Using server behavior to upload

[nkkrustev]

I have the following problem:

I have an insert server behavior (the one build in Dreamweaver witch is inserting new record in the database

I want to upload an image and save its filename in the database. I used is_uploaded_file and move_uploaded_file to upload it. If i use them in a separate script file the upload works fine. But when i add them to the page where insert server behavior is it wont upload. Pls help me fix it. Thx in advance.

THIS IS THE CODE:

 

<?php require_once('../Connections/connection1.php'); ?>

<?php

if (!isset($_SESSION)) {

session_start();

}

$MM_authorizedUsers = "admin";

$MM_donotCheckaccess = "false";

 

// *** Restrict Access To Page: Grant or deny access to this page

function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {

// For security, start by assuming the visitor is NOT authorized.

$isValid = False;

 

// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.

// Therefore, we know that a user is NOT logged in if that Session variable is blank.

if (!empty($UserName)) {

// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.

// Parse the strings into arrays.

$arrUsers = Explode(",", $strUsers);

$arrGroups = Explode(",", $strGroups);

if (in_array($UserName, $arrUsers)) {

$isValid = true;

}

// Or, you may restrict access to only certain users based on their username.

if (in_array($UserGroup, $arrGroups)) {

$isValid = true;

}

if (($strUsers == "") && false) {

$isValid = true;

}

}

return $isValid;

}

 

$MM_restrictGoTo = "login.php";

if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {

$MM_qsChar = "?";

$MM_referrer = $_SERVER['PHP_SELF'];

if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";

if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)

$MM_referrer .= "?" . $QUERY_STRING;

$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);

header("Location: ". $MM_restrictGoTo);

exit;

 

}

?>

 

<?php

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

 

switch ($theType) {

case "text":

$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

break;

case "long":

case "int":

$theValue = ($theValue != "") ? intval($theValue) : "NULL";

break;

case "double":

$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";

break;

case "date":

$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

break;

case "defined":

$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

break;

}

return $theValue;

}

 

$editFormAction = $_SERVER['PHP_SELF'];

if (isset($_SERVER['QUERY_STRING'])) {

$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);

}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "Promo_new")) {

 

$uploaded = is_uploaded_file($_FILES['Image']['tmp_name']);

if($uploaded == true){

echo'File uploaded to tmp directory<br>';

}

else

{

echo'File not uploaded to tmp directory!';

exit();

}

$file = $_FILES['Image']['name'];

$uploaddir = '/www/ortis28.com/www/root/Images/';

$uploadfile = $uploaddir.basename($file);

 

$tmpfile = $_FILES['Image']['tmp_name'];

 

$move = move_uploaded_file($tmpfile, $uploadfile);

if($move){

echo 'File uploaded!';

}else{

echo 'Unable to move file from tmp directory! Please check that the folder has CHMOD value of 777!';

}

 

$insertSQL = sprintf("INSERT INTO promo (title, imgfile, text, price) VALUES (%s, %s, %s, %s)",

GetSQLValueString($_POST['TITLE'], "text"),

GetSQLValueString($_FILES['Image']['name'], "text"),

GetSQLValueString($_POST['TEXT'], "text"),

GetSQLValueString($_POST['PRICE'], "text"));

 

mysql_select_db($database_connection1, $connection1);

$Result1 = mysql_query($insertSQL, $connection1) or die(mysql_error());

 

$insertGoTo = "Promotions.php";

if (isset($_SERVER['QUERY_STRING'])) {

$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

$insertGoTo .= $_SERVER['QUERY_STRING'];

}

header(sprintf("Location: %s", $insertGoTo));

}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<title>Untitled Document</title>

</head>

 

<body>

<form id="Promo_new" name="Promo_new" method="POST" action="<?php echo $editFormAction; ?>">

<table width="150" cellspacing="5">

<tr>

<td><div align="center">Заглавие</div></td>

<td><input name="TITLE" type="text" id="TITLE" /> </td>

</tr>

<tr>

<td><div align="center">Текст</div></td>

<td><textarea name="TEXT" cols="40" rows="4" wrap="virtual" id="TEXT"></textarea></td>

</tr>

<tr>

<td><div align="center">Снимка</div></td>

<td><p>

<input name="Image" type="file" id="Image"/>

</p></td>

</tr>

<tr>

<td><div align="center">Цена</div></td>

<td><input name="PRICE" type="text" id="PRICE" /></td>

</tr>

<tr>

<td><div align="left">

<input type="submit" name="Submit" value="Въведи" />

</div></td>

<td><div align="right">

<input type="reset" name="Submit22" value="Изчисти" />

</div>

</td>

</tr>

</table>

<p><input type="hidden" name="MM_insert" value="Promo_new"></p>

</form>

</body>

</html>

[morpheus.100]

Is the upload folder on the server writable?

[nkkrustev]

yes it is. If i use the same upload script separaetly it works like a blast.