Apache/Server/Database problem!

Risingstar

Alright, so me and my friend are working on a website and he's hosting the server from his own server in his basement. We've been having nothing but trouble with an upload script I made to upload a video to the server.

right now, when I run the script, it writes to the database perfectly, but it doesn't seem to upload the file. I know that the upload folder is there, and everything is named correctly, so I'm pretty much stuck on what this could possibly be. I think that maybe it has something to do with the server?

Here is the code if you need it. I've left the username and password as they are. There's no password on purpose.

<?php
$fTitle = mysql_escape_string($_POST['fTitle']);
$fDesc = mysql_escape_string($_POST['fDesc']);
$fName = mysql_escape_string($_POST['fName']);
$gName = mysql_escape_string($_POST['gName']);
$con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
// Create table in database
mysql_select_db("stuff", $con);
$sql = 'CREATE TABLE IF NOT EXISTS videos (
		fTitle varchar(30),
		fDesc text,
		fName text,
		gName text
	)';
mysql_query($sql,$con);
echo mysql_error();
echo "Database Table Created...<br>";
//Inserting Data
mysql_query("INSERT INTO videos (fTitle, fDesc, fName, gName)
VALUES ('$fTitle', '$fDesc', '$fName', '$gName')");
echo "Data Inserted...<br><br>";
//Displaying Data
$result = mysql_query("SELECT * FROM videos");
echo mysql_error();
echo "<table border='1'>
<tr>
<th>Video Title</th>
<th>Video Description</th>
<th>File Name</th>
<th>Porn Star's Name</th>
</tr>";
while($row = mysql_fetch_array($result))
  {
  echo "<tr>";
  echo "<td>" . $row['fTitle'] . "</td>";
  echo "<td>" . $row['fDesc'] . "</td>";
  echo "<td>" . $row['fName'] . "</td>";
  echo "<td>" . $row['gName'] . "</td>";
  echo "</tr>";
  }
echo "</table>";
echo "<br><br><br>";

$file_name = $HTTP_POST_FILES['ufile']['name'];

$path= "uploads/" . $fName;
if($ufile !=none)
{
if(copy($HTTP_POST_FILES['ufile']['tmp_name'], $path))
{
echo "Successful!<BR/>";

echo "File Name:" . $fName . "<BR/>";
echo "File Size: ".$HTTP_POST_FILES['ufile']['size']." bytes <BR/>";
echo "File Type:".$HTTP_POST_FILES['ufile']['type']."<BR/>";
}
else
{
echo "Error";
}
}
mysql_close($con);
?>

Any help would be extremely appreciated. Thanks!

bpat1434

The issue isn't the module, but rather the login.

The issue comes about probably (I'm not 100% certain) because [man]mysql_escape_string/man is called prior to [man]mysql_connect/man. I believe if mysql_escape_string is called before a connection is made, it automatically attempts one using whatever is in php.ini (if blank, whatever user Apache is running as). So you have 2 options:

1.) The proper way: Move the mysql_escape_string calls below the mysql_connect() call.

2.) Alterntive way: Edit php.ini and edit the [mysql] section so that it has a "default" username and password to use if none is supplied.

Personally, I'd use the first method. And on another note, you should use [man]mysql_real_escape_string[/man] instead of [man]mysql_escape_string[/man] mainly because it's deprecated.... 😉

Risingstar

bpat1434 wrote:
The issue isn't the module, but rather the login.

The issue comes about probably (I'm not 100% certain) because [man]mysql_escape_string/man is called prior to [man]mysql_connect/man. I believe if mysql_escape_string is called before a connection is made, it automatically attempts one using whatever is in php.ini (if blank, whatever user Apache is running as). So you have 2 options:

1.) The proper way: Move the mysql_escape_string calls below the mysql_connect() call.

2.) Alterntive way: Edit php.ini and edit the [mysql] section so that it has a "default" username and password to use if none is supplied.

Personally, I'd use the first method. And on another note, you should use [man]mysql_real_escape_string[/man] instead of [man]mysql_escape_string[/man] mainly because it's deprecated.... 😉

We literally JUST fixed that problem. I edited the post. I'll change what you said anyways and see if it helps with the new problem.

bpat1434

Oh, it doesn't upload the fie.... yeah... are you using php3? $HTTP*VARS has been deprecated a long time. You should be using $POST, $FILES, $GET, $SESSION, $_COOKIE instead. So you'd want to reference your uploaded file like:

$filename = $_FILES['ufile']['name'];
$tmp = $_FILES['ufile']['tmp_name'];

When you want to move the file, use [man]move_uploaded_file/man 😉

Also you've got an undefined constant "none" where you ask if ($ufile != none)... also $ufile sends me the flag that you've got register globals enabled. This isn't a good idea as variables can be easily overwritten that way.

Also, you should use [man]is_uploaded_file/man to check to see if the file is uploaded or not.

Here's your script, as I would use it:

<?php
$con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

$fTitle = mysql_escape_string($_POST['fTitle']);
$fDesc = mysql_escape_string($_POST['fDesc']);
$fName = mysql_escape_string($_POST['fName']);
$gName = mysql_escape_string($_POST['gName']);

// Create table in database
mysql_select_db("stuff", $con);
$sql = 'CREATE TABLE IF NOT EXISTS videos (
        fTitle varchar(30),
        fDesc text,
        fName text,
        gName text
    )';
$result = mysql_query($sql);

if(!$result)
  die( mysql_error() ); // No reason to move on if we've got no table

echo "Database Table Created...<br>";

//Inserting Data
mysql_query("INSERT INTO videos (fTitle, fDesc, fName, gName)
VALUES ('$fTitle', '$fDesc', '$fName', '$gName')");
echo "Data Inserted...<br><br>";

//Displaying Data
$result = mysql_query("SELECT * FROM videos");
if(!$result)
  echo mysql_error();

echo "<table border='1'>
<tr>
<th>Video Title</th>
<th>Video Description</th>
<th>File Name</th>
<th>Star's Name</th>
</tr>";
while($row = mysql_fetch_array($result))
  {
  echo "<tr>";
  echo "<td>" . $row['fTitle'] . "</td>";
  echo "<td>" . $row['fDesc'] . "</td>";
  echo "<td>" . $row['fName'] . "</td>";
  echo "<td>" . $row['gName'] . "</td>";
  echo "</tr>";
  }
echo "</table>";
echo "<br><br><br>";

$file_name = $_FILES['ufile']['name'];

$path= "uploads/" . $fName;
if(is_uploaded_file($_FILES['ufile']['tmp_name']))
  {
  if(move_uploaded_file($_FILES['ufile']['tmp_name'], $path))
    {
    echo "Successful!<BR/>";

echo "File Name:" . $fName . "<BR/>";
echo "File Size: ".$_FILES['ufile']['size']." bytes <BR/>";
echo "File Type:".$_FILES['ufile']['type']."<BR/>";
}
  else
    {
    echo "Error";
    }
  }
mysql_close();

And one final item, make sure that you define the enctype of the form used for the upload as multipart/form-data; also, make sure that (1) the max_upload_size is large enough for the videos, and (2) the max_memory_size is large enough and (3) the post_size is large enough. If any 1 of those isn't, you can run into issues with uploads in PHP.

Risingstar

bpat1434 wrote:
Oh, it doesn't upload the fie.... yeah... are you using php3? $HTTP*VARS has been deprecated a long time. You should be using $POST, $FILES, $GET, $SESSION, $_COOKIE instead. So you'd want to reference your uploaded file like:
$filename = $_FILES['ufile']['name'];
$tmp = $_FILES['ufile']['tmp_name'];
When you want to move the file, use [man]move_uploaded_file/man 😉

Also you've got an undefined constant "none" where you ask if ($ufile != none)... also $ufile sends me the flag that you've got register globals enabled. This isn't a good idea as variables can be easily overwritten that way.

Also, you should use [man]is_uploaded_file/man to check to see if the file is uploaded or not.

Here's your script, as I would use it:
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
 {
 die('Could not connect: ' . mysql_error());
 }

$fTitle = mysql_escape_string($_POST['fTitle']);
$fDesc = mysql_escape_string($_POST['fDesc']);
$fName = mysql_escape_string($_POST['fName']);
$gName = mysql_escape_string($_POST['gName']);

// Create table in database
mysql_select_db("stuff", $con);
$sql = 'CREATE TABLE IF NOT EXISTS videos (
 fTitle varchar(30),
 fDesc text,
 fName text,
 gName text
 )';
$result = mysql_query($sql);

if(!$result)
 die( mysql_error() ); // No reason to move on if we've got no table

echo "Database Table Created... ";

//Inserting Data
mysql_query("INSERT INTO videos (fTitle, fDesc, fName, gName)
VALUES ('$fTitle', '$fDesc', '$fName', '$gName')");
echo "Data Inserted... ";

//Displaying Data
$result = mysql_query("SELECT * FROM videos");
if(!$result)
 echo mysql_error();

echo "<table border='1'>
<tr>
<th>Video Title</th>
<th>Video Description</th>
<th>File Name</th>
<th>Star's Name</th>
</tr>";
while($row = mysql_fetch_array($result))
 {
 echo "<tr>";
 echo "<td>" . $row['fTitle'] . "</td>";
 echo "<td>" . $row['fDesc'] . "</td>";
 echo "<td>" . $row['fName'] . "</td>";
 echo "<td>" . $row['gName'] . "</td>";
 echo "</tr>";
 }
echo "</table>";
echo " ";

$file_name = $_FILES['ufile']['name'];

$path= "uploads/" . $fName;
if(is_uploaded_file($_FILES['ufile']['tmp_name']))
 {
 if(move_uploaded_file($_FILES['ufile']['tmp_name'], $path))
 {
 echo "Successful! ";

echo "File Name:" . $fName . " ";
echo "File Size: ".$_FILES['ufile']['size']." bytes ";
echo "File Type:".$_FILES['ufile']['type']." ";
}
 else
 {
 echo "Error";
 }
 }
mysql_close();
And one final item, make sure that you define the enctype of the form used for the upload as multipart/form-data; also, make sure that (1) the max_upload_size is large enough for the videos, and (2) the max_memory_size is large enough and (3) the post_size is large enough. If any 1 of those isn't, you can run into issues with uploads in PHP.

Thanks so much!
I tested the script out on my server (from a professional host) and I guess they're using an outdated version of PHP.

Thank you so much!