[PHP/MySQL] File upload - Store info in MySQL

Hey all, having an issue with this form processor.

The user fills out form and then submits the info what is suppose to happen is it valadates the info, uploads the image to a folder on the server, then stores the URL of the image in a database that is already created.

Below is the form, processor, and database table that i have setup.

The issue that i am getting at the moment ( and i am sure there will be more) is when the form is submitted with good information (steamid is in the database, pin matches what is in database for that steamid, and image is a 51KB .jpg ) I keep getting my error "Please select an image that is 100KB or less in size and its type is .jpg, .gif, or .png BACK3" {noted in code} i numbered the error messages so that i can see were it is erroring at. and it seems to be the file type valadation. I have also double and triple checked the DB connection info as well. *has been removed for safety*

The Form avatar_upload.php:

<form action="avatar_process.php" method="post" enctype="multipart/form-data" name="avatar_up">
  <p>SteamID:
    <input name="steamid" type="text" size="20" maxlength="20" />
    <span class="hints">(ex: STEAM_0:0:00000000)</span></p>
  <p>Pin Code:
    <input name="pin" type="text" size="12" maxlength="12" />
      <a href="#">Need a pin?</a></p>
  <p>Avatar Image:
    <input name="avatar" type="file" size="15" />
    <br />
    <span class="hints">Allowed types are .jpg, .gif, or .png only / Max file size is 100KB</span></p>
  <p>
    <input name="submit" type="submit" value="Upload" />
  </p>
</form>

The Processor avatar_process.php:

<?php

// Receiving variables
@$steamid = addslashes($_POST['steamid']);
@$pin = addslashes($_POST['pin']);
@$avatar_Name = $_FILES['avatar']['name'];
@$avatar_Size = $_FILES['avatar']['size'];
@$avatar_Temp = $_FILES['avatar']['tmp_name'];
@$avatar_Mime_Type = $_FILES['avatar']['type'];

//Checking/Making Folder
function RecursiveMkdir($path)
{
   if (!file_exists($path)) 
   { 
      RecursiveMkdir(dirname($path));
      mkdir($path, 0777);
    }
  }


// Validation
if (strlen($steamid) <15)
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>");
}
if (strlen($steamid) >20)
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>");
}

if (strlen($steamid) == 0 )
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid steamid <br>(ex: STEAM_0:0:00000)</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>");
}

if (strlen($pin) !=12)
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid pin<br>Dont have a pin? click <a href='#'>here</a></font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>");
}

if (strlen($pin) == 0 )
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please enter a valid pin<br>Dont have a pin? click <a href='#'>here</a></font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>");
}

if( $avatar_Size == 0)
{
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please select an image that is 100KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK1</a></p>");
}
if( $avatar_Size >1000000)
{

//delete file 
unlink($avatar_Temp);
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please select an image that is 100KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK2</a></p>");
}

//###############################
//#####   This is the Error i am reciveing  ###
//###############################
if( $avatar_Mime_Type != "image/gif" AND $avatar_Mime_Type != "image/jpeg" AND $avatar_Mime_Type != "image/png" )
{
unlink($avatar_Temp);
die("<p align='center'><font face='Arial' size='3' color='#FF0000'>Please select an image that is 100KB or less in size and its type is .jpg, .gif, or .png</font></p><p align='center'><a href='avatar_upload.php'>BACK3</a></p>");
//###############################
//########      End Error Mark      ###
//###############################
}
$uploadFile = "avatars/".$avatar_Name ;
if (!is_dir(dirname($uploadFile)))
  {
    @RecursiveMkdir(dirname($uploadFile)); 
  }
else
  {
  @chmod(dirname($uploadFile), 0777);
  }
@move_uploaded_file( $avatar_Temp , $uploadFile); 
chmod($uploadFile, 0644);
$avatar_URL = "http://mysite.com/uploads/avatars/".$avatar_Name ;

//saving record to MySQL database
@$ava_strQuery = "INSERT INTO `clan_members`(`avatar`)VALUES ('$avatar_Name') WHERE authid='$steamid' AND private_pin='$pin' ON DUPLICATE KEY UPDATE avatar='$avatar_Name'" ;
@$ava_host = "**********";
@$ava_user = "**********";
@$ava_pw = "**********";
@$ava_db = "**********";
$ava_link = mysql_connect($ava_host, $ava_user, $ava_pw);
if (!$ava_link) {
die('Could not connect: ' . mysql_error());
}
$ava_db_selected = mysql_select_db($ava_db, $ava_link);
if (!$ava_db_selected) {
die ('Can not use $ava_db : ' . mysql_error());
}

//insert new record
$ava_result = mysql_query($ava_strQuery);
if (!$ava_result) {
die('Invalid query: ' . mysql_error());
}
mysql_close($ava_link);

echo("<p align='center'><font face='Arial' size='3' color='#FF0000'>Image uploaded OK!</font></p><p align='center'><a href='avatar_upload.php'>BACK</a></p>");
?>

The Database:

authid = varchar 36 Primary key
rank = varchar 33 
name = varchar 33 
email = varchar 255 
fid = varchar 255 
avatar = varchar 255 
private_pin = varchar 255 

Any ideas as to why its not valadating the image type correctly?

this could be the issue

if( $avatar_Mime_Type != "image/gif" AND $avatar_Mime_Type != "image/jpeg" AND $avatar_Mime_Type != "image/png" )

it is not supposed to be and over there it should be or condition, an image cannot be of all the three types..

this could be the issue

 

if( $avatar_Mime_Type != "image/gif" AND $avatar_Mime_Type != "image/jpeg" AND $avatar_Mime_Type != "image/png" )

it is not supposed to be and over there it should be or condition, an image cannot be of all the three types..

OK, i changed the code to :

if( $avatar_Mime_Type != "image/gif" OR $avatar_Mime_Type != "image/jpeg" OR $avatar_Mime_Type != "image/png" )

and still same error is present.....

You can test it here ... http://bringitonclan.org/clan_new/avatar_upload.php

use the steamid STEAM:0:0:1234567890

and the Pin : 123456789100

Change your  @$avatar_Mime_Type to some thing like this

@$avatar_Mime_Type=strtolower(substr($_FILES['txt_file']['name'],strrpos($_FILES['txt_file']['name'],'.')+1));

now change the condition like this

if( $avatar_Mime_Type != "gif" OR $avatar_Mime_Type != "jpeg" OR $avatar_Mime_Type != "png" )

for your reference i am uploading one script i have done some time back..

u need to have an sql like this

insert into `filetype` (`type_name`) values('doc');
insert into `filetype` (`type_name`) values('gif');
insert into `filetype` (`type_name`) values('jpg');
insert into `filetype` (`type_name`) values('pdf');
insert into `filetype` (`type_name`) values('png');

[attachment deleted by admin]

after looking at your code and mine i finally figured out why mine wasnt working, i forgot there are more than jsut jpg, png types ... there are x-png and pjpg as well and i didnt have those included as allowed so now my code looks like this ...

if( $avatar_Mime_Type != "image/gif" AND $avatar_Mime_Type != "image/jpeg" AND $avatar_Mime_Type != "image/pjpeg" AND $avatar_Mime_Type != "image/png" AND $avatar_Mime_Type != "image/x-png")

but now i am getting a sql error.... guess i have to move this post to the MySQL area ugh!

for reference and just incase you can help here is the error i am getting, i was sure that they sql query was right ....

@$ava_strQuery = "INSERT INTO `clan_members`(`avatar`)VALUES ('$avatar_Name') WHERE authid='$steamid' AND private_pin='$pin' ON DUPLICATE KEY UPDATE avatar='$avatar_Name'" ;

the error i am getting is ..

Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE authid='STEAM:0:0:1234567890' AND private_pin='123456789100' ON DUPLICATE ' at line 1

ur auth id is a primary key so try entering a different number and try that..

i think that was the problem..

what do you mean enter a differnt number? you mean try using a diff authid? yea i tried that with the test and several others ... still didnt work...

echo $ava_strQuery and try running it manually in the mysql.

the on duplicate has been introduced in Mysql 4.1 hope you are using the updated version only..

refer to this documentation for referral.

http://www.mysqlperformanceblog.com/2006/05/29/insert-on-duplicate-key-update-and-summary-counters/

ok the echo is

INSERT INTO `clan_members`(`avatar`)VALUES ('Biohazard.jpg') WHERE authid='STEAM:0:0:1234567890' AND private_pin='123456789100' ON DUPLICATE KEY UPDATE avatar='Biohazard.jpg'

and the same error is in mysql console

what is the version of mysql u are using?

i'm using php version 4.4.9

i have re written this sql statement over and over again and i cant find the error in it anywhere.... anyone got any brilliant ideas?

not the php tell me wt is the version of mysql?

i'm using php version 4.4.9

might help if i read correctly ... LOL

mysql ver is 5.1.44

ok i fixed it, just chaged it to a simple update query instead of an insert.