Jump to content

Recommended Posts

I'm new to php and i have a html form with 2 forms and 2 submit buttons, 1 of the forms is solely for uploading an image i downloaded the php script as i don't understand the code well enough to write it myself.

The second form asks for your name and email then when you click submit it writes a new html file with the included information. I have managed to upload a file successfully and write the html document with the information successfully but i can't get the image to write into the html document.

My file_upload.php script contains the variable for the image name, now how would i get the variable string from file_upload.php and use that name in compile.php.

Here's my code.
--------------
Form.html
--------------

<!DOCTYPE html>
<html lang="en">
  <head>
    <title></title>
    </head>
    <body>
    
    <form action="compile.php" method="post">
    <p>input name:<input type="text" name="name"/></p><br />
    <p>email:<input type="text" name="email" /></p><br />
    </form>
    <br />
    <form enctype="multipart/form-data" method="post" action="file_upload.php">
    Choose your file here:
    <input name="file1" type="file" /><br /><br />
    <input type="submit" value="Upload It" />
    </form>

  </body>
</html>

-------------
compile.php
-------------

<?php
$name = $_POST['name'];
$price = $_POST['price'];
$desc = $_POST['desc'];
$file = "new.html";
$handle = fopen($file,'w');
$data = "<!DOCTYPE html>
<html>
  <head>
    <title></title>
        </head>
  <body>
<table style='border-radius:8px;'>
<tr>
<td style='border-radius:8px;'>
<h1>$name</h1>
</td>
</tr>
</table>
<table>
<tr>
<td>
<ul>
    <lh>Product name: $name</lh>
    <br><br>
    <li>Price: $price</li><br>
    <li>Description: $desc</li><br>
</ul>
</td>
<td>
<img src='uploads/$fileName' width='' height='' alt='' title='' />
</td>
</tr>
</table>

  </body>
</html>";
fwrite($handle, $data);
print "data written";
fclose($handle);

?>


------------
file_upload.php
------------

<?php
// Set local PHP vars from the POST vars sent from our form using the array
// of data that the $_FILES global variable contains for this uploaded file
$fileName = $_FILES["file1"]["name"]; // The file name
$fileTmpLoc = $_FILES["file1"]["tmp_name"]; // File in the PHP tmp folder
$fileType = $_FILES["file1"]["type"]; // The type of file it is
$fileSize = $_FILES["file1"]["size"]; // File size in bytes
$fileErrorMsg = $_FILES["file1"]["error"]; // 0 for false... and 1 for true

// Specific Error Handling if you need to run error checking
if (!$fileTmpLoc) { // if file not chosen
    echo "ERROR: Please browse for a file before clicking the upload button.";
    exit();
} else if($fileSize > 5000000000) { // if file is larger than we want to allow
    echo "ERROR: Your file was larger than 5mb in file size.";
    unlink($fileTmpLoc);
    exit();
} else if (!preg_match("/.(gif|jpg|png)$/i", $fileName) ) {
     // This condition is only if you wish to allow uploading of specific file types    
     echo "ERROR: Your image was not .gif, .jpg, or .png.";
     unlink($fileTmpLoc);
     exit();
}
// Place it into your "uploads" folder mow using the move_uploaded_file() function
move_uploaded_file($fileTmpLoc, "uploads/$fileName");
// Check to make sure the uploaded file is in place where you want it
if (!file_exists("uploads/$fileName")) {
    echo "ERROR: File not uploaded<br /><br />";
    echo "Check folder permissions on the target uploads folder is 0755 or looser.<br /><br />";
    echo "Check that your php.ini settings are set to allow over 2 MB files, they are 2MB by default.";
    exit();
}
// Display things to the page so you can see what is happening for testing purposes
echo "The file named <strong>$fileName</strong> uploaded successfuly.<br /><br />";
echo "It is <strong>$fileSize</strong> bytes in size.<br /><br />";
echo "It is a <strong>$fileType</strong> type of file.<br /><br />";
echo "The Error Message output for this upload is: <br />$fileErrorMsg";


?>

I am not the best at php, so there is probably a better way than this to do it, but, why don't you combine the 2 forms into one and also file_upload.php and combine.php into one. That way you can use the variable $file right into you combine script.

 

no?

 

Either that or if you were needing the $file variable again, put it in a session of for Permanent storage into a database.

Edited by ericburnard

Hi,

 

First, please use Code Block for code in your posts.

 

Little lost with the question... See if I can work it out.

 

Your trying to get the name of the file FROM 'file_upload.php' TO 'compile.php'  ???

 

I think the structure / process seems a little wrong... few ways you could do this:

  1. Use a (include) for 'file_upload.php' into the 'compile.php' or reverse.
  2. Run the form from one file to the next ie: Form.html -> file_upload.php -> compile.php.
  3. Put the code of the two files in one file and collect your variables that way.

And I am sure there are many other ways.

 

Hope this helps, or at least helps with the question.

 

Good luck.

 

 

 

 

Hey yeah my codes a bit all over the place and my knowledge of php is next to nothing.

 

I appreciate the help but i could'nt get my head around it so i've gone off course and included this code into the file_upload.php.

$file1 = "temp.php";
$handle1 = fopen($file1,'w');
$data1 = "<?php 

\$gh = $fileName;

?>";
fwrite($handle1, $data1);
fclose($handle1);

which writes out a temp.php.

<?php 

$gh = 0001.jpg;

?>

and now in my compile.php ive added.

include 'temp.php';

so i've managed to move the variable name to another php file but now i'm getting a string error when i submit my form and it's to do with the jpeg extension in temp.php.

 

this is the error.

Parse error: syntax error, unexpected 'jpg' (T_STRING) in ..\temp.php on line 3

 

how would i solve this please, i know it's probably very simple but i can't find anything.

Do you realize that you've just allowed the whole world to place and run arbitrary PHP scripts on your server?

 

Since you happily drop the user-provided file name into your generated PHP script, anybody can inject any PHP code they want. And then you run it. This is pretty much the worst-case scenario. This is what every server administrator is afraid of.

 

I understand that you're new to PHP, but one thing you need to learn as early as possible is that you must not trust the user input. The Internet is full of script kiddies and actual criminals who would love to take over your server. Your webhoster will hopefully jump in if your machine goes berzerk and starts to flood innocent e-mail accounts with spam. But at that point, you've already caused damage, and they won't be happy about it.

 

So if you write code and plan to actually upload it, please think about the consequences. It's also not be the best idea to download and run random PHP scripts without understanding what they do. What if they're harmlful? I mean, you wouldn't run unknown “.exe” files, right?

 

My suggestion would be that you take a week or so and actually learn how file uploads work and how to get them secure. Then write your own code. Copy and paste sucks, and most people who upload their stuff to those code-for-free websites have no idea what they're doing.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.