Jump to content

Need help stopping a form from posting if no file attached?


Recommended Posts

I'm trying to prevent a user from posting unless they attach a file and seem to be mentally blocked at the moment and struggling to figure this out. I could use some help or suggestions on how to accomplish this... all and any would be appreciated...

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
//*******************************************************************************************************************************************
//*******************************************************************************************************************************************
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {

//Get user ID from users selection of user_company
mysql_select_db($database_makerdbconn, $makerdbconn);
$query_rstopenusers = "SELECT userid FROM users WHERE name = '" . $_POST['maker_company'] . "'";
$rstopenusers = mysql_query($query_rstopenusers, $makerdbconn) or die(mysql_error());
$row_rstopenusers = mysql_fetch_assoc($rstopenusers);
$user_ID = $row_rstopenusers['userid'];

  	$insertSQL = sprintf("INSERT INTO invoicecue (maker_name, maker_company, maker_street1, maker_street2, maker_city, maker_state, maker_zipa, maker_phone, maker_email, maker_invoicenum, invoice_doc_folder, ins_name, ins_street1, ins_street2, ins_city, data_id, chk_new, user_id, new_timestamp) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, now())",
                       GetSQLValueString($_POST['maker_name'], "text"),
                       GetSQLValueString($_POST['maker_company'], "text"),
                       GetSQLValueString($_POST['maker_street1'], "text"),
                       GetSQLValueString($_POST['maker_street2'], "text"),
                       GetSQLValueString($_POST['maker_city'], "text"),
                       GetSQLValueString($_POST['maker_state'], "text"),
                       GetSQLValueString($_POST['maker_zipa'], "text"),
                       GetSQLValueString($_POST['maker_phone'], "text"),
                       GetSQLValueString($_POST['maker_email'], "text"),
                       GetSQLValueString($_POST['maker_invoicenum'], "text"),
                       GetSQLValueString(sprintf("%07d",$row_LastinvoiceNum + 1), "text"),
                       GetSQLValueString($_POST['data_id'], "int"),
                       GetSQLValueString($_POST['chk_new'], "int"),
					   GetSQLValueString($user_ID, "int"));

  mysql_select_db($database_makerdbconn, $makerdbconn);
  $Result1 = mysql_query($insertSQL, $makerdbconn) or die(mysql_error());
  //last invoice number entered pulled from mySQL
  $_SESSION['last_invoice'] = sprintf("%07d", mysql_insert_id());

  $insertGoTo = "invoiceconfirm.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}
?>

<?php
//************************************************File Save Routine**************************************************************************
//*******************************************************************************************************************************************
if(isset($_POST['submit'])){	//form was submitted for saving
	$uploaddir = "../invoices/";		// Upload directory: remember to give it write permission!
	$uploadfolder = sprintf("%07d",$row_LastinvoiceNum + 1);		//last invoice entered from mySQL used as file name

	//check for a single file
	if (count(scandir("../jqueryupload/server/php/files/".session_id())) > 2) {		//Tests for an array of files, first 2 items of array ("." , "..") s/b ignored
		if ($_POST['submit']) {

				//check for new invoice folder in ../invoices/
				if (!is_dir($uploaddir . $uploadfolder)) {	//does the invoice# folder exist, if not create it
					mkdir($uploaddir . $uploadfolder);
				}
				
				// Identify source and destination directories
				$source = "../jqueryupload/server/php/files/".session_id()."/";
				$destination = $uploaddir . $uploadfolder."/";
				//Create array of files
				$files = scandir($source);
				// Cycle through all source files
				foreach ($files as $file) {
					if (in_array($file, array(".",".."))) continue;
					// If we copied this successfully, mark it for deletion
					if (copy($source.$file, $destination.$file)) {
					//file(s) successfully copied
					} else {
					 echo "Error while uploading the file, Please contact the webmaster.";
					}
				}

		} else { // upload button was not pressed
			header("Location: invoiceroot.php");
		}
	} else { // user did not select a file to upload
		echo "Please select a file to upload.";
	}
}
?>

Thanks.

 

AJM,

Yes, probably, for UI convenience; of course, this doesn't take into account users with JS disabled/unsupported, or people with questionable intentions. So you should also check with PHP on the server-side near the top of the handler script.

 

I'd probably check "$_FILES['userfile']['size']" for that.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.