Jump to content

Form File Upload Validation Problem

psychowolvesbane

By psychowolvesbane
in PHP Coding Help

 Share

Recommended Posts

psychowolvesbane Member

psychowolvesbane

Posted
Posted

I have a simple form for uploading an image file and placing it into a image folder on my host server and the file has the same name as the text obtained from an text input field. But I don't know what is wrong with the code for the validation. I get good output for the text field but once I get to the image file any file that is uploaded (correct or not) is scanned by the first if statement and just skips to echo "6".

 

Can anyone see what is wrong here?

 

<?php
  include "connect_details.php";

  $Submit = $_POST['SubmitB'];
  $ColourName = $_POST['ColourName'];
  $ColourImage = $_FILES['ColourImage'];
  $Max_Size = $_POST['MAX_FILE_SIZE'];
  $Img_Dimensions = getimagesize($file['tmp_name']);
  $dirupload = "images/colours/";
  $NotExec = true;

  if ($_POST['SubmitB'] == "Submit")
   {
     $Valid_Form = true;
     $Valid_ColourName = true;
     $Valid_ColourImage = true;

     echo"1<br>";

     if (empty($ColourName))
     {
        ?>

        <div style="position:absolute; top:20px; left:200px; width:550px">   
          <span class="errmsg">Please Enter a Colour Name</span>
</div>

        <?php   
        $Valid_Form = false;
        $Valid_ColourName = false;

        echo"2<br>";

     }
//File upload validation here

     if (($_FILES['ColourImage']['type'] == "image/gif") && filesize($ColourImage['tmp_name']) > $Max_Size && ($Img_Dimensions[0] > 50) || ($Img_Dimensions[1] > 50))
     {
        echo"3<br>";

        if(move_uploaded_file($ColourImage['tmp_name'], $dirupload.$ColourImage['name']))
        {
        $Valid_ColourImage = false;
        echo"4<br>";
        }
        else
        {
           $Valid_ColourImage = false;
           $valid_Form = false;

           echo"5<br>";
           ?>
           <div style="position:absolute; top:40px; left:200px; width:550px">   
             <span class="errmsg">Image could not be uploaded!</span>
   </div>
           <?php
        }
     }
     else
     {
        $Valid_ColourImage = false;
        $valid_Form = false;
        ?>
        <div style="position:absolute; top:40px; left:200px; width:550px">   
          <span class="errmsg">Please Select a .gif image that is no more than 50x50 pixels or less than 10kb in size</span>
</div>
        <?php
        echo "6<br>";
     }

//File Upload validation ends here 
    
     if($Valid_Form == true && $Valid_ColourImage == true && $Valid_ColourName == true)
     { 
        echo"7<br>";

        $conn = mysql_connect($Host,$Username,$Password) or die(mysql_error());

        //Select the MySQL database

        $db = mysql_select_db($Dbname, $conn);

        $sqlNew = "INSERT INTO Colours (AvailableColours) VALUES('$ColourName')";

        $rsNew = mysql_query($sqlNew,$conn)or die('Problem with query: ' . $sqlNew . '<br />' . mysql_error());		

        if(mysql_affected_rows($conn) == "1")
        {
           $Added = true;
           $NotExec = false;
}
        elseif(mysql_affected_rows($conn) =="0")
        {
           $Added = false;
           $NotExec = true;
        ?>
           <div style="position:absolute; top:250px; left:200px; width:550px">   
           <span class="errmsg">Could not be added, <?php echo "$ColourName";?> may already exist!</span>
           </div>
        <?php
        
        }
        mysql_close($conn);

     }

   }

?>

<html>
<head>
   <title>New Product Colour Form</title>
   <link href="stylesheetCL.css" rel="stylesheet">
   <?php require('jscript.inc') ?>
   
   <?php if($NotExec == false && $Added == true)
   {
   ?>
..redirect feature goes here once complete..      
   <?php
   }
   ?>
</head>
<body>


<?php require('menu.inc') ?>

<div style="position:absolute; top:75px; left:200px; width:550px">

<span class="head3">New Product Colour Form</span>
<br>
<br>


<form method="post" enctype="multipart/form-data" action='add_product_colour_form.php'/>

<?php
if($_POST['SubmitB'] == "Submit")
{
    if($Valid_ColourName == false)
    {   
       ?>
       <span class="errmsg">! </span>
       <?php
    }

    ?>

    Colour Name: 
    <br>
    <input type="text" name="ColourName" value="<?php echo $_POST['ColourName']?>"/>

    <br>
    <br>
    
    <?php
    if($Valid_ColourImage == false)
    {
       ?>
       <span class="errmsg>"! </span>
       <?php
    }
    ?>

    Colour Image (Must be .gif image type, 50x50 pixels in dimensions and less than 10Kb in size)
    <br>
    <input type="file" name="ColourImage" value="<?php echo $_FILES['ColourImage']['tmp_name']?>"/>


    <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $_POST['MAX_FILE_SIZE']?>"/> 
    <br>
    <br>  
<?php
}
elseif($_POST['SubmitB'] != "Submit")
{
    ?>
    Colour Name: 
    <br>
    <input type="text" name="ColourName" value=""/>
    <br>
    <br>
    Colour Image (Must be .gif image type, 50x50 pixels in dimensions and less than 10Kb in size)
    <br>
    <input type="file" name="ColourImage">
    <input type="hidden" name="MAX_FILE_SIZE" value="10240"/>
    <?php    
}   
?>

<br>
<input type="submit" name="SubmitB" value="Submit"/>
</form>  

<br>
<br>
<br>
<br>
<a href="admin.php">Back to the Admin Menu</a>

</div>

</body>
</html>

Link to comment
Share on other sites
Cazrin Newbie

Cazrin

Posted
Posted

It's a problem with your if() statement I think

 

<?php

if (($_FILES['ColourImage']['type'] == "image/gif") && filesize($ColourImage['tmp_name']) > $Max_Size && ($Img_Dimensions[0] > 50) || ($Img_Dimensions[1] > 50))

?>

 

Try adding some extra brackets in to make sure:

 

<?php

if (($_FILES['ColourImage']['type'] == "image/gif") && (filesize($ColourImage['tmp_name']) > $Max_Size) && ($Img_Dimensions[0] > 50) || ($Img_Dimensions[1] > 50))

?>

Link to comment
Share on other sites
psychowolvesbane Member

psychowolvesbane

Posted
  • Author
Posted

Okay I've got that sorted out, I had the wrong dimensions I was after. Anyway I now can't upload the file properly:

 

Warning: move_uploaded_file(images/colours/White.gif) [function.move-uploaded-file]: failed to open stream: No such file or directory in /home/www/psychowolvesbane.freehostia.com/admin/add_product_colour_form.php on line 40

 

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpnaYEu7' to 'images/colours/White.gif' in /home/www/psychowolvesbane.freehostia.com/admin/add_product_colour_form.php on line 40

 

It currently is:

 

Lines 36-68

     if (($_FILES['ColourImage']['type'] == "image/gif") && (filesize($ColourImage['tmp_name']) > $Max_Size) && ($Img_Dimensions[0] <= 25) || ($Img_Dimensions[1] <= 25))
     {
        echo"3<br>";

        if(move_uploaded_file($ColourImage['tmp_name'], $dirupload.$ColourImage['name'])) //Line 40
        {
        $Valid_ColourImage = false;
        echo"4<br>";
        }
        else
        {
           $Valid_ColourImage = false;
           $valid_Form = false;

           echo"5<br>";
           ?>
           <div style="position:absolute; top:40px; left:200px; width:550px">   
             <span class="errmsg">Image could not be uploaded!</span>
   </div>
           <?php
        }
     }
     else
     {
        $Valid_ColourImage = false;
        $valid_Form = false;
        ?>
        <div style="position:absolute; top:40px; left:200px; width:550px">   
          <span class="errmsg">Please Select a .gif image that is no more than 50x50 pixels or less than 10kb in size</span>
</div>
        <?php
        echo "6<br>";
     }

 

P.S. It echoes "3".

Link to comment
Share on other sites
psychowolvesbane Member

psychowolvesbane

Posted
  • Author
Posted

Okay I have the main upload working, but now it accepts any file type regardless, it should only be .gif (not .GIF): Line 36 is the If statement responsible.

 

<?php
  include "connect_details.php";

  $Submit = $_POST['SubmitB'];
  $ColourName = $_POST['ColourName'];
  $ColourImage = $_FILES['ColourImage'];
  $Max_Size = $_POST['MAX_FILE_SIZE'];
  $Img_Dimensions = getimagesize($file['tmp_name']);
  $dirupload = "../images/colours/";
  $NotExec = true;

  if ($_POST['SubmitB'] == "Submit")
   {
     $Valid_Form = true;
     $Valid_ColourName = true;
     $Valid_ColourImage = true;

     echo"1<br>";

     if (empty($ColourName))
     {
        ?>

        <div style="position:absolute; top:20px; left:200px; width:550px">   
          <span class="errmsg">Please Enter a Colour Name</span>
</div>

        <?php   
        $Valid_Form = false;
        $Valid_ColourName = false;

        echo"2<br>";

     }
//Line 36 
     if (($_FILES['ColourImage']['type'] == "image/gif") && (filesize($ColourImage['tmp_name']) > $Max_Size) && ($Img_Dimensions[0] <= 25) || ($Img_Dimensions[1] <= 25))
     {
        echo"3<br>";

        if(move_uploaded_file($ColourImage['tmp_name'], $dirupload.$ColourName.".gif"))
        {
        $Valid_ColourImage = true;
        echo"4<br>";
        }
        else
        {
           $Valid_ColourImage = false;
           $valid_Form = false;

           echo"5<br>";
           ?>
           <div style="position:absolute; top:40px; left:200px; width:550px">   
             <span class="errmsg">Image could not be uploaded!</span>
   </div>
           <?php
        }
     }
     else
     {
        $Valid_ColourImage = false;
        $valid_Form = false;
        ?>
        <div style="position:absolute; top:40px; left:200px; width:550px">   
          <span class="errmsg">Please Select a .gif image that is no more than 25x25 pixels or less than 10kb in size</span>
</div>
        <?php
        echo "6<br>";
     }
     
     if($Valid_Form == true && $Valid_ColourImage == true && $Valid_ColourName == true)
     { 
        echo"7<br>";

        $conn = mysql_connect($Host,$Username,$Password) or die(mysql_error());

        //Select the MySQL database

        $db = mysql_select_db($Dbname, $conn);

        $sqlNew = "INSERT INTO Colours (AvailableColours) VALUES('$ColourName')";

        $rsNew = mysql_query($sqlNew,$conn)or die('Problem with query: ' . $sqlNew . '<br />' . mysql_error());		

        if(mysql_affected_rows($conn) == "1")
        {
           $Added = true;
           $NotExec = false;
}
        elseif(mysql_affected_rows($conn) =="0")
        {
           $Added = false;
           $NotExec = true;
        ?>
           <div style="position:absolute; top:20px; left:200px; width:550px">   
           <span class="errmsg">Could not be added, <?php echo "$ColourName";?> may already exist!</span>
           </div>
        <?php
        
        }
        mysql_close($conn);

     }

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.