Jump to content

File upload with validation issue


thx967

Recommended Posts

Im using the following to upload a single image file. The form works to limit the size of the file (If the file is over 500k it won't be uploaded). However - my error handling doesn't seem to be working correctly. I've left out the code thats not associated with the image upload below for the most part.

Anyone have any ideas?

[code]<script language=javascript>
extArray = new Array(".jpg", ".jpeg",".gif");  //".png", , ".gif"
function callSave()
{
    if(!isCurrency(document.frmlisting.txtlistingprice.value)){
        alert("Price: Incorrect data");
        document.frmlisting.txtlistingprice.select();
        return;
    }
    if(isBlank(document.frmlisting.txtlistingtitle.value)){
        alert("Title is Required");
        document.frmlisting.txtlistingtitle.focus();
        return;
    }
    if(!isBlank(document.frmlisting.txtlistingimage.value)){
        if(!isValidFile(document.frmlisting.txtlistingimage.value)){
            alert("Selected file is not a vaild image type. \nPlease select "+ (extArray.join("  ").toUpperCase())+ " files. ");
            document.frmlisting.txtlistingimage.select();
            return;
        }
    }
    if(isBlank(document.frmlisting.txtlistingemail.value)){
        alert("Email is Required");
        document.frmlisting.txtlistingemail.select();
        return;

    }
    if(!isEmail(document.frmlisting.txtlistingemail.value)){
        alert("Email: Incorrect data");
        document.frmlisting.txtlistingemail.select();
        return;
    }

    document.frmlisting.action="listingsubmit.php";
    document.frmlisting.submit();
}
</script>
<FORM name="frmlisting" method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="500000">
<Input type="file" name="txtlistingimage" style="WIDTH: 275px; HEIGHT: 20px" size="39" maxlength="100">
                 <Input type=hidden name="mode" value="<?=$mode?>">
                 <input type=hidden name="l_id" value="<?=$l_id?>">
                 <input type=hidden name="c_id" value="<?=$c_id?>">
                    <input type=hidden name="cboCity" value="<?=$intcityid?>">
                    <input type=hidden name="txtpreviousimage" value="<?=$listingimage?>">
                    <input type=hidden name="txtfrmpg" value='<?=$frmpg?>'>
<input type="button" class="btn_text" value="Preview" onclick="javascript:callSave();" style="border:solid-1px; color: #333333 ">[/code]

The processor "listingsubmit.php"

[code]
if(isset($HTTP_GET_VARS['mode']))
{
    $mode =$HTTP_GET_VARS['mode'];
}
if(isset($HTTP_POST_VARS['mode']))
{
    $mode =$HTTP_POST_VARS['mode'];
}
$frmpg = $HTTP_POST_VARS['txtfrmpg']; //form vars
$dirupload = "images/listing/"; // path to the image directory

//BEGIN MODE ADD

switch ($mode){  //defined on the form and above add or edit
case "Add":
        if($HTTP_POST_FILES['txtlistingimage']['name'] == ""){
            $listing_image = "";
        }else{
            $listing_image = getfilename($HTTP_POST_FILES['txtlistingimage']['name'],1);
            copy ( $HTTP_POST_FILES['txtlistingimage']['tmp_name'],$dirupload.$listing_image)
            or $msgid=2;
        }

//-- GET SIZE OF UPLOADED IMAGE
$file = $_FILES['txtlistingimage']; //file from form
$max_size = 500000; // roughly 500K

if(filesize($file['tmp_name']) > $max_size)
  die('File size is too great.');

$img_info = getimagesize($file['tmp_name']);
if(($img_info[0] > 600) || ($img_info[1] > 600)) //bracketed each conditional
  die('Image dimensions are greater than 600px x 600px.');

if(is_uploaded_file($file['tmp_name'])){
if(move_uploaded_file($file['tmp_name'], $dirupload.$file['name'])){
   echo 'w00t!  The file was uploaded and is in '.$dirupload;
}
} else {
echo 'No file uploaded to be moved.';
}

//Begin db insert

            $strInsert="Insert into listing_master(city_id,category_id,listing_title,listing_location,listing_price,listing_text,listing_address,listing_city,listing_image,listing_email,listing_email_option,listing_contact_information,listing_date,listing_show,listing_buysell,listing_premier) values (";
        if($listing_date == ""){
            $strInsert=$strInsert . "$city,$c_id,'$listing_title','$listing_location',$listing_price,'$listing_text','$listing_address','$listing_city','$listing_image','$listing_email','$listing_emailoption','$listing_contactinfo',NULL,'$listing_show','$listing_buysell','$listing_premier')";
        }else{
               $strInsert=$strInsert . "$city,$c_id,'$listing_title','$listing_location',$listing_price,'$listing_text','$listing_address','$listing_city','$listing_image','$listing_email','$listing_emailoption','$listing_contactinfo','$listing_date','$listing_show','$listing_buysell','$listing_premier')";
        }
        $MsgId=1;
        if(!($dbResult = mysql_query($strInsert, $dbLink)))
        {
            $success = "false";
            $MsgId=2;
        }

//        $ssql = "SELECT max(listing_id) as listing_id FROM listing_master";


//        $dbResultid = mysql_query($ssql,$dbLink);
//        $rowlistid = mysql_fetch_array($dbResultid, MYSQL_ASSOC);
//        $listingid = $rowlistid['listing_id'];
        $listingid = mysql_insert_id();
          header("Location:listingpreview.php?l_id=$listingid&cityid=".$city."&c_id=$c_id&catid=$c_id&msgid=".$MsgId);
        return;
           break;

//BEGIN MODE EDIT

case "Edit":
[/code]
Link to comment
Share on other sites

I've made some changes to the code above - removed some unnecessary code and fixed some conditional. also added the remainder of the 'mode' ADD to give a clearer picture of whats going on.

I'm still not getting validation.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.