PHP - Trying To Figure Out Why My Upload.php Files Is Rejecting Some Files

I'm using the following code to create a folder from a text field and works fine.
I would like to upload 3 files in the created folder.

<?php
// set our absolute path to the directories will be created in:
$path = $_SERVER['DOCUMENT_ROOT'] . '/uploads/';
 
 
if (isset($_POST['create'])) {
   // Grab our form Data
   $dirName = isset($_POST['dirName'])?$_POST['dirName']:false;
 
   // first validate the value:
   if ($dirName !== false && preg_match('~([^A-Z0-9]+)~i', $dirName, $matches) === 0) {
      // We have a valid directory:
      if (!is_dir($path . $dirName)) {
         // We are good to create this directory:
         if (mkdir($path . $dirName, 0775)) {
            $success = "Your directory has been created succesfully!<br /><br />";
         }else {
            $error = "Unable to create dir {$dirName}.";
         }
      }else {
         $error = "Directory {$dirName} already exists.";
      }
   }else {
      // Invalid data, htmlenttie them incase < > were used.
      $dirName = htmlentities($dirName);
      $error = "You have invalid values in {$dirName}.";
   }
}
?>
<html>
<head><title>Make Directory</title></head>
<body>
   <?php echo (isset($success)?"<h3>$success</h3>":""); ?>
   <h2>Make Directory on Server</h2>
   <?php echo (isset($error)?'<span style="color:red;">' . $error . '</span>':''); ?>
   <form name="phpMkDIRForm" method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
   Enter a Directory Name (Alpha-Numeric only): <input type="text" value="" name="dirName" /><br />
   <input type="submit" name="create" value="Create Directory" />
   </form>
</body>
</html>

Hey guys,

I have an image upload script and it's working fine. But for some files it will not work. It says it can't get the filesize and it can't copy that file. I have tried to change the file format of that file, but with no result. So it's not the file format. Is there anything else that could confuse getfilesize and copy commands in PHP? Can you please tell me what is wrong?

include ("include/session.php");

//Pohranjivanje podataka za 1. sliku

$naziv1 = mysql_real_escape_string($_POST["naziv1"],$veza);
$opis1 = mysql_real_escape_string($_POST["opis1"],$veza);
$album_id = mysql_real_escape_string($_POST["album_id"],$veza);
$datum1 = date("Y-m-d H:i:s");


//Upload slike i thumba
//define a maxim size for the uploaded images 
define ("MAX_SIZE","10000000000"); 

// define the width and height for the thumbnail 
// note that theese dimmensions are considered the maximum dimmension and are not fixed, 
// because we have to keep the image ratio intact or it will be deformed 
define ("WIDTH","200"); 
define ("HEIGHT","150");   

// this is the function that will create the thumbnail image from the uploaded image 
// the resize will be done considering the width and height defined, but without deforming the image 

function make_thumb($img_name,$filename,$new_w,$new_h) { 

//get image extension. 
$ext=getExtension($img_name); 
//creates the new image using the appropriate function from gd library 

if(!strcmp("jpg",$ext) || !strcmp("jpeg",$ext)) $src_img=imagecreatefromjpeg($img_name);   
if(!strcmp("png",$ext)) $src_img=imagecreatefrompng($img_name);  
if(!strcmp("gif",$ext)) $src_img=imagecreatefromgif($img_name);

//gets the dimmensions of the image 

$old_x=imageSX($src_img); $old_y=imageSY($src_img);   

// next we will calculate the new dimmensions for the thumbnail image 
// the next steps will be taken: 
// 1. calculate the ratio by dividing the old dimmensions with the new ones 
// 2. if the ratio for the width is higher, the width will remain the one define in WIDTH variable 
// and the height will be calculated so the image ratio will not change 
// 3. otherwise we will use the height ratio for the image 
// as a result, only one of the dimmensions will be from the fixed ones 

$ratio1=$old_x/$new_w; $ratio2=$old_y/$new_h;

if($ratio1>$ratio2) { $thumb_w=$new_w; $thumb_h=$old_y/$ratio1; } else { $thumb_h=$new_h; $thumb_w=$old_x/$ratio2; }   

// we create a new image with the new dimmensions 

$dst_img=ImageCreateTrueColor($thumb_w,$thumb_h);   

// resize the big image to the new created one 

imagecopyresampled($dst_img,$src_img,0,0,0,0,$thumb_w,$thumb_h,$old_x,$old_y);   

// output the created image to the file. Now we will have the thumbnail into the file named by $filename

if(!strcmp("png",$ext)) imagepng($dst_img,$filename); else imagejpeg($dst_img,$filename);   

//destroys source and destination images. 
imagedestroy($dst_img); imagedestroy($src_img); }   

// This function reads the extension of the file. 
// It is used to determine if the file is an image by checking the extension. 

function getExtension($str) { $i = strrpos($str,"."); if (!$i) { return ""; } $l = strlen($str) - $i; $ext = substr($str,$i+1,$l); return $ext; }   

// This variable is used as a flag. The value is initialized with 0 (meaning no error found) 
//and it will be changed to 1 if an errro occures. If the error occures the file will not be uploaded. 

$errors=0; 

// checks if the form has been submitted 

if(isset($_POST['spremi'])) { 

//reads the name of the file the user submitted for uploading 

$image=$_FILES['slika1']['name']; 

// if it is not empty 

if ($image) { 

// get the original name of the file from the clients machine 

$filename = stripslashes($_FILES['slika1']['name']); 

// get the extension of the file in a lower case format 

$extension = getExtension($filename); $extension = strtolower($extension); 


// if it is not a known extension, we will suppose it is an error, print an error message 
//and will not upload the file, otherwise we continue 

if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) { echo '<h1>Unknown extension!</h1>'; $errors=1; } else { 

// get the size of the image in bytes 
// $_FILES[\'image\'][\'tmp_name\'] is the temporary filename of the file in which the uploaded file was stored on the server 

$size=getimagesize($_FILES['slika1']['tmp_name']); 
$sizekb=filesize($_FILES['slika1']['tmp_name']);   


//compare the size with the maxim size we defined and print error if bigger 

if ($sizekb > MAX_SIZE*1024) { echo '<h1>You have exceeded the size limit!</h1>'; $errors=1; }   

//we will give an unique name, for example the time in unix time format 

$image_name1=mt_rand(0,9999999).'.'.$extension; 

//the new name will be containing the full path where will be stored (images folder) 

$newname="slike_natjecanja/".$image_name1; 
$copied = copy($_FILES['slika1']['tmp_name'], $newname); 

//we verify if the image has been uploaded, and print error instead 

if (!$copied) { echo '<h1>Copy unsuccessfull!</h1>'; $errors=1; } else { 

// the new thumbnail image will be placed in images/thumbs/ folder 

$thumb_name='slike_natjecanja/thumbs/thumb_'.$image_name1; 
$thumb_name1 = 'thumb_'.$image_name1;

// call the function that will create the thumbnail. The function will get as parameters 
//the image name, the thumbnail name and the width and height desired for the thumbnail 

$thumb=make_thumb($newname,$thumb_name,WIDTH,HEIGHT); }} }} 

//If no errors registred, print the success message and show the thumbnail image created 
if(isset($_POST['Submit']) && !$errors) { echo "<h1>Thumbnail created Successfully!</h1>"; echo '<img src="'.$thumb_name.'">'; }


if (empty($_FILES['slika1']['name'])) {
    
    echo "Prazno je!";
    die;
    
    } else {
             
    //Ubacivanje u bazu
    $upit = "INSERT INTO natjecanja_slike_sve (album_id, naziv_slike, opis_slike, datum_dodavanja_slike, slika_nat_mala, slika_nat_velika) VALUES ('$album_id', '$naziv1', '$opis1', '$datum1', '$thumb_name1', '$image_name1')";
    echo "$upit";
    die;
    $rezultat = mysql_query($upit) or die (mysql_error());
    
}

I have 2 sites here that does what i need them to do but i dont know how to put the 2 codes together 

i got it to upload all files and used rand() to give the files a # but it ends up giving them all the same # lol so they overwrite them selfs lol


This site shows how to upload mltiple fiels with php.
http://www.ehow.com/how_6345068_upload-multiple-files-php.html


This site shows how to rename only 1 file uploaded with rand()
http://php.about.com/od/advancedphp/ss/rename_upload.htm


i pray this is not to hard to do and if any one gets bored after words can you show how to block a file type from being
uploaded ? like php/exe types

PS)i would call my self a php newbe lol and ty you for your time and help

Code from http://php.about.com/od/advancedphp/ss/rename_upload.htm

Code: [Select]
<form enctype="multipart/form-data" action="upload.php" method="POST">
Please choose a file: <input name="uploaded" type="file" /><br />
<input type="submit" value="Upload" />
</form>


//This function separates the extension from the rest of the file name and returns it 
function findexts ($filename)
{ $filename = strtolower($filename) ;
$exts = split("[/\\.]", $filename) ;
$n = count($exts)-1; $exts = $exts[$n];
return $exts;
}

//This applies the function to our file 
$ext = findexts ($_FILES['uploaded']['name']) ;

//This line assigns a random number to a variable. You could also use a timestamp here if you prefer. 
$ran = rand () ;
//This takes the random number (or timestamp) you generated and adds a . on the end, so it is ready of the file extension to be appended.
$ran2 = $ran.".";
//This assigns the subdirectory you want to save into... make sure it exists!
$target = "images/";
//This combines the directory, the random file name, and the extension
$target = $target . $ran2.$ext;
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) {
echo "The file has been uploaded as ".$ran2.$ext; }
else {
echo "Sorry, there was a problem uploading your file.";
}
The code from http://www.ehow.com/how_6345068_upload-multiple-files-php.html

Code: [Select]
<form action="upload.php" method="post" enctype="multipart/form-data">
File: <input type="file" name="file[]"/><br/>
File: <input type="file" name="file[]"/><br/>
File: <input type="file" name="file[]"/><br/>
<input type="submit" name="submit" value="Upload"/>
</form>



$destpath = "upload/" ;


while(list($key,$value) = each($_FILES["file"]["name"])) {
if(!empty($value)){
f ($_FILES["file"]["error"][$key] > 0) {
echo "Error: " . $_FILES["file"]["error"][$key] . "<br/>" ;
}
else {
$source = $_FILES["file"]["tmp_name"][$key] ;
$filename = $_FILES["file"]["name"][$key] ;
move_uploaded_file($source, $destpath . $filename) ;
echo "Uploaded: " . $destpath . $filename . "<br/>" ;
}
}
}

Hi i have the script to upload files i set the type of file and extension allowed all the files type and extension i can upload except mp4 is ther anything extra i need to do isnt file type (video/mp4) extension (mp4) but still not working.
Code: [Select]
<?php
mysql_connect("localhost", "root", "") or die(mysql_error()) ;
mysql_select_db("database_name") or die(mysql_error()) ;

// my file the name of the input area on the form type is the extension of the file
//echo $_FILES["myfile"]["type"];

//myfile is the name of the input area on the form 
$name = $_FILES["image"]["name"]; // name of the file
$type = $_FILES["image"]["type"]; //type of the file
$size = $_FILES["image"]["size"]; //the size of the file
$temp = $_FILES["image"]["tmp_name"];//temporary file location when click upload it temporary stores on the computer and gives it a temporary name

$error =array(); // this an empty array where you can then call on all of the error messages
$allowed_exts = array('jpg', 'jpeg', 'png', 'gif','avi','mp4'); // array with the following extension name values
$image_type = array('image/jpg', 'image/jpeg', 'image/png', 'image/gif', 'video/mp4'); // array with the following image type values
$location = 'images/'; //location of the file or directory where the file will be stored
$appendic_name = "news".$name;//this append the word [news] before the name so the image would be news[nameofimage].gif

// substr counts the number of carachters and then you the specify how how many you letters you want to cut off from the beginning of the word example drivers.jpg it would cut off dri, and would display vers.jpg
//echo $extension = substr($name, 3);

//using both substr and strpos, strpos it will delete anything before the dot in this case it finds the dot on the $name file deletes and + 1 says read after the last letter you delete because you want to display the letters after the dot. if remove the +1 it will display .gif which what we want is just gif
$extension = strtolower(substr($name, strpos ($name, '.') +1));//strlower turn the extension non capital in case extension is capital example JPG will strtolower will make jpg
// another way of doing is with explode
// $image_ext strtolower(end(explode('.',$name))); will explode from where you want in this case from the dot adn end will display from the end after the explode

$title = $_POST["title"];
$subtitle = $_POST["subtitle"];

     if (isset($image)) // if you choose a file name do the if bellow
       {
       
       // if extension is not equal to any of the variables in the array $allowed_exts error appears
        if(in_array($extension, $allowed_exts) === false )
       {
         $error[] = 'Extension not allowed! gif, jpg, jpeg, png only<br />'; // if no errror read next if line
       }
        // if file type is not equal to any of the variables in array $image_type error appears
        if(in_array($type, $image_type) === false)
       {
          $error[] = 'Type of file not allowed! only images allowed<br />';     
       }
       
           
       // check if  folder exist in the server
        if(!file_exists ($location))
       {
          $error[] = 'No directory ' . $location. ' on the server Please create a folder ' .$location;     
       }
            
     }
     // if no error found do the move upload function
       if (empty($error)){
           if (move_uploaded_file($temp, $location .$appendic_name))
           {    
    if (move_uploaded_file($temp1, $location .$name1))
           {
             // insert data into database first are the field name teh values are the variables you want to insert into those fields appendic is the new name of the image
mysql_query("INSERT INTO tablename (title, subtitle, image)
 VALUES ('$title', '$subtitle', '$appendic_name')") ;
 echo $type;
  echo "<br />";
 echo $type1;


           }
         }
       else
          {
        foreach ($error as $error)
           {
               echo $error;
           }
        }
      
   }
  
//echo $type;
?>

<!doctype html>
<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="content-type">
<title>Untitled Document</title>
</head>

<body>
<form action="upload_image.php" method="post" enctype="multipart/form-data">
<label>select page<input type="file" name="image">
<input type="submit" name="upload">
</label>
</form>
<?php 
if(isset($_POST['upload']))
{
	$image_name=$_FILES['image']['name']; //return the name ot image
	$image_type=$_FILES['image']['type']; //return the value of image
	$image_size=$_FILES['image']['size']; //return the size of image
	$image_tmp_name=$_FILES['image']['tmp_name'];//return the value
	if($image_name=='')
	{
		echo '<script type="text/javascript">alert("please select image")</script>';
		exit();
	}
	else
	{
		$ex=move_uploaded_file($image_tmp_name,"image/".$image_name);
		if($ex)
		{
		    echo 'image upload done "<br>"';
			echo $image_name.'<br>';
			echo $image_size.'<br>';
			echo $image_type.'<br>';
			echo $image_tmp_name.'<br>';
		}
		else
		{
			echo 'error';
		}
	}
}
?>
</body>
</html>

I make this simple script for upload files like photo , It's work correctly ,but not upload the large files ex 8MB images 12MB images
Edited by Ch0cu3r, 04 October 2014 - 09:50 AM.
Modified topic title - changed download to upload

Hi All,

I need some help blocking files that don't pass authentication from being uploaded to the server.

Here is my script (below).  It correctly throws errors, but regardless of error / no-error, the file is uploaded. For example, the only files allowed to be uploaded should be .png, .jpeg, .gif -- but I see .flv .docx etc in the destination folder.

You'll see below a variable for each of the error messages.  They basically say that the file name is too long, too big, not an allowed file type, or English characters only allowed in file title name.

Again the errors work properly, but regardless files are uploaded to the "quiz_images" folder.

What do I need to do to stop the upload if an error is triggered?

Thank you for your help...  here is the code snip:

Code: [Select]

$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);

$uploadsDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . 'quiz_images/';

$fieldname = 'file';

if ($_POST[submit]) {

if ($_POST[title] <> "") {
$a = TRUE;
} else {
$a = FALSE;
$content .= "<p>$enter_title</p>\n";
}
if ($_POST[video] <> "") {
$b = TRUE;
} else {
$b = FALSE;
$content .= "<p>$enter_embed</p>\n";
}
if ($_POST[description_text] <> "") {
$c = TRUE;
} else {
$c = FALSE;
$content .= "<p>$enter_description</p>\n";
}
if ($_POST[submit] <> "") {
$f = TRUE;
} else {
$f = FALSE;
$content .= "<p>$sorry_error</p>\n";
}

if (is_uploaded_file($_FILES[$fieldname]['tmp_name'])) {
$g = TRUE;
} else {
$g = FALSE;
$content .= "<p>$sorry_error</p>\n";
}

if (getimagesize($_FILES[$fieldname]['tmp_name'])){
$h = TRUE;
} else {
$h = FALSE;
$content .= "<p>$error2</p>\n";
}

if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/png")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 50000)) {

$i = TRUE;
} else {
$i = FALSE;
$content .= "<p>$error2</p>\n";
}

if(preg_match('#^[a-z0-9_\s-\.]*$#i', $pic) ) {
$k = TRUE;
} else {
$k = FALSE;
$content .= "<p>$error3</p>\n";
}


$desc_length = strlen($pic);
        $limit = 40;
        if ($desc_length <= $limit) {
        $l = TRUE;
} else {
$l = FALSE;
$content .= "<p>$error4</p>\n";
}

$now = time();
while(file_exists($uploadFilename = $uploadsDirectory.$now.'-'.$_FILES[$fieldname]['name']))
{
$now++;
}

if (move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadFilename)){
$j = TRUE;
} else {
$j = FALSE;
$content .= "<p>$enter_thumb</p>\n";
}

$pic=$now++.'-'.$_FILES[$fieldname]['name'];



if ($a AND $b AND $c AND $f AND $g AND $h AND $i AND $j AND $k AND $l) {............

hi!
i want to upload videos and music files using php but it's not working correctly.through this code imges are uploaded successfully but there is problem with video files ..i hv use php.ini to resolve the size prblem but still its not working..can u give me any code that works perfectly.
here is my code..
 Collapse
<?php
ini_set('post_max_size', 5242880);    // Set upload limit (5MB)
ini_set('upload_max_filesize', 5242880);    // Enforce upload limit
ini_set('max_execution_time', 2400);    // Increase 'timeout' time

echo "<form enctype='multipart/form-data' name='form2' method='post' action='video.php?view_id=view'>";
if(isset($_REQUEST['Submit']))
{
print_r($_FILES['file2']);
$music=($_FILES['file2']['name']);
if($_FILES['file2']['error']>0)
{
    echo "error accured";
}
else
{
    move_uploaded_file($_FILES['file2']['tmp_name'],"uploadedMusic/".$_FILES['file2']['name']);
}
 
}
 
echo "<input name='file2' type= 'file'>";
echo "<input name='Submit' type='submit' value='upload music'>";
echo "</form>";
?>

Hi all,

I am having a few problems.

Basically I have a multiple file upload script, that I can get successfully to save the images to a folder. However what I am trying to do is enter a record in the database for every file that is uploaded, giving it a picture id, album id and user id (p_id, a_id, u_id). From here I then want to rename the image to the p_id in the database(auto_increment).

I am starting just by counting the amount of images uploaded and then creating a record. However I seem to have something wrong, as when I tried it to upload 1 image as a test it created 388,000 blank records! (just p_id as auto)

Can someone explain what I am doing wrong? I am quite new to php.

<?php


$result = array();

$result['time'] = date('r');
$result['addr'] = substr_replace(gethostbyaddr($_SERVER['REMOTE_ADDR']), '******', 0, 6);
$result['agent'] = $_SERVER['HTTP_USER_AGENT'];

if (count($_GET)) {
$result['get'] = $_GET;
}
if (count($_POST)) {
$result['post'] = $_POST;
}
if (count($_FILES)) {
$result['files'] = $_FILES;
}

// we kill an old file to keep the size small
if (file_exists('script.log') && filesize('script.log') > 102400) {
unlink('script.log');
}

$log = @fopen('script.log', 'a');
if ($log) {
fputs($log, print_r($result, true) . "\n---\n");
fclose($log);
}


// Validation

$error = false;

if (!isset($_FILES['Filedata']) || !is_uploaded_file($_FILES['Filedata']['tmp_name'])) {
$error = 'Invalid Upload';
}

else

{



include('../includes/config.php');
session_start();
$a_id = $_SESSION["a_id"];
$u_id = $_SESSION["id"];
$togo = $result['files'];
$i=0;
while ($i < $togo) 

{
$query = mysql_query("INSERT into images (a_id,u_id)
VALUES
('$a_id','$u_id')");

$i++;
}

}

?>



Many Thanks

Hi

I am running debian lenny, apache2 php5. My fail upload fails for large file sizes. A 6.2 MB file uploads file, but a 10.2Mb file fails. I have set the Max file size to 50MB and max_execution to 600  etc in php.ini, but still have the same problems. I  have noticed many others having similar problems. Is there a solution?

I have looked around all overr, but cant find what im looking for. Everything I have found is about uploading multile files, what I need to do is upload one file and copy it so there is 3 files.

Here is an example of what I need to accomplish.

Upload file picture1.jpg

From picture1.jpg create 3 files - smallimage_picture1.jpg, largeimage_picture1.jpg & smallimage_picture1_thumb.jpg

Each file will need to be copied to a /products directory and also an entry for each file name placed in mysql database table.

I don't think this is as simple as it sounds to do in PHP, but i am very willing to learn so if anyone knows of a good tutorial that get get me started that would be super.

regards

DB

Hi, ive recently created a gallery website and im happy with the way everything currently works. However the main drawback is the site uploads using a html webfom which is great for remote users or the odd image.

However, as i want to mass upload my existing collection i will need the ability to read a selected folder and then to carry out all the same processes that existed from the existing html form upload.

Im also using gdlibrary and checking file types to ensure they are within my allowed list, but im wondering if there are any other common security alerts i should be aware of to keep things a little bit safer if/when i publish outside of my LAN.

So in a nut shell i need some assistance with changing my upload process to work for more than one file at a time, ideally by reading a folder, or at least reading X amount of files at a time - processing them then moving onto next batch of files in the list.  Then the next part i need help with is checking/improving basic security of the system

Code: [Select]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>
<body>
<?php
$hostname='xxx';
$username='xxx';
$password='xxx';
$dbname='xxx;
$usertable=xxx;


$myconn=mysql_connect($hostname,$username, $password) OR DIE ('Unable to connect to database! Please try again later.');

if ((($_FILES["file"]["type"] =="image/gif")
|| ($_FILES["file"]["type"] =="image/jpeg")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"]< 200000))
{
if ($_FILES["file"]["error"] >0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br/>";
}
else
{
if (file_exists("uploads/" . $_FILES["file"]["name"]))
{
echo "File already exists. Choose another name.";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],"uploads/" . $_FILES["file"]["name"]);
}
}
}
else
{
echo "Invalid file";
}
$path="uploads/" . $_FILES["file"]["name"];
$desc=$_POST["desc"];
if (!myconn)
{
die ('Could not connect: ' . $mysql_error());
 } 
 $db_selected=mysql_select_db('xxx',$myconn);
 if (!$db_selected) {
    die ('Can\'t use xxxx : ' . mysql_error());
} 
  mysql_query("INSERT INTO partners (desc,photopath,state) VALUES ('$desc','$path','$state')");
  mysql_close($myconn);
?>
</body>
</html>

i have php at server side and c++ at client side.what i am trying to do is to constantly look for files on server in folder on server if there’s a file in folder then download it on client side and delete it from server folder
this will happen again and again after 5minutes if a file is present on server in folder then download it and delete from server then in c++ goto sleep again fro 5 minutes and after 5 minutes do all this again if no file present in folder on server then simply do nothing.

My server is Linux/Apache/PHP.   When a file is uploaded, I use PHP's finfo_open to confirm that the file have the correct file extension matches and delete them if it doesn't match.  I also which file mimi types and size could be uploaded.   Things I do with the files include: Upload user's files and store them in some public directory (/var/www/html/users_public_directory/), and allow other users to directly download them. Upload user's files and store them in some private directory (/var/www/users_private_directory/), and allow other users to download them using X-Sendfile. Upload user's ZIP files and convert them to PDF files (unzip the ZIP file, and uses Libreoffice and Imagemagick's convert to convert them to PDFs). From the server's prospective, what are the risks of allowing users to upload files?  Are there some file types which are more dangerous to the server?  Could they be executed on the server, and if so, how could this be prevented?

I have a hopefully small issue on a form submitting data to the mysql database table and email. The email side works fine as does the adding the data to the database table but if I upload two files, it stores the support ticket twice in the database table where as I want to store just once and the files be stored as a array in the database table. I got the code from the link https://www.codexworld.com/upload-multiple-images-store-in-database-php-mysql/

The code I have is below

 

<?php

require_once "registerconfig.php";

if (isset($_POST['submit'])) {
		
		// File upload configuration 
    $targetDir = "support-ticket-images/"; 
    $allowTypes = array('pdf','doc','docx','jpg','png','jpeg','gif');
	
	$statusMsg = $errorMsg = $insertValuesSQL = $errorUpload = $errorUploadType = '';
	
	// Escape user inputs for security
$ticket_subject = htmlentities($_POST['ticket_subject'], ENT_QUOTES);
$ticket_message = strip_tags($_POST['ticket_message'], ENT_QUOTES);
$ticket_status ='PENDING SUPPORT'; 
$username = htmlentities($_SESSION["user_name"], ENT_QUOTES);
$user_id = htmlentities($_SESSION["user_id"], ENT_QUOTES);
	
	$fileNames = array_filter($_FILES['files']['name']);
	if(!empty($fileNames)){ 
        foreach($_FILES['files']['name'] as $key=>$val){ 
            // File upload path 
            $fileName = basename($_FILES['files']['name'][$key]); 
            $targetFilePath = $targetDir . $fileName; 
             
            // Check whether file type is valid 
            $fileType = pathinfo($targetFilePath, PATHINFO_EXTENSION); 
            if(in_array($fileType, $allowTypes)){ 
                // Upload file to server 
                if(move_uploaded_file($_FILES["files"]["tmp_name"][$key], $targetFilePath)){ 
                    // Image db insert sql 
                    $insertValuesSQL .= "('".$ticket_subject."','".$ticket_message."','".$fileName."','".$ticket_status."','".$username."', '".$user_id."'),";
                }else{ 
                    $errorUpload .= $_FILES['files']['name'][$key].' | '; 
                } 
            }else{ 
                $errorUploadType .= $_FILES['files']['name'][$key].' | '; 
            } 
        }

if(!empty($insertValuesSQL)){ 
            $insertValuesSQL = trim($insertValuesSQL, ','); 
            // Insert image file name into database 
            $insert = $link->query("INSERT INTO DB TABLE NAME (ticket_subject, ticket_message, file_name, ticket_status, user_name, user_id) VALUES $insertValuesSQL");
			
            if($insert){
				
				$to = "emailaddress";

    $subject = "A new support ticket has been submitted";
    $message = " <strong>$username</strong> has just created a support ticket, below is the support ticket
    <br /><br />
    <u>Support Ticket Details</u>
    <br /><br>
    <strong>Support Ticket Subject</strong>: $ticket_subject
    <br/><br><strong>Support Ticket Message</strong>: $ticket_message
    <p><strong><u>Support Ticket Files</u></strong>
    <br>
    <img src='$fileName'>
    ";
    // Always set content-type when sending HTML email
    $headers = "MIME-Version: 1.0" . "\r\n";
    $headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
    // More headers
    $headers .= 'From: <noreply@emailaddress>' . "\r\n";
    $mail=mail($to,$subject,$message,$headers);
				
                $errorUpload = !empty($errorUpload)?'Upload Error: '.trim($errorUpload, ' | '):''; 
                $errorUploadType = !empty($errorUploadType)?'File Type Error: '.trim($errorUploadType, ' | '):''; 
                $errorMsg = !empty($errorUpload)?'<br/>'.$errorUpload.'<br/>'.$errorUploadType:'<br/>'.$errorUploadType;
header("location: support-ticket-confirmation?user=$username");
            }else{ 
                $statusMsg = "Sorry, there was an error uploading your file."; 
            } 
        } 
    }else{ 
        $statusMsg = 'Please select files to upload.';
    } 
     
    // Display status message 
    echo $statusMsg; 
}
?>

The structure of the db table column is file_name, VARCHAR(255), latin1_swedish_ci, NOT NULL