Search code examples
phphtmlhref

Cannot find file path (invalid url)

I have problem to find file path. I have a form that can insert file or image.

Below code shows how the file or images save

    if($_FILES["lampiran"]["name"][$i] != "")
    {
        $my_folder = "./files";
        $location = $my_folder.'/'.$pname;

        $imageFileType = pathinfo($tname,PATHINFO_EXTENSION);

        move_uploaded_file($tname,$location);

        $query2 = "INSERT into list_lampiran (id_aduan, folder, lampiran, nama_asal, type, size, time_create) VALUES ('$id_aduan', '$my_folder', '$location', '$pname', '$file_type', '$file_size', '$time_create')";

    mysqli_query($con, $query2);
    $id_lampiran=mysqli_insert_id($con);

        if($query2){

            $myfile_rename = $id_lampiran.'_'.$pname;  

            rename($location, './files/'.$myfile_rename); 

            $query3 ="UPDATE list_lampiran SET lampiran = '$myfile_rename' WHERE id = '$id_lampiran'";      

            mysqli_query($con,$query3);

        }

    }

Then the file or image will sent through an email and appear as a link. But the link have invalid URL

Code to display the file or image in email


     if(mysqli_num_rows($resultlampiran) > 0){

      $rowlampiran = mysqli_fetch_array($resultlampiran, 
                     MYSQLI_ASSOC);
       $folder_name = $rowlampiran['folder'];
       $lampiran = $rowlampiran['lampiran'];
       $lampiran1 = $folder_name.'/'.$lampiran;
       $nama_asal = $rowlampiran['nama_asal'];
       $file = "<ul><li><a href='".$lampiran1."'>".$nama_asal."</a></li></ul>"; }

Redirect notice

Solution

  • You missed to include the URL of your website in the file link. You need to update the file path in your email template or so as:

    $website = "https://example.com/";
$file = "<ul><li><a href='".$website.$lampiran1."'>".$nama_asal."</a></li</ul>";

    and you're good to go :)

    Also, you have coded without caring about the security of your application. Anyone could easy upload backdoor or any other PHP scripts and destroy all the data and files on your server. You must validate file extension and then save to your database

    Example:

    $validExt = array("jpg", "png", "pdf", "txt"); // valid extensions that should only be allowed.

// and then check if upload file's extension matches in our valid list
if(in_array(strtolower($imageFileType), $validExt) === false) {
// some other file extension found, show error message
} else {
// upload your file here and save to database
}