Jump to content

File upload with validation issue

thx967

By thx967
in PHP Coding Help

 Share

Recommended Posts

thx967 Newbie

thx967

Posted
Posted
Im using the following to upload a single image file. The form works to limit the size of the file (If the file is over 500k it won't be uploaded). However - my error handling doesn't seem to be working correctly. I've left out the code thats not associated with the image upload below for the most part.

Anyone have any ideas?

[code]<script language=javascript>
extArray = new Array(".jpg", ".jpeg",".gif");  //".png", , ".gif"
function callSave()
{
    if(!isCurrency(document.frmlisting.txtlistingprice.value)){
        alert("Price: Incorrect data");
        document.frmlisting.txtlistingprice.select();
        return;
    }
    if(isBlank(document.frmlisting.txtlistingtitle.value)){
        alert("Title is Required");
        document.frmlisting.txtlistingtitle.focus();
        return;
    }
    if(!isBlank(document.frmlisting.txtlistingimage.value)){
        if(!isValidFile(document.frmlisting.txtlistingimage.value)){
            alert("Selected file is not a vaild image type. \nPlease select "+ (extArray.join("  ").toUpperCase())+ " files. ");
            document.frmlisting.txtlistingimage.select();
            return;
        }
    }
    if(isBlank(document.frmlisting.txtlistingemail.value)){
        alert("Email is Required");
        document.frmlisting.txtlistingemail.select();
        return;

    }
    if(!isEmail(document.frmlisting.txtlistingemail.value)){
        alert("Email: Incorrect data");
        document.frmlisting.txtlistingemail.select();
        return;
    }

    document.frmlisting.action="listingsubmit.php";
    document.frmlisting.submit();
}
</script>
<FORM name="frmlisting" method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="500000">
<Input type="file" name="txtlistingimage" style="WIDTH: 275px; HEIGHT: 20px" size="39" maxlength="100">
                 <Input type=hidden name="mode" value="<?=$mode?>">
                 <input type=hidden name="l_id" value="<?=$l_id?>">
                 <input type=hidden name="c_id" value="<?=$c_id?>">
                    <input type=hidden name="cboCity" value="<?=$intcityid?>">
                    <input type=hidden name="txtpreviousimage" value="<?=$listingimage?>">
                    <input type=hidden name="txtfrmpg" value='<?=$frmpg?>'>
<input type="button" class="btn_text" value="Preview" onclick="javascript:callSave();" style="border:solid-1px; color: #333333 ">[/code]

The processor "listingsubmit.php"

[code]
if(isset($HTTP_GET_VARS['mode']))
{
    $mode =$HTTP_GET_VARS['mode'];
}
if(isset($HTTP_POST_VARS['mode']))
{
    $mode =$HTTP_POST_VARS['mode'];
}
$frmpg = $HTTP_POST_VARS['txtfrmpg']; //form vars
$dirupload = "images/listing/"; // path to the image directory

//BEGIN MODE ADD

switch ($mode){  //defined on the form and above add or edit
case "Add":
        if($HTTP_POST_FILES['txtlistingimage']['name'] == ""){
            $listing_image = "";
        }else{
            $listing_image = getfilename($HTTP_POST_FILES['txtlistingimage']['name'],1);
            copy ( $HTTP_POST_FILES['txtlistingimage']['tmp_name'],$dirupload.$listing_image)
            or $msgid=2;
        }

//-- GET SIZE OF UPLOADED IMAGE
$file = $_FILES['txtlistingimage']; //file from form
$max_size = 500000; // roughly 500K

if(filesize($file['tmp_name']) > $max_size)
  die('File size is too great.');

$img_info = getimagesize($file['tmp_name']);
if(($img_info[0] > 600) || ($img_info[1] > 600)) //bracketed each conditional
  die('Image dimensions are greater than 600px x 600px.');

if(is_uploaded_file($file['tmp_name'])){
if(move_uploaded_file($file['tmp_name'], $dirupload.$file['name'])){
   echo 'w00t!  The file was uploaded and is in '.$dirupload;
}
} else {
echo 'No file uploaded to be moved.';
}

//Begin db insert

            $strInsert="Insert into listing_master(city_id,category_id,listing_title,listing_location,listing_price,listing_text,listing_address,listing_city,listing_image,listing_email,listing_email_option,listing_contact_information,listing_date,listing_show,listing_buysell,listing_premier) values (";
        if($listing_date == ""){
            $strInsert=$strInsert . "$city,$c_id,'$listing_title','$listing_location',$listing_price,'$listing_text','$listing_address','$listing_city','$listing_image','$listing_email','$listing_emailoption','$listing_contactinfo',NULL,'$listing_show','$listing_buysell','$listing_premier')";
        }else{
               $strInsert=$strInsert . "$city,$c_id,'$listing_title','$listing_location',$listing_price,'$listing_text','$listing_address','$listing_city','$listing_image','$listing_email','$listing_emailoption','$listing_contactinfo','$listing_date','$listing_show','$listing_buysell','$listing_premier')";
        }
        $MsgId=1;
        if(!($dbResult = mysql_query($strInsert, $dbLink)))
        {
            $success = "false";
            $MsgId=2;
        }

//        $ssql = "SELECT max(listing_id) as listing_id FROM listing_master";


//        $dbResultid = mysql_query($ssql,$dbLink);
//        $rowlistid = mysql_fetch_array($dbResultid, MYSQL_ASSOC);
//        $listingid = $rowlistid['listing_id'];
        $listingid = mysql_insert_id();
          header("Location:listingpreview.php?l_id=$listingid&cityid=".$city."&c_id=$c_id&catid=$c_id&msgid=".$MsgId);
        return;
           break;

//BEGIN MODE EDIT

case "Edit":
[/code]
Link to comment
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted
Is this the problams the if die echoed statement not working.

if(filesize($file['tmp_name']) > $max_size)
die('File size is too great.');

if that is the problam try them like this ok.
[code]

if(filesize($file['tmp_name']) > $max_size){
echo"File size is too great.";
exit;
}else{
what ever
}

[/code]

good luck

alter all the rest ok.

Try know ok.

code edited to test
good luck

[code]
if(isset($HTTP_GET_VARS['mode']))
{
    $mode =$HTTP_GET_VARS['mode'];
}
if(isset($HTTP_POST_VARS['mode']))
{
    $mode =$HTTP_POST_VARS['mode'];
}
$frmpg = $HTTP_POST_VARS['txtfrmpg']; //form vars
$dirupload = "images/listing/";



switch ($mode){  
case "Add":
if($HTTP_POST_FILES['txtlistingimage']['name'] == ""){
$listing_image = "";
}else{
$listing_image = getfilename($HTTP_POST_FILES['txtlistingimage']['name'],1);
copy ( $HTTP_POST_FILES['txtlistingimage']['tmp_name'],$dirupload.$listing_image)
or $msgid=2;
}


$file = $_FILES['txtlistingimage'];
$max_size = 500000; // roughly 500K

if(filesize($file['tmp_name']) > $max_size){
  "File size is too great.";
exit;
}

$img_info = getimagesize($file['tmp_name']);
if(($img_info[0] > 600) || ($img_info[1] > 600)){
"Image dimensions are greater than 600px x 600px.";
exit;
}

if(is_uploaded_file($file['tmp_name'])){
if(move_uploaded_file($file['tmp_name'], $dirupload.$file['name'])){
   echo 'w00t!  The file was uploaded and is in '.$dirupload;
}
} else {
echo 'No file uploaded to be moved.';
}



$strInsert="Insert into listing_master& #40;city_id,category_id,listing_title,listing_location,listing_price,listing_tex
t,listing_address,listing_city,listing_image,listing_email,listing_email_option,
listing_contact_information,listing_date,listing_show,listing_buysell,listing_pr
emier) values (";
if($listing_date == ""){
$strInsert=$strInsert . "$city,$c_id,'$listing_title','$listing_location',$listing_price,
'$listing_text','$listing_address','$listing_city','$listing_image','$listing_email','$listing_emailoption',
'$listing_contactinfo',NULL,'$listing_show','$listing_buysell','$listing_premier')";
}else{
               $strInsert=$strInsert . "$city,$c_id,'$listing_title','$listing_location',$listing_price,
'$listing_text','$listing_address','$listing_city','$listing_image','$listing_email','$listing_emailoption',
'$listing_contactinfo','$listing_date','$listing_show','$listing_buysell','$listing_premier')";
}
$MsgId=1;
if(!($dbResult = mysql_query($strInsert, $dbLink)))
{
$success = "false";
$MsgId=2;
}

//$ssql = "SELECT max(listing_id) as listing_id FROM listing_master";


//$dbResultid = mysql_query($ssql,$dbLink);
//$rowlistid = mysql_fetch_array($dbResultid, MYSQL_ASSOC);
//$listingid = $rowlistid['listing_id'];
$listingid = mysql_insert_id();
header("Location:listingpreview.php?l_id=$listingid&cityid=".$city."&c_id=$c_id&catid=$c_id&msgid=".$MsgId);
return;
break;



case "Edit":
[/code]
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.