1

Good day everyone, I want to prevent uploading a file if the name and file extension match one of the saved records. My code below works but how can I avoid duplicate entries?

"My sample array"
Array
(
    [upload-file] => Array
        (
            [name] => Penguins.jpg
            [type] => image/jpeg
            [tmp_name] => C:\xampp\tmp\phpC87.tmp
            [error] => 0
            [size] => 777835
        )

)

case 'upload-file':

    $arr = [ 
        ":userid" => $_SESSION['loggedIn_PH'][0]['user_id'],
        ":filename" => $_FILES['upload-file']['name'],
        ":filelink" => $_FILES['upload-file']['tmp_name']
        ];

        $allowed =  array('xls','xlsx');
        $filename = $_FILES['upload-file']['name'];
        $ext = pathinfo($filename, PATHINFO_EXTENSION);

        if(!in_array($ext,$allowed) ) {
            $response_code = -1;
        }else{
            $response_code = 1;
            $folder = time();
            mkdir("path/".$folder);
            $file = "path".DIRECTORY_SEPARATOR.$folder.DIRECTORY_SEPARATOR.$_FILES['upload-file']['name'];
                    move_uploaded_file($_FILES['upload-file']['tmp_name'], $file);

        $query = "INSERT INTO file_rec_tbl ( `file_name`, `file_datetime`,`file_link`, `user_id` )
                    VALUES (:filename, '".date('Y-m-d H:i:s')."',:filelink,:userid)";

        $stmt = $con -> prepare( $query );
        $stmt -> execute( $arr );

    }

    exit(json_encode(array('r_code' => $response_code)));
    break;
Improve this question
3
  • Open the folder where you want to save your files and ask if exists a file with that name, if its true then dont save it Commented Sep 28, 2016 at 2:17
  • Will you show a sample code? Im newbie.. Commented Sep 28, 2016 at 2:19
  • 1
    Your script is quite insecure. I suggest you take a look at my answer to this question: stackoverflow.com/questions/38509334/… It generates unique file names for uploaded files, but more importantly, it teaches you how to write a secure upload script. Commented Sep 28, 2016 at 2:26

3 Answers 3

Reset to default
1 
<?php
$file='file-to-check.ext';
if (file_exists($file)) {
    echo "exists";
} else {
    echo "not exist";
}
?>

works for me - obviously the $file could also include a path - this script checks only the current folder

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

but i agree with @icecub there is more work needed on your script
Thank you for the response.
0

simple code could like this:

$file_name = 'path/to/file_name.ext';
if (file_exist($file_name)) {
    return true;
} else {
    move_uploaded_file($_FILES['upload-file']['tmp_name'], $file_name);
    insert into database;
    return true;
}

besides, you should not compare two files noly with file name.

Improve this answer

1 Comment

Thank you for the response.
0 
<?php
case 'upload-file':

$arr = [ 
    ":userid" => $_SESSION['loggedIn_PH'][0]['user_id'],
    ":filename" => $_FILES['upload-file']['name'],
    ":filelink" => $_FILES['upload-file']['tmp_name']
    ];

    $allowed =  array('xls','xlsx');
    $filename = $_FILES['upload-file']['name'];
    $ext = pathinfo($filename, PATHINFO_EXTENSION);

    if(!in_array($ext,$allowed) ) {
        $response_code = -1;
    }else{
        $response_code = -1;
        $folder = time();
        mkdir("path/".$folder);
        $file = "path".DIRECTORY_SEPARATOR.$folder.DIRECTORY_SEPARATOR.$_FILES['upload-file']['name'];
if(!file_exists($file)){
    $response_code = 1;
                move_uploaded_file($_FILES['upload-file']['tmp_name'], $file);

    $query = "INSERT INTO file_rec_tbl ( `file_name`, `file_datetime`,`file_link`, `user_id` )
                VALUES (:filename, '".date('Y-m-d H:i:s')."',:filelink,:userid)";

    $stmt = $con -> prepare( $query );
    $stmt -> execute( $arr );
}

}

exit(json_encode(array('r_code' => $response_code)));

?>
Improve this answer

1 Comment

Thank you for the response.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.