A JM Posted November 15, 2013 Share Posted November 15, 2013 I'm trying to prevent a user from posting unless they attach a file and seem to be mentally blocked at the moment and struggling to figure this out. I could use some help or suggestions on how to accomplish this... all and any would be appreciated... $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } //******************************************************************************************************************************************* //******************************************************************************************************************************************* if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { //Get user ID from users selection of user_company mysql_select_db($database_makerdbconn, $makerdbconn); $query_rstopenusers = "SELECT userid FROM users WHERE name = '" . $_POST['maker_company'] . "'"; $rstopenusers = mysql_query($query_rstopenusers, $makerdbconn) or die(mysql_error()); $row_rstopenusers = mysql_fetch_assoc($rstopenusers); $user_ID = $row_rstopenusers['userid']; $insertSQL = sprintf("INSERT INTO invoicecue (maker_name, maker_company, maker_street1, maker_street2, maker_city, maker_state, maker_zipa, maker_phone, maker_email, maker_invoicenum, invoice_doc_folder, ins_name, ins_street1, ins_street2, ins_city, data_id, chk_new, user_id, new_timestamp) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, now())", GetSQLValueString($_POST['maker_name'], "text"), GetSQLValueString($_POST['maker_company'], "text"), GetSQLValueString($_POST['maker_street1'], "text"), GetSQLValueString($_POST['maker_street2'], "text"), GetSQLValueString($_POST['maker_city'], "text"), GetSQLValueString($_POST['maker_state'], "text"), GetSQLValueString($_POST['maker_zipa'], "text"), GetSQLValueString($_POST['maker_phone'], "text"), GetSQLValueString($_POST['maker_email'], "text"), GetSQLValueString($_POST['maker_invoicenum'], "text"), GetSQLValueString(sprintf("%07d",$row_LastinvoiceNum + 1), "text"), GetSQLValueString($_POST['data_id'], "int"), GetSQLValueString($_POST['chk_new'], "int"), GetSQLValueString($user_ID, "int")); mysql_select_db($database_makerdbconn, $makerdbconn); $Result1 = mysql_query($insertSQL, $makerdbconn) or die(mysql_error()); //last invoice number entered pulled from mySQL $_SESSION['last_invoice'] = sprintf("%07d", mysql_insert_id()); $insertGoTo = "invoiceconfirm.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); } ?> <?php //************************************************File Save Routine************************************************************************** //******************************************************************************************************************************************* if(isset($_POST['submit'])){ //form was submitted for saving $uploaddir = "../invoices/"; // Upload directory: remember to give it write permission! $uploadfolder = sprintf("%07d",$row_LastinvoiceNum + 1); //last invoice entered from mySQL used as file name //check for a single file if (count(scandir("../jqueryupload/server/php/files/".session_id())) > 2) { //Tests for an array of files, first 2 items of array ("." , "..") s/b ignored if ($_POST['submit']) { //check for new invoice folder in ../invoices/ if (!is_dir($uploaddir . $uploadfolder)) { //does the invoice# folder exist, if not create it mkdir($uploaddir . $uploadfolder); } // Identify source and destination directories $source = "../jqueryupload/server/php/files/".session_id()."/"; $destination = $uploaddir . $uploadfolder."/"; //Create array of files $files = scandir($source); // Cycle through all source files foreach ($files as $file) { if (in_array($file, array(".",".."))) continue; // If we copied this successfully, mark it for deletion if (copy($source.$file, $destination.$file)) { //file(s) successfully copied } else { echo "Error while uploading the file, Please contact the webmaster."; } } } else { // upload button was not pressed header("Location: invoiceroot.php"); } } else { // user did not select a file to upload echo "Please select a file to upload."; } } ?> Thanks. AJM, Link to comment https://forums.phpfreaks.com/topic/283924-need-help-stopping-a-form-from-posting-if-no-file-attached/ Share on other sites More sharing options...
jazzman1 Posted November 15, 2013 Share Posted November 15, 2013 Use javascript to disable (to be non-clickable) the submit button if the attachment of the file is not present on the form, after that validate the form on the server side. Link to comment https://forums.phpfreaks.com/topic/283924-need-help-stopping-a-form-from-posting-if-no-file-attached/#findComment-1458372 Share on other sites More sharing options...
A JM Posted November 15, 2013 Author Share Posted November 15, 2013 So the selection of the files is done in an iFrame would you still approach it with Javascript? Thanks, Link to comment https://forums.phpfreaks.com/topic/283924-need-help-stopping-a-form-from-posting-if-no-file-attached/#findComment-1458471 Share on other sites More sharing options...
dalecosp Posted November 15, 2013 Share Posted November 15, 2013 Yes, probably, for UI convenience; of course, this doesn't take into account users with JS disabled/unsupported, or people with questionable intentions. So you should also check with PHP on the server-side near the top of the handler script. I'd probably check "$_FILES['userfile']['size']" for that. Link to comment https://forums.phpfreaks.com/topic/283924-need-help-stopping-a-form-from-posting-if-no-file-attached/#findComment-1458472 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.