Jump to content

Form ignoring fileField


Go to solution Solved by newb1000,

Recommended Posts

The first file adds images correctly but if you want to edit the product, this form ignores the new image. It's not sending it to the file even if there is no previous image, so it's not an overwrite issue (I have other files overwriting images in the same site). It shows the temp name of the image, echoes the success message & updates the db but simply will not move that image.

<?php session_start();
	include('functions.php');
	if (verifySession(getSession(session_id())) != true) { // only returns true for role of Administrator
		header('Location: noaccess.php');
	}

dbConnect();
$success="";
$problem="";
$title="";
$author_name="";
$price="";
$pub_name="";
$description="";
$description_b="";
$fileField="";
$newname="";
$product_id="";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['getListing'])) {
	$title= mysql_real_escape_string($_POST['title']);
	$sql=mysql_query("Select * FROM product WHERE title='$title' LIMIT 1");
	while($row = mysql_fetch_array($sql)){ 
	$product_id=$row["product_id"];
	$title=$row["title"];
	$author_name=$row["author_name"];
	$price=$row["price"];
	$pub_name=$row["pub_name"];
	$description=$row["description"];
	$description_b=$row["description_b"];
	
	}
}

	if (isset($_POST['title']) && ($_POST['author_name']) && ($_POST['price']) &&($_POST['pub_name']) && ($_POST['description'])&& ($_POST['description_b'])){
{
if (isset($_POST['submit']) && (!$problem)) {
	$product_id= mysql_real_escape_string($_POST['product_id']);
	$title= mysql_real_escape_string($_POST['title']);
	$author_name = mysql_real_escape_string($_POST['author_name']);
	$price= mysql_real_escape_string($_POST['price']);
	$pub_name= mysql_real_escape_string($_POST['pub_name']);
	$description= mysql_real_escape_string($_POST['description']);
	$description_b= mysql_real_escape_string($_POST['description_b']);
	$fileField=$_FILES['fileField'];
	//$fileField=(isset($_FILES['fileField']));
	mysql_query("UPDATE product SET title='$title', author_name='$author_name', price='$price',pub_name='$pub_name', description='$description',description_b='$description_b' WHERE product_id= '$product_id'") or die (mysql_error());
		$success='Updated ' .$title. '.'; 
		if ($_FILES[$fileField]['tmp_name'] != "") {
	     //Place image in the folder 
			$product_id=mysql_insert_id();//how it tags the image in addBook, makes no difference with or w/o it here
	    	$newname = 'product' . $product_id. '.jpg';
		
	
	    move_uploaded_file($_FILES[$fileField]['tmp_name'], "product_images/$newname");
	}
}
}
}
}
//}
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit a Listing</title>

<link rel="stylesheet" type="text/css" href=".././project.css">

<link rel="icon" type="image/png" href="https://<snip>/iShop/project_images/icon.png" >
<script type="text/javascript">
<!--
function MM_swapImgRestore() { //v3.0
  var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;
}
function MM_preloadImages() { //v3.0
  var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
    var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
    if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
}

function MM_findObj(n, d) { //v4.01
  var p,i,x;  if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
    d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
  if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
  for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
  if(!x && d.getElementById) x=d.getElementById(n); return x;
}

function MM_swapImage() { //v3.0
  var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
   if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
}
//-->
</script>
</head>
<body onload="MM_preloadImages('../project_images/inventory_down.png')">

<?php include('header.php');?>
<?php include('.././footer.php');?>
<div id="pageContent">
<p align = "center"><a href="index.php"><img src="../project_images/admin.png" width="609" height="71" alt="Admin Panel" /></a></p>
<br />
<div id="addBook">
<form action="<?php htmlentities($_SERVER['PHP_SELF']) ?>" enctype="multipart/form-data" name="editBook" class="addBook_bg" method="post">
    <a href="seeBooks.php" onmouseout="MM_swapImgRestore()" onmouseover="MM_swapImage('Inventory','','../project_images/inventory_down.png',1)"><img src="../project_images/inventory.png" alt="Inventory" name="Inventory" width="336" height="86" border="0" id="Inventory" /></a>
    <h2>    Edit a Listing</h2><br/><br/>
    <?php //echo $book; ?>
    <table width="90%" border="0" cellspacing="0" cellpadding="6">
      <tr>
        <td width="20%" align="right">Title</td>
        <td width="80%">
          <input name="title" type="text" id="title" size="30" maxlength="100" class="form_input"  value="<?php echo $title; ?>" /><input type="submit" name="getListing" id="getListing"  value="Get Listing" /><br/><?php if(isset($_POST['submit'])) { $title=preg_replace('#[^a-z0-9?!-: (),]#i','',$_POST['title']); if($title =="" ){  echo '<span class="warning"></span>Please enter a title.</span>'; $problem = TRUE;}} ?>
       </td>
      </tr>
      <tr>
        <td align="right">Author</td>
        <td>         
          <input name="author_name" type="text" id="author_name" size="30" maxlength="80"  class="form_input" value="<?php echo $author_name; ?>"/><?php if(isset($_POST['submit'])) { $author_name=preg_replace('#[^a-z ]#i','',$_POST['author_name']); if($author_name =="" ){  echo '<span class="warning"></span>Please enter the author.</span>'; $problem = TRUE;}} ?>
       </td>
      </tr>    
      <tr>
        <td align="right">Price</td>
       
           <td><input type="text" name="price" id="price"  size="30" maxlength="7" class="form_input" value="<?php echo $price; ?>" /><?php if(isset($_POST['submit'])) { $price=preg_replace('#[^0-9.]#i','',$_POST['price']); if($price =="" ){  echo '<span class="warning"></span>Please enter the price.</span>'; $problem = TRUE;}} ?>
        </td>
      </tr>
       <tr>
        <td align="right">Publisher</td>
       
           <td><input type="text" name="pub_name" id="pub_name"  size="30" maxlength="80" class="form_input" value="<?php echo $pub_name; ?>" /><?php if(isset($_POST['submit'])) { $pub_name=preg_replace('#[^a-z0-9?!-: (),]#i','',$_POST['pub_name']); if($pub_name =="" ){  echo '<span class="warning"></span>Please enter the publisher.</span>'; $problem = TRUE;}} ?>
        </td>
      </tr>
      <tr>
        <td align="right">Description</td>
        <td>          
          <textarea name="description" type="text" id="description" cols="40" rows="6" maxlength="250" class="text_box" /><?php echo $description; ?></textarea><br/><?php if(isset($_POST['submit'])) { $description=preg_replace('#[^a-z0-9?!-: (),]#i','',$_POST['description']); if($description =="" ){  echo '<span class="warning"></span>Please enter the description.</span>'; $problem = TRUE;}} ?>
        </td>
      </tr>
        <tr>
        <td align="right">Detail</td>
        <td>          
          <textarea name="description_b" type="text" id="description_b" cols="40" rows="6" maxlength="250" class="text_box" /><?php echo $description_b; ?></textarea><br/><?php if(isset($_POST['submit'])) { $description_b=preg_replace('#[^a-z0-9?!-: (),]#i','',$_POST['description_b']); if($description_b =="" ){  echo '<span class="warning"></span>Please enter the detail.</span>'; $problem = TRUE;}} ?>
        </td>
      </tr>
      <tr>
        <td align="right">Picture</td>
        <td>
          <input type="file" name="fileField" id="fileField" />
        </td>
      </tr>      
      <tr>
        <td> </td>
        <td>
         <input name="product_id" type="hidden" value="<?php echo $product_id; ?>" />
          <input type="submit" name="submit" id="submit"  />  <input type="reset" onclick="location.reload('editBook.php');return false;"/> 
          <?php echo $success ?>
    </td>
      </tr>
    </table>
    <br/><br/>
  
    </form>
    <br /><br />
    </div>
    </div>
</body>
</html>
Edited by mac_gyver
removed domain/path info
Link to comment
https://forums.phpfreaks.com/topic/287452-form-ignoring-filefield/
Share on other sites

mysql_insert_id() is only valid after an INSERT query, otherwise it is a zero or maybe a null/false.

 

you would need to use the $product_id that is being passed via the hidden form field.

 

also, your login check logic is not secure as all anyone would need to do is ignore the header() redirect and they can freely access your page. you need an exit; statement after the header() redirect to prevent execution of the rest of the code on that page.

Thank you for the quick response, I commented out the insert & it's still not moving that image. (Also thanks for the exit tip, added that.)

 

I should add that I have gotten a product0.jpg in the destination folder occasionally while testing but I can't seem to recreate the process that gives that result.

Edited by newb1000
 
  Updated Test Book.
Array(    [fileField] => Array        (            [name] => littleblackbook.jpg            [type] => image/jpeg            [tmp_name] => /home/phptmp/uploads/phpLo3D9S            [error] => 0            [size] => 23124        ))

Although when I looked in phptmp/uploads it wasn't there & nothing new is in the product_images folder.

Sorry, had a debug copy running in the background & forgot to look. Trying a new upload gives me this for your print:

 

Array
(
[fileField] => Array
(
[name] => littleblackbook.jpg
[type] => image/jpeg
[tmp_name] => /home/phptmp/uploads/phpKMWjDL
[error] => 0
=> 23124
)

)

 

And throws this:

 

Notice: Undefined offset: 1 in /editBook.php on line 52

 

(which disappears if I don't use the $fileField variable & just go with ['fileField'])

Edited by newb1000
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.