize, 'G') !== false)
    $ini_maxsize = intval($ini_maxsize)*1024*1024*1024;
}
if ($ini_maxsize < MAX_FILE_SIZE*1024) {
  $errors[] = "Alert! Maximum upload file size in php.ini (upload_max_filesize) is less than script's MAX_FILE_SIZE";
}

// show upload form
if (!isset($_POST['submit'])) {
  showUploadForm(join('',$errors));
}

// process file upload
else {

  while(true) {

    // make sure destination folder exists
   if (!@file_exists(DESTINATION_FOLDER)) {
     $errors[] = "Destination folder does not exist or no permissions to see it.";
     break;
   }

   // check for upload errors
   $error_code = $_FILES['filename']['error'];
   if ($error_code != UPLOAD_ERR_OK) {
     switch($error_code) {
       case UPLOAD_ERR_INI_SIZE: 
        // uploaded file exceeds the upload_max_filesize directive in php.ini
        $errors[] = "File is too big (1).";
        break;
      case UPLOAD_ERR_FORM_SIZE: 
        // uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form
        $errors[] = "File is too big (2).";
         break;
       case UPLOAD_ERR_PARTIAL:
         // uploaded file was only partially uploaded.
         $errors[] = "Could not upload file (1).";
         break;
       case UPLOAD_ERR_NO_FILE:
         // No file was uploaded
         $errors[] = "Could not upload file (2).";
         break;
       case UPLOAD_ERR_NO_TMP_DIR:
         // Missing a temporary folder
         $errors[] = "Could not upload file (3).";
         break;
       case UPLOAD_ERR_CANT_WRITE:
      // Failed to write file to disk
      $errors[] = "Could not upload file (4).";
      break;
    case 8:
      // File upload stopped by extension
      $errors[] = "Could not upload file (5).";
      break;
  } // switch

  // leave the while loop
  break;
}

// get file name (not including path)
$filename = @basename($_FILES['filename']['name']);

// filename of temp uploaded file
$tmp_filename = $_FILES['filename']['tmp_name'];

$file_ext = @strtolower(@strrchr($filename,"."));
if (@strpos($file_ext,'.') === false) { // no dot? strange
  $errors[] = "Suspicious file name or could not determine file extension.";
  break;
}
$file_ext = @substr($file_ext, 1); // remove dot

// check file type if needed
if (count($exts)) {   /// some day maybe check also $_FILES['user_file']['type']
  if (!@in_array($file_ext, $exts)) {
    $errors[] = "Files of this type are not allowed for upload.";
    break;
  }
}

// destination filename, rename if set to
$dest_filename = $filename;
if (RENAME_FILE) {
  $dest_filename = md5(uniqid(rand(), true)) . '.' . $file_ext;
}
// append predefined string for safety
$dest_filename = $dest_filename . APPEND_STRING;

// get size
$filesize = intval($_FILES["filename"]["size"]); // filesize($tmp_filename);

// make sure file size is ok
if (MAX_FILE_SIZE > 0 && MAX_FILE_SIZE*1024 < $filesize) {
  $errors[] = "File is too big (3).";
  break;
}

if (!@move_uploaded_file($tmp_filename , DESTINATION_FOLDER . $dest_filename)) {
  $errors[] = "Could not upload file (6).";
  break;
}

if (DO_LOG) {
  // Establish DB connection
  $link = @mysql_connect(DB_HOST, DB_USERNAME, DB_PASSWORD);
  if (!$link) {
    $errors[] = "Could not connect to mysql.";
    break;
  }
  $res = @mysql_select_db(DB_DATABASE, $link);
  if (!$res) {
    $errors[] = "Could not select database.";
    break;
  }
  $m_ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
  $m_size = $filesize;
  $m_fname = mysql_real_escape_string($dest_filename);
  $sql = "insert into _uploads_log (log_filename,log_size,log_ip) values ('$m_fname','$m_size','$m_ip')";
  $res = @mysql_query($sql);
  if (!$res) {
    $errors[] = "Could not run query.";
    break;
  }
  @mysql_free_result($res);
  @mysql_close($link);
} // if (DO_LOG)


// redirect to upload success url
header('Location: ' . SUCCESS_URL);
die();

break;

 } // while(true)

 // Errors. Show upload form.
 $message = join('',$errors);
 showUploadForm($message);

}
?>

I have no knowledge of PHP, so I don't know what's going wrong. I'd also like to add the capability to accept names and their email addresses.


Solution 1:

"Could you suggest a simpler code main thing is uploading the file Data base entry is secondary"

^--- As per OP's request. ---^

Image and video uploading code (tested with PHP Version 5.4.17)

HTML form

<!DOCTYPE html>

<head>
<title></title>
</head>

<body>

<form action="upload_file.php" method="post" enctype="multipart/form-data">
<label for="file"><span>Filename:</span></label>
<input type="file" name="file" id="file" /> 
<br />
<input type="submit" name="submit" value="Submit" />
</form>

</body>
</html>

PHP handler (upload_file.php)

Change upload folder to preferred name. Presently saves to upload/

<?php

$allowedExts = array("jpg", "jpeg", "gif", "png", "mp3", "mp4", "wma");
$extension = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);

if ((($_FILES["file"]["type"] == "video/mp4")
|| ($_FILES["file"]["type"] == "audio/mp3")
|| ($_FILES["file"]["type"] == "audio/wma")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg"))

&& ($_FILES["file"]["size"] < 20000)
&& in_array($extension, $allowedExts))

  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    }
  else
    {
    echo "Upload: " . $_FILES["file"]["name"] . "<br />";
    echo "Type: " . $_FILES["file"]["type"] . "<br />";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
    echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

    if (file_exists("upload/" . $_FILES["file"]["name"]))
      {
      echo $_FILES["file"]["name"] . " already exists. ";
      }
    else
      {
      move_uploaded_file($_FILES["file"]["tmp_name"],
      "upload/" . $_FILES["file"]["name"]);
      echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
      }
    }
  }
else
  {
  echo "Invalid file";
  }
?>

Solution 2:

HTML Code

<html>
<body>

<head>
<title></title>
</head>

<body>

<form action="upload.php" method="post" enctype="multipart/form-data">
    <label for="file"><span>Filename:</span></label>
    <input type="file" name="file" id="file" /> 
    <br />
<input type="submit" name="submit" value="Submit" />
</form>



<?php

    //============================= DATABASE CONNECTIVITY d ====================
    $servername = "localhost";
    $username = "root";
    $password = "";
    $dbname = "test";

    // Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);
    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    } 
    else

    //============================= DATABASE CONNECTIVITY u ====================
    //============================= Retrieve data from DB d ====================
    $sql = "SELECT name, size, type FROM videos";
    $result = $conn->query($sql);

    if ($result->num_rows > 0) {
    // output data of each row
    while($row = $result->fetch_assoc()) 
        {
        $path = "uploaded/" . $row["name"];

            echo $path . "<br>";

        }
    } else {
        echo "0 results";
    }
    $conn->close();
    //============================= Retrieve data from DB d ====================

?>


</body>
</html>

Solution 3:

PHP file (name is upload.php)    

<?php
    // =============  File Upload Code d  ===========================================
    $target_dir = "uploaded/";

    $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
    $uploadOk = 1;
    $imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);

    // Check if file already exists
    if (file_exists($target_file)) {
        echo "Sorry, file already exists.";
        $uploadOk = 0;
    }

     // Check file size -- Kept for 500Mb
    if ($_FILES["fileToUpload"]["size"] > 500000000) {
        echo "Sorry, your file is too large.";
        $uploadOk = 0;
    }

    // Allow certain file formats
    if($imageFileType != "wmv" && $imageFileType != "mp4" && $imageFileType != "avi" && $imageFileType != "MP4") {
        echo "Sorry, only wmv, mp4 & avi files are allowed.";
        $uploadOk = 0;
    }

    // Check if $uploadOk is set to 0 by an error
    if ($uploadOk == 0) {
        echo "Sorry, your file was not uploaded.";
    // if everything is ok, try to upload file
    } else {
        if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
            echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
        } else {
            echo "Sorry, there was an error uploading your file.";
        }
    }
    // ===============================================  File Upload Code u  ==========================================================


    // =============  Connectivity for DATABASE d ===================================
    $servername = "localhost";
    $username = "root";
    $password = "";
    $dbname = "test";

    // Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);
    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    } 
    else

    $vidname = $_FILES["fileToUpload"]["name"] . "";
    $vidsize = $_FILES["fileToUpload"]["size"] . "";
    $vidtype = $_FILES["fileToUpload"]["type"] . "";

    $sql = "INSERT INTO videos (name, size, type) VALUES ('$vidname','$vidsize','$vidtype')";

    if ($conn->query($sql) === TRUE) {} 
    else {
        echo "Error: " . $sql . "<br>" . $conn->error;
        }

    $conn->close();
    // =============  Connectivity for DATABASE u ===================================

    ?>