[iamcenz]

Hello all,

I actually posted on here about a image upload script that you all so kindly helped with. Now I am using the same general concept of the image upload script to upload a MP3 file. I am not getting any errors it seems like it completes the script but nothing happens. No file is uploaded and no data is entered into the database. When I print_r() the file array it gives me the proper name, file size and mime type. I also comes back with a error code of 0. I can not figure out what is happening here.

Here is my script.

<?php 
session_start();
error_reporting(E_ALL); ini_set("display_errors", "On");
include('functions.php');
$id = protect($_GET['id']);
$query = sprintf("SELECT * FROM artists WHERE user_id = %d",$id);
$res = mysql_query($query);
$row_a = mysql_fetch_assoc($res);
$totalRows_a = mysql_num_rows($res);
?>
<form action="<?php echo $_SERVER['PHP_SELF'];  ?>?id=<?php echo $user_id ?>" method="post" enctype="multipart/form-data" id="something" class="uniForm">
        <input name="upload" id="upload" size="30" type="file" class="fileUpload" />
  <button name="submit" type="submit" class="submitButton">Upload</button> 
        <input name="artist_id" type="hidden" id="artist_id" value="<?php echo $row_a['artist_id']; ?>">
</form>
<?php
        if(isset($_POST['submit'])){
			$artist_id = $_POST['artist_id'];
			$user_id = $_SESSION['user_id'];
          if (isset ($_FILES['upload'])){
			  print_r($_FILES['upload']);
			  if ($_FILES['upload']['type'] !== "audio/mpeg"){
				  echo "You are only allowed to upload MP3 files";
			  if ($_FILES['upload'] == ""){
				  echo "You must select a file to upload";
			  }else{
			  $file = $_FILES['upload']['name'];
			  $ext = substr(strrchr($file, '.'), 1);
			  $rand = rand();
			  $name = $imagename . $rand;
			  $newname = md5($name).".".$ext;
              $source = $_FILES['upload']['tmp_name'];
              $target = "upload/".$newname;
              move_uploaded_file($source, $target);
 
              $filepath = $file;
              $save = "upload/" . $newname; //This is the new file you saving
              $file = "upload/" . $newname; //This is the original file
 			$mp3 = id3_get_tag( "uploads/$newname" );
	  extract($mp3);
	  echo "Artist: " . $artist . "<br />";
	  echo "Title: " . $title . "<br />";
	  $genre = id3_get_genre_name($genre);
	  echo "Genre: " . $genre;
	  $song_loc = "uploads/".$newname;
	  $sql = "INSERT into SONGS (user_id, artist_id, title, genre, song_loc) VALUES ('$user_id', '$artist_id', '$title', '$genre', '$song_loc')";
	echo $sql;
	$result = mysql_query($sql) or die ("Could not insert data into DB: " . mysql_error());

				// if successfully updated.
				if($result){
					echo "Your Song: <a href='images/artists_images/".$newname."'>Click here to listen</a><br>";
						}

					else {
						echo "ERROR with $query";
						echo $mysql_error($query);
					}
		  		}
			} 
		}
	}
?>

</body>
</html>

Thank you in advance.

[Atli]

Hey.

The real problem there is the IF statement on line #22. You are verifying that the mime-type the browser sent is not that of a MP3 file. If that check is true, you print an error like you'd expect, but you also include the rest of the form processing code in that block. So rather than doing this, like you were probably trying to do:

if (/* is NOT MP3 */) {
    // Print error
} else {
    // Process file
}

You are doing:

if (/* is NOT MP3 */) {
    // Print error
    // Process file
}

That, by the way, would be FAR more obvious if you'd apply a proper indentation style to the code. I'd even bet you would have spotted this yourself before you posted this here if you did.

Also, rather than rely on the mime-type sent by the browser, you'd do well to check the type on the server-side. The browser can send you whatever mime-type it wants, regardless of what type of file it actually is. - See the fileinfo extension to do server-side type checking.


There are a couple of other oddities there as well that are worth mentioning.

• The $user_id you use on line #11 is undefined. Did you mean to use $id?
  
  
• The IF statement on line #24 makes no sense. At that point you've already verified that $_FILES['upload'] is set (line #20) and that it's an array (line #22). Testing to see if it's an empty string after that point is pointless.
  
  
• The $filepath on line #34 is also pointless. You never use it, and it's just a clone of $file anyways.
  
  
• Using extract like you do on line #40 is generally a bad way to use arrays. There is no reason to extract the array variables into the global scope like that. Just do $mp3['author'] instead of $author.
  
  
• You don't check the return value of move_uploaded_file on line #34.