check if file has been submitted for upload

[goatboy]

I have an upload script, and it checks for size and extension, but i just noticed that if i don't select a file and press submit, the form won't return an error but process the request and then make an entry into the database. I thought it would return an error when checking for a file extension cause it's not there.

So my question is, how do you check that a file has actually been submitted for upload.

Would i just check to see if the variable is blank, like

if($image_file == ''){ die()

 

I have a feeling the answer to this is relatively easy and I'm going to feel dumb after I realize that.

[darkfreaks]

Try

 

<?php if(!isset($submit)) { ?>

 

or

 

<?php if($_POST[submit]=="") { ?>

 

or

<?php if(empty($submit)) { ?>

[Ninjakreborn]

This can be very tricky, I have had many problems with this in the past.

If you try to do the improper type of check then the file won't show up.

THe "best" way I can think of to do this, is urge the user to "not" click on the

file area if they do not intend to upload.  Then you can check to see if the file exists when they

do an upload.  There was something specific I used in the past I just don't remember which project I had that problem

on and what I used to guarantee it worked right.

[igor berger]

Why not do a JavaScript check for value not empty before submiting.

 

Will need JS enabled to do this..

[darkfreaks]

why do it in javascript when youcan do the same thing in PHP?

[Ninjakreborn]

@igor yes that is a very valid option.  However when it comes to image uploading, you need a server type as fast.  Generally only a malicous user would be trying to insert it like that and they just have to disable javascript.

Javascript (in my opinion) so always be a first stage of "validation" but never forget to do all forms server side as well in case of malicious users (in which javascript is useless, it's only to keep the good one's staying good).

[darkfreaks]

i agree i dont use javascript in my PHP validation like businessman said most people have it disabled anyway which would be useless. 

[Ninjakreborn]

I don't believe it's useless, I just think it has it's uses.

* Prevents honest people from making honest mistakes.

* Saves server load (potential large amounts on a very traffic heavy site)

* Look's more professional than a bare (server only) form.

[igor berger]

Okay, here is a tutorial how it is done.

 

http://www.tizag.com/phpT/fileupload.php

 

Firs the file is uploaded to a temporary directory on your server and then moved to the directory where you want it to be.

 

move_uploaded_file()

 

If the upload is successful, then $move_uploaded_file returns true if the file was moved, and false if it had a problem.

 

[goatboy]

thanks for the replies, I'm going to check out that tutorial and see if I can figure it out.

 

the javascript is an option and i have that on some of my other form validations, but I agree that you also need server side checking for the malicious users, or users who happen to have it blocked, otherwise content will get through that that i'm otherwise trying to prevent.

 

so I guess this is more complicated than I thought

[Ninjakreborn]

Don't forget to mark as solved if your question has been solved.