The.pdf file is not sent to the server

Asked

Viewed 108 times

-1

I’m making a system to register the file name and some other information in the database, and also upload the file to the server, but only the database is registered, but when uploading the file to the server is displayed an error:

Possível ataque de upload de arquivo! New record created successfullyAqui estão mais informações de debug:Array ( [arquivo] => Array ( [name] => .Introducao_JavaScript.pdf [type] => [tmp_name] => [error] => 2 [size] => 0 ) )

                $uploaddir = '.';
            $uploadfile = $uploaddir. basename($_FILES['arquivo']['name']);

            echo '<pre>';
            if (move_uploaded_file($_FILES['arquivo']['tmp_name'], $uploadfile)) {

                echo "Arquivo válido e enviado com sucesso.\n";
            }
            else {
                echo "Possível ataque de upload de arquivo!\n";
            }
            $sql = "INSERT INTO videoaulas (videoaula, categoria_id, categoria_id_e, categoria_id_a, idade, arquivo) VALUES ('$nome', '$nvl_surdez', '$escolaridade',                               '$aquisicao', '$fx_eta', '$uploadfile')";
                    mysqli_query($connection, $sql);
                    echo "New record created successfully";                 

            echo 'Aqui estão mais informações de debug:';
            print_r($_FILES);

            print "</pre>";
php mysql pdf file-upload

  • What’s wrong? It’s easier to help you with the message displayed

  • is displayed the error message, which I put on Else, the problem is this, I don’t know how to display the error @Denisrudneidesouza Possível ataque de upload de arquivo!&#xA;New record created successfullyAqui estão mais informações de debug:Array&#xA;(&#xA; [arquivo] => Array&#xA; (&#xA; [name] => .Introducao_JavaScript.pdf&#xA; [type] => &#xA; [tmp_name] => &#xA; [error] => 2&#xA; [size] => 0&#xA; )&#xA;&#xA;)

  • You can [Edit] your question to add more information

  • @Denisrudneidesouza , opa, sorry, just edit

1 answer

1


You probably specified the MAX_FILE_SIZE in the HTML form, and the PDF file exceeds this size, as stated in the documentation: https://www.php.net/manual/en/features.file-upload.errors.php

UPLOAD_ERR_FORM_SIZE

Value: 2; The uploaded file Exceeds the MAX_FILE_SIZE Directive that was specified in the HTML form.

The error => 2 is represented by the constant UPLOAD_ERR_FORM_SIZE, i.e., either you remove it from HTML (because this is neither the ideal nor safe means of preventing files too large) or you increase the size in:

<input type="hidden" name="MAX_FILE_SIZE" value="tamanho máximo aqui">

By the way your error treatment is not good, should treat the error before using move_uploaded_file and the INSERT should be inside the IF

Something like:

if ($_FILES['arquivo']['error'] != 0) {
    echo 'Ocorreu um erro durante o upload';
} elseif (move_uploaded_file($_FILES['arquivo']['tmp_name'], $uploadfile)) {

    echo "Arquivo válido e enviado com sucesso.\n";

    $sql = "INSERT INTO videoaulas (videoaula, categoria_id, categoria_id_e, categoria_id_a, idade, arquivo) VALUES ('$nome', '$nvl_surdez', '$escolaridade',                               '$aquisicao', '$fx_eta', '$uploadfile')";
    mysqli_query($connection, $sql);
    echo "New record created successfully";  
} else {
    echo "Houve uma falha ao mover o arquivo para completar o upload\n";
}

Follow the other possible mistakes coming from [error] =>:

Recalling 0 (zero) which is represented by UPLOAD_ERR_OK, indicates no error in upload and another detail function move_uploaded_file does not upload, the upload has already been done in the temporary folder of the operating system, this function just moves the file and checks if in fact the file is an upload (check up to a specific attack type)

  • UPLOAD_ERR_OK

    Value: 0; no error, upload was successful.

  • UPLOAD_ERR_INI_SIZE

    Value 1; The file sent exceeds the limit set in the directive upload_max_filesize of php.ini.

  • UPLOAD_ERR_FORM_SIZE

    Value: 2; The file exceeds the limit set in MAX_FILE_SIZE in the HTML form.

  • UPLOAD_ERR_PARTIAL

    Value: 3; The file has been partially uploaded.

  • UPLOAD_ERR_NO_FILE

    Value: 4; No file sent.

  • UPLOAD_ERR_NO_TMP_DIR

    Value: 6; Temporary folder missing. Introduced in PHP 5.0.3.

  • UPLOAD_ERR_CANT_WRITE

    Value: 7; Failed to write the file to disk. Introduced in PHP 5.1.0.

  • UPLOAD_ERR_EXTENSION

    Value: 8; A PHP extension stopped uploading the file. PHP does not provide a way to determine which extension caused the interruption. Examine the list of extensions loaded with the phpinfo() can help. Introduced in PHP 5.2.0.

  • thanks for answering, but my form is like this <input type="hidden" name="MAX_FILE_SIZE" value="200000" /> , and the file in question has 1.1MB

  • @Joséthomaz as I said in the reply, using this does not present any security, anyone on the client side can circumvent this, the best would be to block in the upload_max_filesize within php.ini or the Apache php_mod module (by htaccess), if you have the module installed in apache.

  • if I remove, the input value, would work?

  • @Joséthomaz probably yes, but I have no way to say, can return another "error", which is one of the numbers I mentioned above, so I posted them.

  • worked, many thanks friend, but now when I try to display the file in the browser itself, it displays a message saying that the file is corrupted, know tell me why it happens?

  • @Joséthomaz see the answer, I edited it, the error treatment and INSERT should be better the way I added.

Show 1 more comment

Browser other questions tagged php mysql pdf file-upload

You are not signed in. Login or sign up in order to post.