I have the following problem:
I have an insert server behavior (the one build in Dreamweaver witch is inserting new record in the database
I want to upload an image and save its filename in the database. I used is_uploaded_file and move_uploaded_file to upload it. If i use them in a separate script file the upload works fine. But when i add them to the page where insert server behavior is it wont upload. Pls help me fix it. Thx in advance.
THIS IS THE CODE:
<?php require_once('../Connections/connection1.php'); ?>
<?php
if (!isset($_SESSION)) {
session_start();
}
$MM_authorizedUsers = "admin";
$MM_donotCheckaccess = "false";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && false) {
$isValid = true;
}
}
return $isValid;
}
$MM_restrictGoTo = "login.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "Promo_new")) {
$uploaded = is_uploaded_file($_FILES['Image']['tmp_name']);
if($uploaded == true){
echo'File uploaded to tmp directory<br>';
}
else
{
echo'File not uploaded to tmp directory!';
exit();
}
$file = $_FILES['Image']['name'];
$uploaddir = '/www/ortis28.com/www/root/Images/';
$uploadfile = $uploaddir.basename($file);
$tmpfile = $_FILES['Image']['tmp_name'];
$move = move_uploaded_file($tmpfile, $uploadfile);
if($move){
echo 'File uploaded!';
}else{
echo 'Unable to move file from tmp directory! Please check that the folder has CHMOD value of 777!';
}
$insertSQL = sprintf("INSERT INTO promo (title, imgfile, text, price) VALUES (%s, %s, %s, %s)",
GetSQLValueString($_POST['TITLE'], "text"),
GetSQLValueString($_FILES['Image']['name'], "text"),
GetSQLValueString($_POST['TEXT'], "text"),
GetSQLValueString($_POST['PRICE'], "text"));
mysql_select_db($database_connection1, $connection1);
$Result1 = mysql_query($insertSQL, $connection1) or die(mysql_error());
$insertGoTo = "Promotions.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<form id="Promo_new" name="Promo_new" method="POST" action="<?php echo $editFormAction; ?>">
<table width="150" cellspacing="5">
<tr>
<td><div align="center">Заглавие</div></td>
<td><input name="TITLE" type="text" id="TITLE" /> </td>
</tr>
<tr>
<td><div align="center">Текст</div></td>
<td><textarea name="TEXT" cols="40" rows="4" wrap="virtual" id="TEXT"></textarea></td>
</tr>
<tr>
<td><div align="center">Снимка</div></td>
<td><p>
<input name="Image" type="file" id="Image"/>
</p></td>
</tr>
<tr>
<td><div align="center">Цена</div></td>
<td><input name="PRICE" type="text" id="PRICE" /></td>
</tr>
<tr>
<td><div align="left">
<input type="submit" name="Submit" value="Въведи" />
</div></td>
<td><div align="right">
<input type="reset" name="Submit22" value="Изчисти" />
</div>
</td>
</tr>
</table>
<p><input type="hidden" name="MM_insert" value="Promo_new"></p>
</form>
</body>
</html>