Merdok Posted January 22, 2007 Share Posted January 22, 2007 Ok, so I've got two forms databox.php and databox2.php, the first one contains a html form which sends its values to databox2.php this page contains an image uploader and the validation script for the data entered and then posts all of the data to the database, however it doesnt, after the image has been uploaded and it goes around again for the validation the data isnt there anymore. Here is the code:[code]<?php// Include the header informationinclude('template/header.php');// Connect to the Databaserequire_once('includes/conn_AWARD.php');//------------------------------- retrieve the posted values from the previous page and clean them--------------------------------------function clean($input, $maxlength) { $input = substr($input, 100, $maxlength); $input = EscapeShellCmd($input); return ($input); }foreach($HTTP_POST_VARS as $varname => $value)$formVars[$varname] = trim(clean($value, 100));if (empty($showUpload)) { ?> <h1>PLEASE UPLOAD A FRONT COVER IMAGE</h1><p>Please try to keep front cover sized to 200 pixels high and 130 pixels wide, they will be resized to this size anyway but they will look a lot better if this isn't required. </p><br /><form action="databox2.php" method="post" enctype="multipart/form-data" name="form2"> <table width="491" height="246" border="1" align="center"> <tr class="head"> <td colspan="3"><div align="center"><strong>Image Upload Form </strong></div></td> </tr> <tr class="searchbox"> <td colspan="3">Browse a File to Up Load (File must be 1MB or less) </td> </tr> <tr class="searchbox"> <td width="374" height="63"><input name="cover" type="file" size="50" id="cover"></td> <td width="101" colspan="2" rowspan="2"></td> </tr> <tr class="searchbox"> <td><p> <input type="hidden" name="MAX_FILE_SIZE" value="<? echo $size_bytes; ?>"> </p> </tr> </table> <div align="center"> <input type="submit" name="Submit" value="Submit"> </div> <label></label></form> <?PHP //------------ Description -------------------------------------------------------------------------//The Super Global Variable $_FILES is used in PHP 4.x.x.//$_FILES['upload']['size'] ==> Get the Size of the File in Bytes.//$_FILES['upload']['tmp_name'] ==> Returns the Temporary Name of the File.//$_FILES['upload']['name'] ==> Returns the Actual Name of the File.//$_FILES['upload']['type'] ==> Returns the Type of the File.//So if I filetoupload the file 'test.doc', the $_FILES['upload']['name']//would be 'phptut.doc' and $_FILES['upload']['type'] would be 'application/msword'.//------------------------------------------------------------------------------------------------------// this is the upload dir where files will go.//Don't remove the ///Chmod it (777)//---------------------- Change to whatever you want.---------------------------------------------------$upload_dir = "images/covers/"; //----------------------- Files less than 1MB -------------------------------------------------------------$size_bytes = 1048576; //bytes will be uploaded//-------------------------Check if the directory exists or not --------------------------------------------if (!is_dir("$upload_dir")) { die ("The directory <b>($upload_dir)</b> doesn't exist"); }// ------------------ Check if the directory is writable. ---------------------------------------------------if (!is_writeable("$upload_dir")) { die ("The directory <b>($upload_dir)</b> is NOT writable, Please Chmod (777)"); }//------------------------- Check first if a file has been selected//------------------------- is_filetoupload_file('filename') returns true if//------------------------- a file was filetoupload via HTTP POST. Returns false otherwise.if (is_uploaded_file($_FILES['cover']['tmp_name'])) {//------------------------------- Get the Size of the File ------------------------------------------------- $size = $_FILES['cover']['size'];//----------------Make sure that $size is less than 1MB (1000000 bytes)-------------------------------------- if ($size > $size_bytes) { echo "File Too Large. Please try again."; exit(); } //-------------- $filename will hold the value of the file name submitted from the form.----------------------$filename = $_FILES['cover']['name'];//--------------------- Check if file is Already EXISTS.------------------------------------------------------if(file_exists($upload_dir.$filename)) { echo "The file named <b>$filename </b>already exists"; exit(); }//------------- Move the File to the Directory of your choice -----------------------------------------------//--------------Move_filetoupload_file('filename','destination') Moves an filetoupload file to a new location.if (move_uploaded_file($_FILES['cover']['tmp_name'],$upload_dir.$filename)) {//-------------- Tell the user that the file has been filetoupload ---------------------------------------------//echo "File (<a href=$upload_dir$filename>$filename</a>) uploaded!";//-- Gives the variable a value so that the upload box will not appear after validation. $showUpload= "1";}//else{////----------------------------Print error ----------------------------------------------------------------------- echo "There was a problem moving your file"; exit();}}}//---------------------------------- If doValidate has a value then the upload box will be hidden and the validation is allowed to proceed // else//{//-------------------------------------------------------- INITIALISE AN ERROR STRING -------------------------------$errorString = "";//---------------------------------- Validation for title (not null) ----------------------------------------------------------- if (empty($formVars["title"])) //------------------------- TITLE CANNOT BE A NULL STRING (EMPTY) ------------------------- $errorString .= "\n<br>The title field cannot be blank."; //--------------------------------- Validation for series (not null) ---------------------------------------------------------------- if (empty($formVars["series"]))//------------------------- SERIES CANNOT BE A NULL STRING (EMPTY) ------------------------------- $errorString .= "\n<br>The series field cannot be blank."; //---------------------------------- Validation for issue number (not null) ---------------------------------------------------------------- if (empty($formVars["issue"])) //------------------------- ISSUE CANNOT BE A NULL STRING (EMPTY) ----------------------------------- $errorString .= "\n<br>The Issue number must be entered."; //---------------------------------- Validation for printed year (not null)------------------------------------------------------------------------ if (empty($formVars["printed"])) //------------------------- PRINTED YEAR CANNOT BE A NULL STRING (EMPTY) ------------------------------------------ $errorString .= "\n<br>You must enter the year of printing.";//---------------------------------- Validation for publisher (not null) ---------------------------------------------------------- if (empty($formVars["publisher"])) //------------------------- PUBLISHER cannot BE A NULL STRING (EMPTY) ------------------------- $errorString .= "\n<br>You must supply a publisher."; //---------------------------------- Validation for cover (not null) ---------------------------------------------------------- if (empty($formVars["cover"])) //------------------------- cover BE A NULL STRING (EMPTY) ------------------------- $errorString .= "\n<br>You must supply a cover image."; //----------------- VALIDATION NOW FINISHED. CHECK IF THERE WERE ANY ERRORS ---------------------// if (!empty($errorString)) {?><!-------------------------------------------------------------- SHOW THE USER ERRORS --------------------------------------><h1>Data Validation error!</h1><?=$errorString?><br><!-------------------------------------------------- RETURN THE USER BACK TO THE FORM ----------------------------> <a href="admin.php">Start Again</a> or<a href="index.php">Return to the Home Page</a><!--------------------------------EXIT IF THERE IS AN ERROR IN THE CUSTOMER FORM --------------------------> <?php exit; }else {//--------------------------------------------------------------------- DATA IS VALID ------------------------------------------------- if (!($dbh = @ mysql_pconnect($hostName, $username, $password))) die("Could not connect to database"); if (!mysql_select_db($databaseName, $dbh)) showerror(); //--------------------------------- INSERT DATA FROM USER QUERY ------------------------------------------$title = $formVars["title"];$series = $formVars["series"];$issue = $formVars["issue"];$groups = $formVars["groups"];$printed = $formVars["printed"];$publisher = $formVars["publisher"];$cover = $formVars["cover"];$query = "INSERT INTO comics(title, series, issue, groups, printed, publisher, cover) VALUES ('$title', '$series', '$issue', '$groups', '$printed', '$publisher', '$cover')"; //------------------------------------------------- RUN THE QUERY ---------------------------------------------------------------- if (!(@ mysql_query ($query, $dbh))) showerror(); //---------------------------------------------------------- CLOSE THE CONNECTION -------------------------------------------- mysql_close($dbh);//----------------------------------------------------------- CONFIRM CUSTOMER QUERY -------------------------------------- if($query) { echo "<br /><h2>Thank you! <br />$title Issue No. $issue from the $series series has been entered.</h2>\n"; } } ?><a href="databox.php">Add Another Comic</a> or<a href="index.php">Return to the Home Page</a><?PHP // Include the footer information include('template/footer.php');?>[/code]I'm at my wits end now as this is due in tommorrow... also I cant see anything in that script to insert the file location into my database, is this the case or is it just written differently to the rest of the script... if so will it still work?Thanks guys Quote Link to comment Share on other sites More sharing options...
Lyleyboy Posted January 22, 2007 Share Posted January 22, 2007 Ok, Not sure if I am 100% with you but why not just use one form. i.e.One form that contains your info as well as the image upload sectionIn the php file do what you need to with the data then upload the image.Sorry If I have the wrong end of the stick Quote Link to comment Share on other sites More sharing options...
Merdok Posted January 22, 2007 Author Share Posted January 22, 2007 I dont know... thats what I did first but it didnt work my lecturer told me it was because there were too many things going on, on one page and that it would be better to split it. Quote Link to comment Share on other sites More sharing options...
Merdok Posted January 22, 2007 Author Share Posted January 22, 2007 I think I know what the problem is but i dont know how to fix it... it seems that the information is getting to the page but is overwritten by the image upload script, I basically need a way for BOTH bits of data to get to the validator at the end. Quote Link to comment Share on other sites More sharing options...
Nolongerused3921 Posted January 22, 2007 Share Posted January 22, 2007 I don't know there would be too many things going on at once, but if you want to split it up just use <input type="hidden" value="<?php print $_POST[value]; ?>" />Would that solve your problem? Or am I completely misunderstanding you Quote Link to comment Share on other sites More sharing options...
Merdok Posted January 22, 2007 Author Share Posted January 22, 2007 hmmm... interesting... gimme a tic to try it. Quote Link to comment Share on other sites More sharing options...
Merdok Posted January 22, 2007 Author Share Posted January 22, 2007 Yeah that appears to have worked. it put this string in the box:http://www.webdesignhull.lincoln.ac.uk/award/databox2.php?cover=C%3A%5CDocuments+and+Settings%5CAlexander+Ward%5CMy+Documents%5CComic+Collector%5CImages%5C521GoldenLadsLassesM397_f.jpg&title=Golden+Lads+%26+Lasses+Must...&series=52+Weeks&issue=1&groups=DC_52_weeks&printed=2006&publisher=dc&Submit=SubmitLet me do a few checks as it still doesnt appear to be uploading to the DB... thanks for your help so far though! Quote Link to comment Share on other sites More sharing options...
Nolongerused3921 Posted January 22, 2007 Share Posted January 22, 2007 You can't use that for uploading files, you'd have to use a serialized array but even then there are security problems... I suggest you do the uploading last so that it doesn't need to be pushed to another form.If you absolutely [b]have to[/b], try:$file = serialize($_POST['file']);Then put $file into the hidden form element... But be forewarned, there are more than likely vulnerabilities just waiting to pop up for using this method, as it lets people see your directory structure.Oh and to get it back to an array, just do $file = unserialize($_POST['serialized_file']); Quote Link to comment Share on other sites More sharing options...
Merdok Posted January 22, 2007 Author Share Posted January 22, 2007 YES!!!!!!!! THANK YOU!!! That worked like a charm!!! posted the final set to a third page which had all the validation script which worked!The only thing is now is that the image field is not being populated, I need something on that page to tell it to put the filename (but not the path) into the $cover variable but I cant see a way to do it. Quote Link to comment Share on other sites More sharing options...
Merdok Posted January 22, 2007 Author Share Posted January 22, 2007 heh... that meant nothing to me... does that help me with the post I did after yours? If so how do I implement it in the script? Quote Link to comment Share on other sites More sharing options...
Merdok Posted January 22, 2007 Author Share Posted January 22, 2007 I've figured it out... I just needed to add this line to the end of the image upload validator:[code]$formVars["cover"] = $_FILES['cover']['name'];[/code]Thank you for all your help!!! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.