From c507033b9e446cabc9312649fc6e453e39d01052 Mon Sep 17 00:00:00 2001 From: HeroKyou Date: Fri, 12 Jun 2026 12:49:22 +0700 Subject: [PATCH] fix: absolute path for upload dir and strict exception handling --- kemiskinan/penduduk_miskin/simpan.php | 16 +++++++++++----- kemiskinan/penduduk_miskin/update.php | 18 ++++++++++++------ kemiskinan/test.php | 1 + publik/penduduk_miskin/simpan.php | 16 +++++++++++----- publik/penduduk_miskin/update.php | 18 ++++++++++++------ 5 files changed, 47 insertions(+), 22 deletions(-) create mode 100644 kemiskinan/test.php diff --git a/kemiskinan/penduduk_miskin/simpan.php b/kemiskinan/penduduk_miskin/simpan.php index 8876908..432cfb2 100644 --- a/kemiskinan/penduduk_miskin/simpan.php +++ b/kemiskinan/penduduk_miskin/simpan.php @@ -50,7 +50,7 @@ function uploadFoto($file_input_name) { if ($file_size <= $max_size) { $file_extension = strtolower(pathinfo($file_name, PATHINFO_EXTENSION)); $new_file_name = uniqid($file_input_name . '_', true) . '.' . $file_extension; - $upload_file_dir = '../uploads/'; + $upload_file_dir = __DIR__ . '/../uploads/'; if (!is_dir($upload_file_dir)) { @mkdir($upload_file_dir, 0777, true); } @@ -58,16 +58,22 @@ function uploadFoto($file_input_name) { if (@move_uploaded_file($file_tmp_path, $dest_path)) { return $new_file_name; + } else { + throw new Exception("Gagal memindahkan file upload ke: " . $dest_path); } + } else { + throw new Exception("Ukuran file melebihi batas 10MB."); } + } else if (isset($_FILES[$file_input_name]) && $_FILES[$file_input_name]['error'] !== UPLOAD_ERR_NO_FILE) { + throw new Exception("Error upload PHP: " . $_FILES[$file_input_name]['error']); } return null; } -$foto_rumah = uploadFoto('foto_rumah'); -$foto_kk = uploadFoto('foto_kk'); - try { + $foto_rumah = uploadFoto('foto_rumah'); + $foto_kk = uploadFoto('foto_kk'); + $stmt = $pdo->prepare( "INSERT INTO penduduk_miskin (nama, nik, keterangan, alamat, latitude, longitude, status_jangkauan, fasilitas_publik_id, foto_rumah, foto_kk, status_bantuan) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" @@ -80,7 +86,7 @@ try { $data = $stmtSelect->fetch(PDO::FETCH_ASSOC); echo json_encode(['status'=>'success','data'=>$data]); -} catch (PDOException $e) { +} catch (Exception $e) { echo json_encode(['status'=>'error','message'=>$e->getMessage()]); } ?> diff --git a/kemiskinan/penduduk_miskin/update.php b/kemiskinan/penduduk_miskin/update.php index 0b26645..e23e25e 100644 --- a/kemiskinan/penduduk_miskin/update.php +++ b/kemiskinan/penduduk_miskin/update.php @@ -47,7 +47,7 @@ function uploadFoto($file_input_name) { if ($file_size <= $max_size) { $file_extension = strtolower(pathinfo($file_name, PATHINFO_EXTENSION)); $new_file_name = uniqid($file_input_name . '_', true) . '.' . $file_extension; - $upload_file_dir = '../uploads/'; + $upload_file_dir = __DIR__ . '/../uploads/'; if (!is_dir($upload_file_dir)) { @mkdir($upload_file_dir, 0777, true); } @@ -55,18 +55,24 @@ function uploadFoto($file_input_name) { if (@move_uploaded_file($file_tmp_path, $dest_path)) { return $new_file_name; + } else { + throw new Exception("Gagal memindahkan file upload ke: " . $dest_path); } + } else { + throw new Exception("Ukuran file melebihi batas 10MB."); } + } else if (isset($_FILES[$file_input_name]) && $_FILES[$file_input_name]['error'] !== UPLOAD_ERR_NO_FILE) { + throw new Exception("Error upload PHP: " . $_FILES[$file_input_name]['error']); } return null; } -$foto_rumah = uploadFoto('foto_rumah'); -$foto_kk = uploadFoto('foto_kk'); - $alamat = trim($_POST['alamat'] ?? ''); try { + $foto_rumah = uploadFoto('foto_rumah'); + $foto_kk = uploadFoto('foto_kk'); + $query = "UPDATE penduduk_miskin SET nama=?, nik=?, keterangan=?, alamat=?, latitude=?, longitude=?, status_jangkauan=?, fasilitas_publik_id=?, status_bantuan=?"; $params = [$nama, $nik, $keterangan, $alamat, $latitude, $longitude, $status_jangkauan, $fp_id, $status_bantuan]; @@ -90,7 +96,7 @@ try { $data = $stmtSelect->fetch(PDO::FETCH_ASSOC); echo json_encode(['status'=>'success','data'=>$data]); -} catch (PDOException $e) { - echo json_encode(['status'=>'error','message'=>$e->getMessage()]); +} catch (Exception $e) { + echo json_encode(['status'=>'error','message'=>'Gagal memperbarui: '.$e->getMessage()]); } ?> diff --git a/kemiskinan/test.php b/kemiskinan/test.php new file mode 100644 index 0000000..c562031 --- /dev/null +++ b/kemiskinan/test.php @@ -0,0 +1 @@ +query('SELECT id, nama, foto_rumah, foto_kk FROM penduduk_miskin ORDER BY id DESC LIMIT 5')->fetchAll(PDO::FETCH_ASSOC)); diff --git a/publik/penduduk_miskin/simpan.php b/publik/penduduk_miskin/simpan.php index 6f2e83b..f3a3bef 100644 --- a/publik/penduduk_miskin/simpan.php +++ b/publik/penduduk_miskin/simpan.php @@ -50,7 +50,7 @@ function uploadFoto($file_input_name) { if ($file_size <= $max_size) { $file_extension = strtolower(pathinfo($file_name, PATHINFO_EXTENSION)); $new_file_name = uniqid($file_input_name . '_', true) . '.' . $file_extension; - $upload_file_dir = '../../kemiskinan/uploads/'; + $upload_file_dir = __DIR__ . '/../../kemiskinan/uploads/'; if (!is_dir($upload_file_dir)) { @mkdir($upload_file_dir, 0777, true); } @@ -58,16 +58,22 @@ function uploadFoto($file_input_name) { if (@move_uploaded_file($file_tmp_path, $dest_path)) { return $new_file_name; + } else { + throw new Exception("Gagal memindahkan file upload ke: " . $dest_path); } + } else { + throw new Exception("Ukuran file melebihi batas 10MB."); } + } else if (isset($_FILES[$file_input_name]) && $_FILES[$file_input_name]['error'] !== UPLOAD_ERR_NO_FILE) { + throw new Exception("Error upload PHP: " . $_FILES[$file_input_name]['error']); } return null; } -$foto_rumah = uploadFoto('foto_rumah'); -$foto_kk = uploadFoto('foto_kk'); - try { + $foto_rumah = uploadFoto('foto_rumah'); + $foto_kk = uploadFoto('foto_kk'); + $stmt = $pdo->prepare( "INSERT INTO penduduk_miskin (nama, nik, keterangan, alamat, latitude, longitude, status_jangkauan, fasilitas_publik_id, foto_rumah, foto_kk, status_bantuan) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" @@ -80,7 +86,7 @@ try { $data = $stmtSelect->fetch(PDO::FETCH_ASSOC); echo json_encode(['status'=>'success','data'=>$data]); -} catch (PDOException $e) { +} catch (Exception $e) { echo json_encode(['status'=>'error','message'=>$e->getMessage()]); } ?> diff --git a/publik/penduduk_miskin/update.php b/publik/penduduk_miskin/update.php index 4e16d9d..0773450 100644 --- a/publik/penduduk_miskin/update.php +++ b/publik/penduduk_miskin/update.php @@ -47,7 +47,7 @@ function uploadFoto($file_input_name) { if ($file_size <= $max_size) { $file_extension = strtolower(pathinfo($file_name, PATHINFO_EXTENSION)); $new_file_name = uniqid($file_input_name . '_', true) . '.' . $file_extension; - $upload_file_dir = '../../kemiskinan/uploads/'; + $upload_file_dir = __DIR__ . '/../../kemiskinan/uploads/'; if (!is_dir($upload_file_dir)) { @mkdir($upload_file_dir, 0777, true); } @@ -55,18 +55,24 @@ function uploadFoto($file_input_name) { if (@move_uploaded_file($file_tmp_path, $dest_path)) { return $new_file_name; + } else { + throw new Exception("Gagal memindahkan file upload ke: " . $dest_path); } + } else { + throw new Exception("Ukuran file melebihi batas 10MB."); } + } else if (isset($_FILES[$file_input_name]) && $_FILES[$file_input_name]['error'] !== UPLOAD_ERR_NO_FILE) { + throw new Exception("Error upload PHP: " . $_FILES[$file_input_name]['error']); } return null; } -$foto_rumah = uploadFoto('foto_rumah'); -$foto_kk = uploadFoto('foto_kk'); - $alamat = trim($_POST['alamat'] ?? ''); try { + $foto_rumah = uploadFoto('foto_rumah'); + $foto_kk = uploadFoto('foto_kk'); + $query = "UPDATE penduduk_miskin SET nama=?, nik=?, keterangan=?, alamat=?, latitude=?, longitude=?, status_jangkauan=?, fasilitas_publik_id=?, status_bantuan=?"; $params = [$nama, $nik, $keterangan, $alamat, $latitude, $longitude, $status_jangkauan, $fp_id, $status_bantuan]; @@ -90,7 +96,7 @@ try { $data = $stmtSelect->fetch(PDO::FETCH_ASSOC); echo json_encode(['status'=>'success','data'=>$data]); -} catch (PDOException $e) { - echo json_encode(['status'=>'error','message'=>$e->getMessage()]); +} catch (Exception $e) { + echo json_encode(['status'=>'error','message'=>'Gagal memperbarui: '.$e->getMessage()]); } ?>