Jump to content

Recommended Posts

I have a simple form for uploading an image file and placing it into a image folder on my host server and the file has the same name as the text obtained from an text input field. But I don't know what is wrong with the code for the validation. I get good output for the text field but once I get to the image file any file that is uploaded (correct or not) is scanned by the first if statement and just skips to echo "6".

 

Can anyone see what is wrong here?

 

<?php
  include "connect_details.php";

  $Submit = $_POST['SubmitB'];
  $ColourName = $_POST['ColourName'];
  $ColourImage = $_FILES['ColourImage'];
  $Max_Size = $_POST['MAX_FILE_SIZE'];
  $Img_Dimensions = getimagesize($file['tmp_name']);
  $dirupload = "images/colours/";
  $NotExec = true;

  if ($_POST['SubmitB'] == "Submit")
   {
     $Valid_Form = true;
     $Valid_ColourName = true;
     $Valid_ColourImage = true;

     echo"1<br>";

     if (empty($ColourName))
     {
        ?>

        <div style="position:absolute; top:20px; left:200px; width:550px">   
          <span class="errmsg">Please Enter a Colour Name</span>
</div>

        <?php   
        $Valid_Form = false;
        $Valid_ColourName = false;

        echo"2<br>";

     }
//File upload validation here

     if (($_FILES['ColourImage']['type'] == "image/gif") && filesize($ColourImage['tmp_name']) > $Max_Size && ($Img_Dimensions[0] > 50) || ($Img_Dimensions[1] > 50))
     {
        echo"3<br>";

        if(move_uploaded_file($ColourImage['tmp_name'], $dirupload.$ColourImage['name']))
        {
        $Valid_ColourImage = false;
        echo"4<br>";
        }
        else
        {
           $Valid_ColourImage = false;
           $valid_Form = false;

           echo"5<br>";
           ?>
           <div style="position:absolute; top:40px; left:200px; width:550px">   
             <span class="errmsg">Image could not be uploaded!</span>
   </div>
           <?php
        }
     }
     else
     {
        $Valid_ColourImage = false;
        $valid_Form = false;
        ?>
        <div style="position:absolute; top:40px; left:200px; width:550px">   
          <span class="errmsg">Please Select a .gif image that is no more than 50x50 pixels or less than 10kb in size</span>
</div>
        <?php
        echo "6<br>";
     }

//File Upload validation ends here 
    
     if($Valid_Form == true && $Valid_ColourImage == true && $Valid_ColourName == true)
     { 
        echo"7<br>";

        $conn = mysql_connect($Host,$Username,$Password) or die(mysql_error());

        //Select the MySQL database

        $db = mysql_select_db($Dbname, $conn);

        $sqlNew = "INSERT INTO Colours (AvailableColours) VALUES('$ColourName')";

        $rsNew = mysql_query($sqlNew,$conn)or die('Problem with query: ' . $sqlNew . '<br />' . mysql_error());		

        if(mysql_affected_rows($conn) == "1")
        {
           $Added = true;
           $NotExec = false;
}
        elseif(mysql_affected_rows($conn) =="0")
        {
           $Added = false;
           $NotExec = true;
        ?>
           <div style="position:absolute; top:250px; left:200px; width:550px">   
           <span class="errmsg">Could not be added, <?php echo "$ColourName";?> may already exist!</span>
           </div>
        <?php
        
        }
        mysql_close($conn);

     }

   }

?>

<html>
<head>
   <title>New Product Colour Form</title>
   <link href="stylesheetCL.css" rel="stylesheet">
   <?php require('jscript.inc') ?>
   
   <?php if($NotExec == false && $Added == true)
   {
   ?>
..redirect feature goes here once complete..      
   <?php
   }
   ?>
</head>
<body>


<?php require('menu.inc') ?>

<div style="position:absolute; top:75px; left:200px; width:550px">

<span class="head3">New Product Colour Form</span>
<br>
<br>


<form method="post" enctype="multipart/form-data" action='add_product_colour_form.php'/>

<?php
if($_POST['SubmitB'] == "Submit")
{
    if($Valid_ColourName == false)
    {   
       ?>
       <span class="errmsg">! </span>
       <?php
    }

    ?>

    Colour Name: 
    <br>
    <input type="text" name="ColourName" value="<?php echo $_POST['ColourName']?>"/>

    <br>
    <br>
    
    <?php
    if($Valid_ColourImage == false)
    {
       ?>
       <span class="errmsg>"! </span>
       <?php
    }
    ?>

    Colour Image (Must be .gif image type, 50x50 pixels in dimensions and less than 10Kb in size)
    <br>
    <input type="file" name="ColourImage" value="<?php echo $_FILES['ColourImage']['tmp_name']?>"/>


    <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $_POST['MAX_FILE_SIZE']?>"/> 
    <br>
    <br>  
<?php
}
elseif($_POST['SubmitB'] != "Submit")
{
    ?>
    Colour Name: 
    <br>
    <input type="text" name="ColourName" value=""/>
    <br>
    <br>
    Colour Image (Must be .gif image type, 50x50 pixels in dimensions and less than 10Kb in size)
    <br>
    <input type="file" name="ColourImage">
    <input type="hidden" name="MAX_FILE_SIZE" value="10240"/>
    <?php    
}   
?>

<br>
<input type="submit" name="SubmitB" value="Submit"/>
</form>  

<br>
<br>
<br>
<br>
<a href="admin.php">Back to the Admin Menu</a>

</div>

</body>
</html>

Link to comment
https://forums.phpfreaks.com/topic/85064-form-file-upload-validation-problem/
Share on other sites

It's a problem with your if() statement I think

 

<?php

if (($_FILES['ColourImage']['type'] == "image/gif") && filesize($ColourImage['tmp_name']) > $Max_Size && ($Img_Dimensions[0] > 50) || ($Img_Dimensions[1] > 50))

?>

 

Try adding some extra brackets in to make sure:

 

<?php

if (($_FILES['ColourImage']['type'] == "image/gif") && (filesize($ColourImage['tmp_name']) > $Max_Size) && ($Img_Dimensions[0] > 50) || ($Img_Dimensions[1] > 50))

?>

Okay I've got that sorted out, I had the wrong dimensions I was after. Anyway I now can't upload the file properly:

 

Warning: move_uploaded_file(images/colours/White.gif) [function.move-uploaded-file]: failed to open stream: No such file or directory in /home/www/psychowolvesbane.freehostia.com/admin/add_product_colour_form.php on line 40

 

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpnaYEu7' to 'images/colours/White.gif' in /home/www/psychowolvesbane.freehostia.com/admin/add_product_colour_form.php on line 40

 

It currently is:

 

Lines 36-68

     if (($_FILES['ColourImage']['type'] == "image/gif") && (filesize($ColourImage['tmp_name']) > $Max_Size) && ($Img_Dimensions[0] <= 25) || ($Img_Dimensions[1] <= 25))
     {
        echo"3<br>";

        if(move_uploaded_file($ColourImage['tmp_name'], $dirupload.$ColourImage['name'])) //Line 40
        {
        $Valid_ColourImage = false;
        echo"4<br>";
        }
        else
        {
           $Valid_ColourImage = false;
           $valid_Form = false;

           echo"5<br>";
           ?>
           <div style="position:absolute; top:40px; left:200px; width:550px">   
             <span class="errmsg">Image could not be uploaded!</span>
   </div>
           <?php
        }
     }
     else
     {
        $Valid_ColourImage = false;
        $valid_Form = false;
        ?>
        <div style="position:absolute; top:40px; left:200px; width:550px">   
          <span class="errmsg">Please Select a .gif image that is no more than 50x50 pixels or less than 10kb in size</span>
</div>
        <?php
        echo "6<br>";
     }

 

P.S. It echoes "3".

Okay I have the main upload working, but now it accepts any file type regardless, it should only be .gif (not .GIF): Line 36 is the If statement responsible.

 

<?php
  include "connect_details.php";

  $Submit = $_POST['SubmitB'];
  $ColourName = $_POST['ColourName'];
  $ColourImage = $_FILES['ColourImage'];
  $Max_Size = $_POST['MAX_FILE_SIZE'];
  $Img_Dimensions = getimagesize($file['tmp_name']);
  $dirupload = "../images/colours/";
  $NotExec = true;

  if ($_POST['SubmitB'] == "Submit")
   {
     $Valid_Form = true;
     $Valid_ColourName = true;
     $Valid_ColourImage = true;

     echo"1<br>";

     if (empty($ColourName))
     {
        ?>

        <div style="position:absolute; top:20px; left:200px; width:550px">   
          <span class="errmsg">Please Enter a Colour Name</span>
</div>

        <?php   
        $Valid_Form = false;
        $Valid_ColourName = false;

        echo"2<br>";

     }
//Line 36 
     if (($_FILES['ColourImage']['type'] == "image/gif") && (filesize($ColourImage['tmp_name']) > $Max_Size) && ($Img_Dimensions[0] <= 25) || ($Img_Dimensions[1] <= 25))
     {
        echo"3<br>";

        if(move_uploaded_file($ColourImage['tmp_name'], $dirupload.$ColourName.".gif"))
        {
        $Valid_ColourImage = true;
        echo"4<br>";
        }
        else
        {
           $Valid_ColourImage = false;
           $valid_Form = false;

           echo"5<br>";
           ?>
           <div style="position:absolute; top:40px; left:200px; width:550px">   
             <span class="errmsg">Image could not be uploaded!</span>
   </div>
           <?php
        }
     }
     else
     {
        $Valid_ColourImage = false;
        $valid_Form = false;
        ?>
        <div style="position:absolute; top:40px; left:200px; width:550px">   
          <span class="errmsg">Please Select a .gif image that is no more than 25x25 pixels or less than 10kb in size</span>
</div>
        <?php
        echo "6<br>";
     }
     
     if($Valid_Form == true && $Valid_ColourImage == true && $Valid_ColourName == true)
     { 
        echo"7<br>";

        $conn = mysql_connect($Host,$Username,$Password) or die(mysql_error());

        //Select the MySQL database

        $db = mysql_select_db($Dbname, $conn);

        $sqlNew = "INSERT INTO Colours (AvailableColours) VALUES('$ColourName')";

        $rsNew = mysql_query($sqlNew,$conn)or die('Problem with query: ' . $sqlNew . '<br />' . mysql_error());		

        if(mysql_affected_rows($conn) == "1")
        {
           $Added = true;
           $NotExec = false;
}
        elseif(mysql_affected_rows($conn) =="0")
        {
           $Added = false;
           $NotExec = true;
        ?>
           <div style="position:absolute; top:20px; left:200px; width:550px">   
           <span class="errmsg">Could not be added, <?php echo "$ColourName";?> may already exist!</span>
           </div>
        <?php
        
        }
        mysql_close($conn);

     }

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.