Jump to content

Archived

This topic is now archived and is closed to further replies.

thx967

File upload with validation issue

Recommended Posts

Im using the following to upload a single image file. The form works to limit the size of the file (If the file is over 500k it won't be uploaded). However - my error handling doesn't seem to be working correctly. I've left out the code thats not associated with the image upload below for the most part.

Anyone have any ideas?

[code]<script language=javascript>
extArray = new Array(".jpg", ".jpeg",".gif");  //".png", , ".gif"
function callSave()
{
    if(!isCurrency(document.frmlisting.txtlistingprice.value)){
        alert("Price: Incorrect data");
        document.frmlisting.txtlistingprice.select();
        return;
    }
    if(isBlank(document.frmlisting.txtlistingtitle.value)){
        alert("Title is Required");
        document.frmlisting.txtlistingtitle.focus();
        return;
    }
    if(!isBlank(document.frmlisting.txtlistingimage.value)){
        if(!isValidFile(document.frmlisting.txtlistingimage.value)){
            alert("Selected file is not a vaild image type. \nPlease select "+ (extArray.join("  ").toUpperCase())+ " files. ");
            document.frmlisting.txtlistingimage.select();
            return;
        }
    }
    if(isBlank(document.frmlisting.txtlistingemail.value)){
        alert("Email is Required");
        document.frmlisting.txtlistingemail.select();
        return;

    }
    if(!isEmail(document.frmlisting.txtlistingemail.value)){
        alert("Email: Incorrect data");
        document.frmlisting.txtlistingemail.select();
        return;
    }

    document.frmlisting.action="listingsubmit.php";
    document.frmlisting.submit();
}
</script>
<FORM name="frmlisting" method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="500000">
<Input type="file" name="txtlistingimage" style="WIDTH: 275px; HEIGHT: 20px" size="39" maxlength="100">
                 <Input type=hidden name="mode" value="<?=$mode?>">
                 <input type=hidden name="l_id" value="<?=$l_id?>">
                 <input type=hidden name="c_id" value="<?=$c_id?>">
                    <input type=hidden name="cboCity" value="<?=$intcityid?>">
                    <input type=hidden name="txtpreviousimage" value="<?=$listingimage?>">
                    <input type=hidden name="txtfrmpg" value='<?=$frmpg?>'>
<input type="button" class="btn_text" value="Preview" onclick="javascript:callSave();" style="border:solid-1px; color: #333333 ">[/code]

The processor "listingsubmit.php"

[code]
if(isset($HTTP_GET_VARS['mode']))
{
    $mode =$HTTP_GET_VARS['mode'];
}
if(isset($HTTP_POST_VARS['mode']))
{
    $mode =$HTTP_POST_VARS['mode'];
}
$frmpg = $HTTP_POST_VARS['txtfrmpg']; //form vars
$dirupload = "images/listing/"; // path to the image directory

//BEGIN MODE ADD

switch ($mode){  //defined on the form and above add or edit
case "Add":
        if($HTTP_POST_FILES['txtlistingimage']['name'] == ""){
            $listing_image = "";
        }else{
            $listing_image = getfilename($HTTP_POST_FILES['txtlistingimage']['name'],1);
            copy ( $HTTP_POST_FILES['txtlistingimage']['tmp_name'],$dirupload.$listing_image)
            or $msgid=2;
        }

//-- GET SIZE OF UPLOADED IMAGE
$file = $_FILES['txtlistingimage']; //file from form
$max_size = 500000; // roughly 500K

if(filesize($file['tmp_name']) > $max_size)
  die('File size is too great.');

$img_info = getimagesize($file['tmp_name']);
if(($img_info[0] > 600) || ($img_info[1] > 600)) //bracketed each conditional
  die('Image dimensions are greater than 600px x 600px.');

if(is_uploaded_file($file['tmp_name'])){
if(move_uploaded_file($file['tmp_name'], $dirupload.$file['name'])){
   echo 'w00t!  The file was uploaded and is in '.$dirupload;
}
} else {
echo 'No file uploaded to be moved.';
}

//Begin db insert

            $strInsert="Insert into listing_master(city_id,category_id,listing_title,listing_location,listing_price,listing_text,listing_address,listing_city,listing_image,listing_email,listing_email_option,listing_contact_information,listing_date,listing_show,listing_buysell,listing_premier) values (";
        if($listing_date == ""){
            $strInsert=$strInsert . "$city,$c_id,'$listing_title','$listing_location',$listing_price,'$listing_text','$listing_address','$listing_city','$listing_image','$listing_email','$listing_emailoption','$listing_contactinfo',NULL,'$listing_show','$listing_buysell','$listing_premier')";
        }else{
               $strInsert=$strInsert . "$city,$c_id,'$listing_title','$listing_location',$listing_price,'$listing_text','$listing_address','$listing_city','$listing_image','$listing_email','$listing_emailoption','$listing_contactinfo','$listing_date','$listing_show','$listing_buysell','$listing_premier')";
        }
        $MsgId=1;
        if(!($dbResult = mysql_query($strInsert, $dbLink)))
        {
            $success = "false";
            $MsgId=2;
        }

//        $ssql = "SELECT max(listing_id) as listing_id FROM listing_master";


//        $dbResultid = mysql_query($ssql,$dbLink);
//        $rowlistid = mysql_fetch_array($dbResultid, MYSQL_ASSOC);
//        $listingid = $rowlistid['listing_id'];
        $listingid = mysql_insert_id();
          header("Location:listingpreview.php?l_id=$listingid&cityid=".$city."&c_id=$c_id&catid=$c_id&msgid=".$MsgId);
        return;
           break;

//BEGIN MODE EDIT

case "Edit":
[/code]

Share this post


Link to post
Share on other sites
I've made some changes to the code above - removed some unnecessary code and fixed some conditional. also added the remainder of the 'mode' ADD to give a clearer picture of whats going on.

I'm still not getting validation.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.