Jump to content


Photo

File upload with validation issue


  • Please log in to reply
1 reply to this topic

#1 thx967

thx967
  • Members
  • Pip
  • Newbie
  • 5 posts

Posted 15 March 2006 - 09:48 PM

Im using the following to upload a single image file. The form works to limit the size of the file (If the file is over 500k it won't be uploaded). However - my error handling doesn't seem to be working correctly. I've left out the code thats not associated with the image upload below for the most part.

Anyone have any ideas?

<script language=javascript>
extArray = new Array(".jpg", ".jpeg",".gif");  //".png", , ".gif"
function callSave()
{
    if(!isCurrency(document.frmlisting.txtlistingprice.value)){
        alert("Price: Incorrect data");
        document.frmlisting.txtlistingprice.select();
        return;
    }
    if(isBlank(document.frmlisting.txtlistingtitle.value)){
        alert("Title is Required");
        document.frmlisting.txtlistingtitle.focus();
        return;
    }
    if(!isBlank(document.frmlisting.txtlistingimage.value)){
        if(!isValidFile(document.frmlisting.txtlistingimage.value)){
            alert("Selected file is not a vaild image type. \nPlease select "+ (extArray.join("  ").toUpperCase())+ " files. ");
            document.frmlisting.txtlistingimage.select();
            return;
        }
    }
    if(isBlank(document.frmlisting.txtlistingemail.value)){
        alert("Email is Required");
        document.frmlisting.txtlistingemail.select();
        return;

    }
    if(!isEmail(document.frmlisting.txtlistingemail.value)){
        alert("Email: Incorrect data");
        document.frmlisting.txtlistingemail.select();
        return;
    }

    document.frmlisting.action="listingsubmit.php";
    document.frmlisting.submit();
}
</script>
<FORM name="frmlisting" method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="500000">
<Input type="file" name="txtlistingimage" style="WIDTH: 275px; HEIGHT: 20px" size="39" maxlength="100">
                 <Input type=hidden name="mode" value="<?=$mode?>">
                 <input type=hidden name="l_id" value="<?=$l_id?>">
                 <input type=hidden name="c_id" value="<?=$c_id?>">
                    <input type=hidden name="cboCity" value="<?=$intcityid?>">
                    <input type=hidden name="txtpreviousimage" value="<?=$listingimage?>">
                    <input type=hidden name="txtfrmpg" value='<?=$frmpg?>'>
<input type="button" class="btn_text" value="Preview" onclick="javascript:callSave();" style="border:solid-1px; color: #333333 ">

The processor "listingsubmit.php"

if(isset($HTTP_GET_VARS['mode']))
{
    $mode =$HTTP_GET_VARS['mode'];
}
if(isset($HTTP_POST_VARS['mode']))
{
    $mode =$HTTP_POST_VARS['mode'];
}
$frmpg = $HTTP_POST_VARS['txtfrmpg']; //form vars
$dirupload = "images/listing/"; // path to the image directory

//BEGIN MODE ADD

switch ($mode){  //defined on the form and above add or edit
case "Add":
        if($HTTP_POST_FILES['txtlistingimage']['name'] == ""){
            $listing_image = "";
        }else{
            $listing_image = getfilename($HTTP_POST_FILES['txtlistingimage']['name'],1);
            copy ( $HTTP_POST_FILES['txtlistingimage']['tmp_name'],$dirupload.$listing_image)
            or $msgid=2;
        }

//-- GET SIZE OF UPLOADED IMAGE
$file = $_FILES['txtlistingimage']; //file from form
$max_size = 500000; // roughly 500K

if(filesize($file['tmp_name']) > $max_size)
  die('File size is too great.');

$img_info = getimagesize($file['tmp_name']);
if(($img_info[0] > 600) || ($img_info[1] > 600)) //bracketed each conditional
  die('Image dimensions are greater than 600px x 600px.');

if(is_uploaded_file($file['tmp_name'])){
if(move_uploaded_file($file['tmp_name'], $dirupload.$file['name'])){
   echo 'w00t!  The file was uploaded and is in '.$dirupload;
}
} else {
echo 'No file uploaded to be moved.';
} 

//Begin db insert

            $strInsert="Insert into listing_master(city_id,category_id,listing_title,listing_location,listing_price,listing_text,listing_address,listing_city,listing_image,listing_email,listing_email_option,listing_contact_information,listing_date,listing_show,listing_buysell,listing_premier) values (";
        if($listing_date == ""){
            $strInsert=$strInsert . "$city,$c_id,'$listing_title','$listing_location',$listing_price,'$listing_text','$listing_address','$listing_city','$listing_image','$listing_email','$listing_emailoption','$listing_contactinfo',NULL,'$listing_show','$listing_buysell','$listing_premier')";
        }else{
               $strInsert=$strInsert . "$city,$c_id,'$listing_title','$listing_location',$listing_price,'$listing_text','$listing_address','$listing_city','$listing_image','$listing_email','$listing_emailoption','$listing_contactinfo','$listing_date','$listing_show','$listing_buysell','$listing_premier')";
        }
        $MsgId=1;
        if(!($dbResult = mysql_query($strInsert, $dbLink)))
        {
            $success = "false";
            $MsgId=2;
        }

//        $ssql = "SELECT max(listing_id) as listing_id FROM listing_master";


//        $dbResultid = mysql_query($ssql,$dbLink);
//        $rowlistid = mysql_fetch_array($dbResultid, MYSQL_ASSOC);
//        $listingid = $rowlistid['listing_id'];
        $listingid = mysql_insert_id();
          header("Location:listingpreview.php?l_id=$listingid&cityid=".$city."&c_id=$c_id&catid=$c_id&msgid=".$MsgId);
        return;
           break; 

//BEGIN MODE EDIT

case "Edit":


#2 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 15 March 2006 - 11:02 PM

Is this the problams the if die echoed statement not working.

if(filesize($file['tmp_name']) > $max_size)
die('File size is too great.');

if that is the problam try them like this ok.

if(filesize($file['tmp_name']) > $max_size){
echo"File size is too great.";
exit;
}else{
what ever
}


good luck

alter all the rest ok.

Try know ok.

code edited to test
good luck

if(isset($HTTP_GET_VARS['mode']))
{
    $mode =$HTTP_GET_VARS['mode'];
}
if(isset($HTTP_POST_VARS['mode']))
{
    $mode =$HTTP_POST_VARS['mode'];
}
$frmpg = $HTTP_POST_VARS['txtfrmpg']; //form vars
$dirupload = "images/listing/"; 



switch ($mode){  
case "Add":
if($HTTP_POST_FILES['txtlistingimage']['name'] == ""){
$listing_image = "";
}else{
$listing_image = getfilename($HTTP_POST_FILES['txtlistingimage']['name'],1);
copy ( $HTTP_POST_FILES['txtlistingimage']['tmp_name'],$dirupload.$listing_image)
or $msgid=2;
}


$file = $_FILES['txtlistingimage']; 
$max_size = 500000; // roughly 500K

if(filesize($file['tmp_name']) > $max_size){
  "File size is too great.";
exit;
}

$img_info = getimagesize($file['tmp_name']);
if(($img_info[0] > 600) || ($img_info[1] > 600)){
 "Image dimensions are greater than 600px x 600px.";
exit;
}

if(is_uploaded_file($file['tmp_name'])){
if(move_uploaded_file($file['tmp_name'], $dirupload.$file['name'])){
   echo 'w00t!  The file was uploaded and is in '.$dirupload;
}
} else {
echo 'No file uploaded to be moved.';
} 



$strInsert="Insert into listing_master& #40;city_id,category_id,listing_title,listing_location,listing_price,listing_tex
t,listing_address,listing_city,listing_image,listing_email,listing_email_option,
listing_contact_information,listing_date,listing_show,listing_buysell,listing_pr
emier) values (";
if($listing_date == ""){
$strInsert=$strInsert . "$city,$c_id,'$listing_title','$listing_location',$listing_price,
'$listing_text','$listing_address','$listing_city','$listing_image','$listing_email','$listing_emailoption',
'$listing_contactinfo',NULL,'$listing_show','$listing_buysell','$listing_premier')";
}else{
               $strInsert=$strInsert . "$city,$c_id,'$listing_title','$listing_location',$listing_price,
'$listing_text','$listing_address','$listing_city','$listing_image','$listing_email','$listing_emailoption',
'$listing_contactinfo','$listing_date','$listing_show','$listing_buysell','$listing_premier')";
}
$MsgId=1;
if(!($dbResult = mysql_query($strInsert, $dbLink)))
{
$success = "false";
$MsgId=2;
}

//$ssql = "SELECT max(listing_id) as listing_id FROM listing_master";


//$dbResultid = mysql_query($ssql,$dbLink);
//$rowlistid = mysql_fetch_array($dbResultid, MYSQL_ASSOC);
//$listingid = $rowlistid['listing_id'];
$listingid = mysql_insert_id();
 header("Location:listingpreview.php?l_id=$listingid&cityid=".$city."&c_id=$c_id&catid=$c_id&msgid=".$MsgId);
return;
break; 



case "Edit":

Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users