Jump to content

[SOLVED] unable to pass $_POST variable to script?

bad_gui

By bad_gui
in PHP Coding Help

 Share

Recommended Posts

bad_gui Member

bad_gui

Posted
Posted

I'm trying to pass $file to a file upload script but I can't get it to work.

 

Here is the HTML output showing a $_POST array dump that shows the $file variable has

the value I want but it isn't passed to move_uploaded_file

 

<!-- BEGIN POST VARS -->
<!-- Array
(
    [MAX_FILE_SIZE] => 25000000
    [form_sent] => 
    [file] => BrJCancer91p1200-4.pdf
    [authors] => De Lorenzo C, Tedesco A, Terrazzano G, Cozzolino R, Laccetti P, Piccoli R, D'Alessio G
    [title] => A human, compact, fully functional anti-ErbB2 antibody as a novel antitumour agent.
    [journal] => British journal of cancer
    [date1] => 2004
    [abstract] => A new human, compact antibody was engineered by fusion of a human, antitumour ErbB2-directed scFv with a human IgG1 Fc domain. Overexpression of the ErbB2 receptor is related to tumour aggressiveness and poor prognosis. This new immunoagent meets all criteria for a potential anticancer drug: it is human, hence poorly or not immunogenic; it binds selectively and with high affinity to target cells, on which it exerts an effective and selective antiproliferative action, including both antibody-dependent and complement-dependent cytotoxicity; it effectively inhibits tumour growth in vivo. Its compact molecular size should provide for an efficient tissue penetration, yet suitable to a prolonged serum half-life.
    [category2] => Array
        (
            [0] => ErbB2
        )

)
-->
The filename is:<br>
<A HREF="index.php?action=download">Online data download from PubMed.</A>
<FORM enctype="multipart/form-data" ACTION="index.php?action=upload" METHOD="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="25000000">
<INPUT TYPE="hidden" NAME="form_sent">
<!--  This is the line I added that doesn't work  -->
<INPUT TYPE="hidden" NAME="file" VALUE= "BrJCancer91p1200-4.pdf">
<B>Important!</B> Before submission, <A HREF="index.php?action=search&select=all" TARGET="_blank">check</A>

whether the article is already in the library.
<TABLE CELLPADDING="2" CELLSPACING="1" BORDER=0>
<TR>
<TD VALIGN="top">
Add PDF:
</TD>
<TD VALIGN="top">
<INPUT TYPE="file" NAME="filename">
</TD>
</TR>
<TR>

 

However, the upload.php code gives the filename as "  "  in the database and echoed to the screen

 

<?
ini_set('display_errors','1');

echo "<!-- BEGIN POST VARS -->\n";
echo '<!-- '.dump_array($_POST)." -->\n";

function dump_array($array)
{
  $output = print_r($array, true);
  $output = str_replace('-->', '-- >', $output);
  return $output;
  }


if  ((!empty($_FILES['filename']['tmp_name']) && $_FILES['filename']['type'] == 'application/pdf') && !empty($_POST["authors"]) &&
    !empty($_POST["title"]) && !empty($_POST["date1"]) && !empty($_POST["journal"])  &&
    (!empty($_POST["category"]) || !empty($_POST["category2"])) && !empty($_POST["abstract"]) ) {

    $category = implode("|", array_merge($_POST["category"], $_POST["category2"]));
    $category = trim ($category, "|");

    $abstract = str_replace("\r\n", " ", $_POST["abstract"]);
    $title = str_replace("\r\n", " ", $_POST["title"]);
    $journal = str_replace("\r\n", " ", $_POST["journal"]);
    $authors = str_replace("\r\n", " ", $_POST["authors"]);

if (strlen($category) < 255) {

    $link = @mysql_connect($database_host, $database_user, $database_password);
    @mysql_select_db ($database_name);

    $query = "SELECT title FROM library WHERE title='$title' LIMIT 1";
    $result = mysql_query ($query);
    $rows = mysql_num_rows ($result);

if ($rows == '0') {

    $date2 = date('Y-m-d');
echo "The filename is:". $file . "<br>";

if (move_uploaded_file ($_FILES['filename']['tmp_name'], "$library_path$file")) {

    $query = "INSERT INTO library (file,authors,title,journal,category,date1,date2,abstract)
    VALUES ('$file','".mysql_real_escape_string($authors)."','$title','$journal','$category','$_POST[date1]','$date2',
            '$abstract')";
    $result = mysql_query ($query) OR die(mysql_error());

    if (!$result) {
    die ("Could not upload into database: <br />" . mysql_error());
    }
    

    if (isset($_POST["shelf"])) {

    $query = "SELECT files FROM shelves WHERE user='$_SESSION[user]' AND password='$_SESSION[password]' LIMIT 1";
    $result = mysql_query ($query);
    $files = mysql_fetch_array ($result);

    if (empty($files["files"])) {
    $file_update = $file;
    } else {
    $file_update = $files["files"].'|'.$file;
    }

    $query = "UPDATE shelves SET files='$file_update' WHERE user='$_SESSION[user]' AND password='$_SESSION[password]'";
    $result = mysql_query ($query);
    }

print '<H3 STYLE="color: red">The article was recorded successfully.</H3>';
}

} else {
print '<H3 STYLE="color: red">Error! The article is already in the library.</H3>';
}

    @mysql_close($link);

} else {
print '<H3 STYLE="color: red">The limit of 255 characters exceeded in categories.</H3>';
}

} elseif (isset($_POST["form_sent"])) {
echo '<H3 STYLE="color: red">Error! All fields in the form are mandatory.</H3>';
}
?>

<A HREF="index.php?action=download">Online data download from PubMed.</A>
<FORM enctype="multipart/form-data" ACTION="index.php?action=upload" METHOD="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="25000000">
<INPUT TYPE="hidden" NAME="form_sent">
<!--  This is the line I added that doesn't work  -->
<INPUT TYPE="hidden" NAME="file" VALUE= "<? echo $_POST["file"]; ?>">
<B>Important!</B> Before submission, <A HREF="index.php?action=search&select=all" TARGET="_blank">check</A>
whether the article is already in the library.
<TABLE CELLPADDING="2" CELLSPACING="1" BORDER=0>
<TR>
<TD VALIGN="top">
Add PDF:
</TD>
<TD VALIGN="top">
<INPUT TYPE="file" NAME="filename">
</TD>

bad_gui Member

bad_gui

Posted
  • Author
Posted

I found my mistake and now the file upload works!

 

I should have looked it over one more time rather than post my question.

 

I needed to add the line

 

    $file = $_POST["file"];

 

if  ((!empty($_FILES['filename']['tmp_name']) && $_FILES['filename']['type'] == 'application/pdf') && !empty($_POST["authors"]) &&
    !empty($_POST["title"]) && !empty($_POST["date1"]) && !empty($_POST["journal"])  &&
    (!empty($_POST["category"]) || !empty($_POST["category2"])) && !empty($_POST["abstract"]) ) {

    $category = implode("|", array_merge($_POST["category"], $_POST["category2"]));
    $category = trim ($category, "|");

    $abstract = str_replace("\r\n", " ", $_POST["abstract"]);
    $title = str_replace("\r\n", " ", $_POST["title"]);
    $journal = str_replace("\r\n", " ", $_POST["journal"]);
    $authors = str_replace("\r\n", " ", $_POST["authors"]);
    $file = $_POST["file"];

if (strlen($category) < 255) {

    $link = @mysql_connect($database_host, $database_user, $database_password);
    @mysql_select_db ($database_name);

    $query = "SELECT title FROM library WHERE title='$title' LIMIT 1";
    $result = mysql_query ($query);
    $rows = mysql_num_rows ($result);

if ($rows == '0') {

    $date2 = date('Y-m-d');
echo "The filename is:". $file . "<br>";

if (move_uploaded_file ($_FILES['filename']['tmp_name'], "$library_path$file")) {

    $query = "INSERT INTO library (file,authors,title,journal,category,date1,date2,abstract)
    VALUES ('$file','".mysql_real_escape_string($authors)."','$title','$journal','$category','$_POST[date1]','$date2',
            '$abstract')";
    $result = mysql_query ($query) OR die(mysql_error());

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.