I am trying to remove spaces in the names of file uploads, but the below code does nothing.

<?php
session_start();

mysql_connect('localhost','root','') or die(mysql_error());
mysql_select_db('db');

if(!isset($_SESSION['username']) && !isset($_SESSION['auth'])){
    header('Location: /');
}
$username = $_SESSION['username'];
echo $username;

$dirs = mysql_query("SELECT * FROM `users` WHERE `usr_name` = '" . $username . "'") or die(mysql_error());
$r = mysql_fetch_assoc($dirs);
$dir = $r['usr_directory'];

if(isset($_FILES['upload'])){
    $file_name = $_FILES['upload']['name'];
    $file = preg_replace('/\s+/', '_', $file_name);
    $_FILES['n'] = $file;
    $current_time = date('n/j/Y ');

    mysql_query("INSERT INTO `uploaded_files` (`username`,`file_name`,`time_updated`) VALUES('" . $username . "','" . $file . "','" .  $current_time . "')") or die(mysql_error());
    move_uploaded_file($_FILES['n']['tmp_name'], "usr_files/$dir/{$_FILES['upload']['name']}");
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Home - LAN File Upload</title>
</head>

<body>
<h1>Upload a file</h1>
<form action="" method="post" enctype="multipart/form-data">
<input type="file" name="upload" id="file"><br />
<input type="submit" name="submit" value="Upload">
</form>
<b>Note: the larger the file, the longer it takes to upload.</b>
<h1>Account Settings</h1>
<b><a href="/file_browser.php">Your Files</a></b>
<b><a href="settings.php">Account Settings</a></b>
<b><a href="/?action=logout">Logout</a></b>
</body>
</html>

I don't know what is wrong with the code. It is supposed to remove the spaces in the names but does not upload the file to the server.

Member Avatar for diafol

Why are you using $_FILES['n'] and $_FILES['upload']?

Where's the 'n' coming from?

<input type="file" name="upload" id="file">

$_FILES['upload'] is the only show in town.

I changed the code a little:

<?php

$dirs = mysql_query("SELECT * FROM `users` WHERE `usr_name` = '" . $username . "'") or die(mysql_error());
$r = mysql_fetch_assoc($dirs);
$dir = $r['usr_directory'];

if(isset($_FILES['upload'])){
    $file_name = $_FILES['upload']['name'];
    $file = preg_replace('/\s+/', '_', $file_name);
    $_FILES = $file;
    $current_time = date('n/j/Y ');

    mysql_query("INSERT INTO `uploaded_files` (`username`,`file_name`,`time_updated`) VALUES('" . $username . "','" . $file . "','" .  $current_time . "')") or die(mysql_error());
    move_uploaded_file($_FILES['upload']['tmp_name'], "usr_files/$dir/{$_FILES['upload']['name']}");
}
?>

Still, nothing.

This code has a number of issues in my opinion.

Setting this variable isn't necessary.
$file_name = $_FILES['upload']['name'];

You should just do this.
$file = preg_replace('/\s+/', '_', $_FILES['upload']['name']);

What are you doing here?
$_FILES = $file;

The reason it that it is not replacing the spaces in the file name is because you're still using $_FILES['upload']['name'] as the name of the file when you're copying it over to the other location instead of using $file which is the var that you set when you removed the spaces from the file name.

You should be doing this instead
move_uploaded_file($_FILES['upload']['tmp_name'], "usr_files/$dir/$file");

Another suggestion, if the file name does not need to be the original name, replace the entire name all together. Use something like a date string and random number. That limits the possibilities of someone naming their something intentionally to cause damage. You should be doing some other checks like file size, file type, etc as well.

I would also probably finish copying the file over, and after there are no errors, insert the info into the database.

Additionally, mysql_query is deprecated and you should be looking at using mysqli_query

There might be even more issues, but I am out of time.

This is my code:

if(isset($_FILES['upload'])){
    $file = preg_replace('/\s+/', '_', $_FILES['upload']['name']);
    $_FILES = $file;
    $current_time = date('n/j/Y ');

    mysql_query("INSERT INTO `uploaded_files` (`username`,`file_name`,`time_updated`) VALUES('" . $username . "','" . $file . "','" .  $current_time . "')") or die(mysql_error());
    move_uploaded_file($_FILES['upload']['tmp_name'], "usr_files/$dir/$file");
}

It still does nothing..

Member Avatar for diafol
$file = preg_replace('/\s+/', '_', $_FILES['upload']['name']);
$_FILES = $file;

You were told about this, but did nothing about it. Why?

I added that and still nothing...

Member Avatar for diafol

No, $_FILES is a superglobal and you replaced it with a string. So no $_FILES array items now exist.

Could changing $_FILES to $_FILES[] help?

Member Avatar for diafol

I don't understand why you want to change $_FILES in the first place. You already have the modified filename string that you need in the $file variable. So just use that.

I misread your post, I thought you said to add those lines. Sorry about that. I added the changes but they did nothing.

We're doing more than giving you things to change and having you just change them without thought. We're pointing out the problems to help you try and understand why it isn't working so you can understand how it should work, and to also question the way you currently have it written.

Either one of us could just sit down and re-write it all so it worked, but that really isn't our end goal for you. We want to see the lightbulb go on above your head ;-)

I did some debugging, it seems that it has to do with moving the file after it has been uploaded. The file name changes, it's just not moving the file.

I think it has to do with storing the file.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.