Jump to content

Adjust if statement so post does not have to include file.


Stavros
 Share

Recommended Posts

 

Hello can anyone help with my code, it bombs out if I dont add in a file for attachment but i want to be able to add to the database with just comments (sometimes without a file) Any help appreciated!!!

 

 

$timestamp = time();

$tbl_name="guestbook"; // Table name

$email = $_REQUEST["email"];

$name = $_REQUEST["name"];

$comment = $_REQUEST["comment"];

$datetime = date("dmy");

$uploaddir = "upload/";

$filename = $timestamp.$file['file']['name'];

$filename = strtolower($filename);

$final_location = "$uploaddir$filename";

$pathinfo = pathinfo($_FILES['userfile1']['name']);

if ((($_FILES["file"]["type"] == "image/gif")

|| ($_FILES["file"]["type"] == "image/jpeg")

|| ($_FILES["file"]["type"] == "image/pjpeg"))

&& ($_FILES["file"]["size"] < 2000000))

{

if ($_FILES["file"]["error"] > 0)

{

echo "Return Code: " . $_FILES["file"]["error"] . "<br />";

}

else

{

echo "Upload: " . $filename . "<br />";

echo "Type: " . $_FILES["file"]["type"] . "<br />";

echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";

echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

 

if (file_exists($final_location))

{

echo $filename . " already exists. ";

}

else

{

move_uploaded_file($_FILES["file"]["tmp_name"],

$final_location);

echo "Stored in: " . $final_location . "<br>";

 

mysql_connect("$host", "$username", "$password")or die("cannot connect server ");

mysql_select_db("$db_name")or die("cannot select DB");

 

$sql="INSERT INTO $tbl_name(name, email, comment, datetime, upload)VALUES('$name', '$email', '$comment', '$datetime', '$final_location')";

$result=mysql_query($sql);

}

}

//}

else

{

echo "Invalid file";

}

 

if($result){

echo "Successful added update to the Board";

echo "<BR>";

echo "<a href='HomePage4.php'>View Bulletin Board</a>"; }

 

else {

echo "ERROR";

}

 

mysql_close();

?>

Link to comment
Share on other sites

On an unrelated note, never trust $_FILES['file']['type']. It's provided by the client and can be tampered with.

 

Anyway, right now, the database query is inside the else coming after if ($_FILES["file"]["error"] > 0). You should move the database stuff completely out of this if block:

if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 2000000))

 

Also, wrap your code in PHP code tags.

Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.