Jump to content

[SOLVED] unable to pass $_POST variable to script?

bad_gui

By bad_gui
in PHP Coding Help

Recommended Posts

bad_gui Member

bad_gui

Posted
Posted

I'm trying to pass $file to a file upload script but I can't get it to work.

 

Here is the HTML output showing a $_POST array dump that shows the $file variable has

the value I want but it isn't passed to move_uploaded_file

 

<!-- BEGIN POST VARS -->
<!-- Array
(
    [MAX_FILE_SIZE] => 25000000
    [form_sent] => 
    [file] => BrJCancer91p1200-4.pdf
    [authors] => De Lorenzo C, Tedesco A, Terrazzano G, Cozzolino R, Laccetti P, Piccoli R, D'Alessio G
    [title] => A human, compact, fully functional anti-ErbB2 antibody as a novel antitumour agent.
    [journal] => British journal of cancer
    [date1] => 2004
    [abstract] => A new human, compact antibody was engineered by fusion of a human, antitumour ErbB2-directed scFv with a human IgG1 Fc domain. Overexpression of the ErbB2 receptor is related to tumour aggressiveness and poor prognosis. This new immunoagent meets all criteria for a potential anticancer drug: it is human, hence poorly or not immunogenic; it binds selectively and with high affinity to target cells, on which it exerts an effective and selective antiproliferative action, including both antibody-dependent and complement-dependent cytotoxicity; it effectively inhibits tumour growth in vivo. Its compact molecular size should provide for an efficient tissue penetration, yet suitable to a prolonged serum half-life.
    [category2] => Array
        (
            [0] => ErbB2
        )

)
-->
The filename is:<br>
<A HREF="index.php?action=download">Online data download from PubMed.</A>
<FORM enctype="multipart/form-data" ACTION="index.php?action=upload" METHOD="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="25000000">
<INPUT TYPE="hidden" NAME="form_sent">
<!--  This is the line I added that doesn't work  -->
<INPUT TYPE="hidden" NAME="file" VALUE= "BrJCancer91p1200-4.pdf">
<B>Important!</B> Before submission, <A HREF="index.php?action=search&select=all" TARGET="_blank">check</A>

whether the article is already in the library.
<TABLE CELLPADDING="2" CELLSPACING="1" BORDER=0>
<TR>
<TD VALIGN="top">
Add PDF:
</TD>
<TD VALIGN="top">
<INPUT TYPE="file" NAME="filename">
</TD>
</TR>
<TR>

 

However, the upload.php code gives the filename as "  "  in the database and echoed to the screen

 

<?
ini_set('display_errors','1');

echo "<!-- BEGIN POST VARS -->\n";
echo '<!-- '.dump_array($_POST)." -->\n";

function dump_array($array)
{
  $output = print_r($array, true);
  $output = str_replace('-->', '-- >', $output);
  return $output;
  }


if  ((!empty($_FILES['filename']['tmp_name']) && $_FILES['filename']['type'] == 'application/pdf') && !empty($_POST["authors"]) &&
    !empty($_POST["title"]) && !empty($_POST["date1"]) && !empty($_POST["journal"])  &&
    (!empty($_POST["category"]) || !empty($_POST["category2"])) && !empty($_POST["abstract"]) ) {

    $category = implode("|", array_merge($_POST["category"], $_POST["category2"]));
    $category = trim ($category, "|");

    $abstract = str_replace("\r\n", " ", $_POST["abstract"]);
    $title = str_replace("\r\n", " ", $_POST["title"]);
    $journal = str_replace("\r\n", " ", $_POST["journal"]);
    $authors = str_replace("\r\n", " ", $_POST["authors"]);

if (strlen($category) < 255) {

    $link = @mysql_connect($database_host, $database_user, $database_password);
    @mysql_select_db ($database_name);

    $query = "SELECT title FROM library WHERE title='$title' LIMIT 1";
    $result = mysql_query ($query);
    $rows = mysql_num_rows ($result);

if ($rows == '0') {

    $date2 = date('Y-m-d');
echo "The filename is:". $file . "<br>";

if (move_uploaded_file ($_FILES['filename']['tmp_name'], "$library_path$file")) {

    $query = "INSERT INTO library (file,authors,title,journal,category,date1,date2,abstract)
    VALUES ('$file','".mysql_real_escape_string($authors)."','$title','$journal','$category','$_POST[date1]','$date2',
            '$abstract')";
    $result = mysql_query ($query) OR die(mysql_error());

    if (!$result) {
    die ("Could not upload into database: <br />" . mysql_error());
    }
    

    if (isset($_POST["shelf"])) {

    $query = "SELECT files FROM shelves WHERE user='$_SESSION[user]' AND password='$_SESSION[password]' LIMIT 1";
    $result = mysql_query ($query);
    $files = mysql_fetch_array ($result);

    if (empty($files["files"])) {
    $file_update = $file;
    } else {
    $file_update = $files["files"].'|'.$file;
    }

    $query = "UPDATE shelves SET files='$file_update' WHERE user='$_SESSION[user]' AND password='$_SESSION[password]'";
    $result = mysql_query ($query);
    }

print '<H3 STYLE="color: red">The article was recorded successfully.</H3>';
}

} else {
print '<H3 STYLE="color: red">Error! The article is already in the library.</H3>';
}

    @mysql_close($link);

} else {
print '<H3 STYLE="color: red">The limit of 255 characters exceeded in categories.</H3>';
}

} elseif (isset($_POST["form_sent"])) {
echo '<H3 STYLE="color: red">Error! All fields in the form are mandatory.</H3>';
}
?>

<A HREF="index.php?action=download">Online data download from PubMed.</A>
<FORM enctype="multipart/form-data" ACTION="index.php?action=upload" METHOD="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="25000000">
<INPUT TYPE="hidden" NAME="form_sent">
<!--  This is the line I added that doesn't work  -->
<INPUT TYPE="hidden" NAME="file" VALUE= "<? echo $_POST["file"]; ?>">
<B>Important!</B> Before submission, <A HREF="index.php?action=search&select=all" TARGET="_blank">check</A>
whether the article is already in the library.
<TABLE CELLPADDING="2" CELLSPACING="1" BORDER=0>
<TR>
<TD VALIGN="top">
Add PDF:
</TD>
<TD VALIGN="top">
<INPUT TYPE="file" NAME="filename">
</TD>

bad_gui Member

bad_gui

Posted
  • Author
Posted

I found my mistake and now the file upload works!

 

I should have looked it over one more time rather than post my question.

 

I needed to add the line

 

    $file = $_POST["file"];

 

if  ((!empty($_FILES['filename']['tmp_name']) && $_FILES['filename']['type'] == 'application/pdf') && !empty($_POST["authors"]) &&
    !empty($_POST["title"]) && !empty($_POST["date1"]) && !empty($_POST["journal"])  &&
    (!empty($_POST["category"]) || !empty($_POST["category2"])) && !empty($_POST["abstract"]) ) {

    $category = implode("|", array_merge($_POST["category"], $_POST["category2"]));
    $category = trim ($category, "|");

    $abstract = str_replace("\r\n", " ", $_POST["abstract"]);
    $title = str_replace("\r\n", " ", $_POST["title"]);
    $journal = str_replace("\r\n", " ", $_POST["journal"]);
    $authors = str_replace("\r\n", " ", $_POST["authors"]);
    $file = $_POST["file"];

if (strlen($category) < 255) {

    $link = @mysql_connect($database_host, $database_user, $database_password);
    @mysql_select_db ($database_name);

    $query = "SELECT title FROM library WHERE title='$title' LIMIT 1";
    $result = mysql_query ($query);
    $rows = mysql_num_rows ($result);

if ($rows == '0') {

    $date2 = date('Y-m-d');
echo "The filename is:". $file . "<br>";

if (move_uploaded_file ($_FILES['filename']['tmp_name'], "$library_path$file")) {

    $query = "INSERT INTO library (file,authors,title,journal,category,date1,date2,abstract)
    VALUES ('$file','".mysql_real_escape_string($authors)."','$title','$journal','$category','$_POST[date1]','$date2',
            '$abstract')";
    $result = mysql_query ($query) OR die(mysql_error());

 

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.