Jump to content

Posting information across multiple forms

Merdok

By Merdok
in PHP Coding Help

 Share

Recommended Posts

Merdok Member

Merdok

Posted
Posted
Ok, so I've got two forms databox.php and databox2.php, the first one contains a html form which sends its values to databox2.php this page contains an image uploader and the validation script for the data entered and then posts all of the data to the database, however it doesnt, after the image has been uploaded and it goes around again for the validation the data isnt there anymore. Here is the code:

[code]<?php
// Include the header information
include('template/header.php');
// Connect to the Database
require_once('includes/conn_AWARD.php');

//------------------------------- retrieve the posted values from the previous page and clean them--------------------------------------

function clean($input, $maxlength)

{
    $input = substr($input, 100, $maxlength);
      $input = EscapeShellCmd($input);
      return ($input);
  }

foreach($HTTP_POST_VARS as $varname => $value)

$formVars[$varname] = trim(clean($value, 100));

if (empty($showUpload))
{

  ?>
 

<h1>PLEASE UPLOAD A FRONT COVER IMAGE</h1>
<p>Please try to keep front cover sized to 200 pixels high and 130 pixels wide, they will be resized to this size anyway but they will look a lot better if this isn't required. </p>
<br />

<form action="databox2.php" method="post" enctype="multipart/form-data" name="form2">
  <table width="491" height="246" border="1" align="center">
          <tr class="head">
            <td colspan="3"><div align="center"><strong>Image Upload Form </strong></div></td>
    </tr>
          <tr class="searchbox">
            <td colspan="3">Browse a File to Up Load (File must be 1MB or less) </td>
    </tr>
          <tr class="searchbox">
            <td width="374" height="63"><input name="cover" type="file" size="50" id="cover"></td>
      <td width="101" colspan="2" rowspan="2"></td>
      </tr>
          <tr class="searchbox">
            <td><p>
              <input type="hidden" name="MAX_FILE_SIZE" value="<? echo $size_bytes; ?>">
              </p>      </tr>
  </table>

   
      <div align="center">
        <input type="submit" name="Submit" value="Submit">
  </div>
      <label></label>
</form>
 
 
<?PHP

//------------ Description -------------------------------------------------------------------------

//The Super Global Variable $_FILES is used in PHP 4.x.x.
//$_FILES['upload']['size'] ==> Get the Size of the File in Bytes.
//$_FILES['upload']['tmp_name'] ==> Returns the Temporary Name of the File.
//$_FILES['upload']['name'] ==> Returns the Actual Name of the File.
//$_FILES['upload']['type'] ==> Returns the Type of the File.

//So if I filetoupload the file 'test.doc', the $_FILES['upload']['name']
//would be 'phptut.doc' and $_FILES['upload']['type'] would be 'application/msword'.

//------------------------------------------------------------------------------------------------------

// this is the upload dir where files will go.
//Don't remove the /
//Chmod it (777)

//---------------------- Change to whatever you want.---------------------------------------------------

$upload_dir = "images/covers/"; 

//----------------------- Files less than 1MB -------------------------------------------------------------

$size_bytes = 1048576; //bytes  will be uploaded

//-------------------------Check if the directory exists or not --------------------------------------------


if (!is_dir("$upload_dir"))
{
die ("The directory <b>($upload_dir)</b> doesn't exist");
}
// ------------------ Check if the directory is writable. ---------------------------------------------------


if (!is_writeable("$upload_dir"))
{
        die ("The directory <b>($upload_dir)</b> is NOT writable, Please Chmod (777)");
}

//------------------------- Check first if a file has been selected
//------------------------- is_filetoupload_file('filename') returns true if
//------------------------- a file was filetoupload via HTTP POST. Returns false otherwise.



if (is_uploaded_file($_FILES['cover']['tmp_name']))
{

//------------------------------- Get the Size of the File -------------------------------------------------

$size = $_FILES['cover']['size'];

//----------------Make sure that $size is less than 1MB (1000000 bytes)--------------------------------------

if ($size > $size_bytes)

{
echo "File Too Large. Please try again.";
exit();
}

//-------------- $filename will hold the value of the file name submitted from the form.----------------------

$filename =  $_FILES['cover']['name'];

//--------------------- Check if file is Already EXISTS.------------------------------------------------------

if(file_exists($upload_dir.$filename))
{
  echo "The file named <b>$filename </b>already exists";
  exit();
}

//------------- Move the File to the Directory of your choice -----------------------------------------------
//--------------Move_filetoupload_file('filename','destination') Moves an filetoupload file to a new location.

if (move_uploaded_file($_FILES['cover']['tmp_name'],$upload_dir.$filename))
{

//-------------- Tell the user that the file has been filetoupload ---------------------------------------------
//
echo "File (<a href=$upload_dir$filename>$filename</a>) uploaded!";

//-- Gives the variable a value so that the upload box will not appear after validation.

$showUpload= "1";
}
//
else
{
//
//----------------------------Print error -----------------------------------------------------------------------
echo "There was a problem moving your file";
exit();

}
}
}


//---------------------------------- If doValidate has a value then the upload box will be hidden and the validation is allowed to proceed
// else
//{

//-------------------------------------------------------- INITIALISE AN ERROR STRING -------------------------------

$errorString = "";

//---------------------------------- Validation for title (not null) -----------------------------------------------------------

  if (empty($formVars["title"]))

//------------------------- TITLE CANNOT BE A NULL STRING (EMPTY) -------------------------
   
  $errorString .=
          "\n<br>The title field cannot be blank.";
 
//---------------------------------  Validation for series (not null)  ----------------------------------------------------------------

  if (empty($formVars["series"]))

//------------------------- SERIES CANNOT BE A NULL STRING (EMPTY) -------------------------------

      $errorString .=  "\n<br>The series field cannot be blank.";
 
//----------------------------------  Validation for issue number (not null)  ----------------------------------------------------------------

  if (empty($formVars["issue"]))
 
//------------------------- ISSUE CANNOT BE A NULL STRING (EMPTY) -----------------------------------

      $errorString .=
          "\n<br>The Issue number must be entered.";
 
//----------------------------------  Validation for printed year (not null)------------------------------------------------------------------------

  if (empty($formVars["printed"]))
 
//------------------------- PRINTED YEAR CANNOT BE A NULL STRING (EMPTY) ------------------------------------------

      $errorString .= "\n<br>You must enter the year of printing.";

//---------------------------------- Validation for publisher (not null) ----------------------------------------------------------

  if (empty($formVars["publisher"]))
 
//------------------------- PUBLISHER cannot BE A NULL STRING (EMPTY) -------------------------

      $errorString .= "\n<br>You must supply a publisher.";
 
//---------------------------------- Validation for cover (not null) ----------------------------------------------------------

  if (empty($formVars["cover"]))
 
//------------------------- cover BE A NULL STRING (EMPTY) -------------------------

      $errorString .= "\n<br>You must supply a cover image.";
 
 
//----------------- VALIDATION NOW FINISHED. CHECK IF THERE WERE ANY ERRORS ---------------------
//
if (!empty($errorString))
 
{

?>

<!-------------------------------------------------------------- SHOW THE USER ERRORS -------------------------------------->

<h1>Data Validation error!</h1>

<?=$errorString?>

<br>

<!-------------------------------------------------- RETURN THE USER BACK TO THE FORM ----------------------------> 

<a href="admin.php">Start Again</a> or
<a href="index.php">Return to the Home Page</a>

<!--------------------------------EXIT IF THERE IS AN ERROR IN THE CUSTOMER FORM -------------------------->

<?php 
 
      exit;
  }
else {

//--------------------------------------------------------------------- DATA IS VALID -------------------------------------------------

  if (!($dbh = @ mysql_pconnect($hostName, $username, $password)))
    die("Could not connect to database");

  if (!mysql_select_db($databaseName, $dbh))
    showerror();
 
//--------------------------------- INSERT DATA FROM USER QUERY ------------------------------------------

$title = $formVars["title"];
$series = $formVars["series"];
$issue = $formVars["issue"];
$groups = $formVars["groups"];
$printed = $formVars["printed"];
$publisher = $formVars["publisher"];
$cover = $formVars["cover"];

$query = "INSERT INTO comics(title, series, issue, groups, printed, publisher, cover)
VALUES ('$title',
  '$series',
  '$issue',
  '$groups',
  '$printed',
  '$publisher',
  '$cover')";
//------------------------------------------------- RUN THE QUERY ----------------------------------------------------------------

  if (!(@ mysql_query ($query, $dbh))) showerror(); 

//---------------------------------------------------------- CLOSE THE CONNECTION --------------------------------------------


mysql_close($dbh);

//----------------------------------------------------------- CONFIRM CUSTOMER QUERY --------------------------------------

if($query)

{

echo "<br /><h2>Thank you! <br />$title Issue No. $issue from the $series series has been entered.</h2>\n";

}
}

?>
<a href="databox.php">Add Another Comic</a> or
<a href="index.php">Return to the Home Page</a><?PHP
// Include the footer information
include('template/footer.php');
?>[/code]

I'm at my wits end now as this is due in tommorrow... also I cant see anything in that script to insert the file location into my database, is this the case or is it just written differently to the rest of the script... if so will it still work?

Thanks guys
Lyleyboy Member

Lyleyboy

Posted
Posted
Ok, Not sure if I am 100% with you but why not just use one form. i.e.

One form that contains your info as well as the image upload section

In the php file do what you need to with the data then upload the image.

Sorry If I have the wrong end of the stick
Merdok Member

Merdok

Posted
  • Author
Posted
I think I know what the problem is but i dont know how to fix it... it seems that the information is getting to the page but is overwritten by the image upload script, I basically need a way for BOTH bits of data to get to the validator at the end.
Nolongerused3921 Member

Nolongerused3921

Posted
Posted
I don't know there would be too many things going on at once, but if you want to split it up just use <input type="hidden" value="<?php print $_POST[value]; ?>" />

Would that solve your problem? Or am I completely misunderstanding you
Merdok Member

Merdok

Posted
  • Author
Posted
Yeah that appears to have worked. it put this string in the box:

http://www.webdesignhull.lincoln.ac.uk/award/databox2.php?cover=C%3A%5CDocuments+and+Settings%5CAlexander+Ward%5CMy+Documents%5CComic+Collector%5CImages%5C521GoldenLadsLassesM397_f.jpg&title=Golden+Lads+%26+Lasses+Must...&series=52+Weeks&issue=1&groups=DC_52_weeks&printed=2006&publisher=dc&Submit=Submit

Let me do a few checks as it still doesnt appear to be uploading to the DB... thanks for your help so far though!
Nolongerused3921 Member

Nolongerused3921

Posted
Posted
You can't use that for uploading files, you'd have to use a serialized array but even then there are security problems... I suggest you do the uploading last so that it doesn't need to be pushed to another form.

If you absolutely [b]have to[/b], try:
$file = serialize($_POST['file']);

Then put $file into the hidden form element... But be forewarned, there are more than likely vulnerabilities just waiting to pop up for using this method, as it lets people see your directory structure.

Oh and to get it back to an array, just do $file = unserialize($_POST['serialized_file']);
Merdok Member

Merdok

Posted
  • Author
Posted
YES!!!!!!!! THANK YOU!!! That worked like a charm!!! posted the final set to a third page which had all the validation script which worked!

The only thing is now is that the image field is not being populated, I need something on that page to tell it to put the filename (but not the path) into the $cover variable but I cant see a way to do it.
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.