Page 1 of 1

Upload Image to Folder send path to database validate form?

Posted: Thu Apr 08, 2010 3:04 pm
by lisa007
How can i validate in case user doenst upload anything to display error message nothing has been uploaded

Code: Select all


<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("admin", $con);
?>



<?php
//define a maxim size for the uploaded images in Kb
define ("MAX_SIZE","100");
//This function reads the extension of the file. It is used to determine if the file is an image by checking the extension.
function getExtension($str) {
$i = strrpos($str,".");
if (!$i) { return ""; }
$l = strlen($str) - $i;
$ext = substr($str,$i+1,$l);
return $ext;
}
//This variable is used as a flag. The value is initialized with 0 (meaning no error found) and it will be changed to 1 if an errro occures. If the error occures the file will not be uploaded.
$errors=0;
//checks if the form has been submitted
if(isset($_POST['Submit']))
{
//reads the name of the file the user submitted for uploading
$image=$_FILES['image']['name'];
//if it is not empty
if ($image)
{
//get the original name of the file from the clients machine
$filename = stripslashes($_FILES['image']['name']);
//get the extension of the file in a lower case format
$extension = getExtension($filename);
$extension = strtolower($extension);
//if it is not a known extension, we will suppose it is an error and will not upload the file, otherwize we will do more tests
if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif"))
{
//print error message
echo '<h1>Unknown extension!</h1>';
$errors=1;
}
else

if(empty($name) || $input == " "){
// code here

echo '<h1>Unknown extension!</h1>';
$errors=1;
}


else


{
//get the size of the image in bytes
//$_FILES['image']['tmp_name'] is the temporary filename of the file in which the uploaded file was stored on the server
$size=filesize($_FILES['image']['tmp_name']);
//compare the size with the maxim size we defined and print error if bigger
if ($size > MAX_SIZE*102400)
{
echo '<h1>You have exceeded the size limit!</h1>';
$errors=1;
}
//we will give an unique name, for example the time in unix time format
$image_name=time(). '.'.$extension;
//the new name will be containing the full path where will be stored (images folder)
$newname="images/".$image;




$query="INSERT INTO photos values ('$image','$user')"; //into database
mysql_query( $query );

$copied = copy($_FILES['image']['tmp_name'], $newname);

if (!$copied)
{
echo '<h1>Copy unsuccessfull!</h1>';
$errors=1;
}}}}
//If no errors registred, print the success message
if(isset($_POST['Submit']) && !$errors)
{
echo "<h1>File Uploaded Successfully! Try again!</h1>";
}



?>
<form name="newad" method="post" enctype="multipart/form-data" action="adminprocess.php">
<table>
<tr><td><input type="file" name="image"></td></tr>
<input type="hidden" name="user_id" value="$_SESSION['user_id']" />




<tr><td><input name="Submit" type="submit" value="Upload image"></td></tr>
</table>
</form>

Re: Upload Image to Folder send path to database validate fo

Posted: Thu Apr 08, 2010 9:06 pm
by Architek
I usually just check to see if the field is set or check to see if the field contents has a portion of a string... If so I simply assume something was digested by the form and echo back the file path etc. might not be the best way but I am with in a concealed LAN environment.

If you are looking to see if the file actually uploaded you could query the server via an ftp function to see if the file exists.

Code: Select all

//Begin FTP process
if (isset($filedeed)) {
       $destination_file = "/eREET/Clark/".$operationname."/".$ordernumber.".pdf";		
       $upload = ftp_put($conn_id, $destination_file, $filedeed, FTP_BINARY);	
       }
			
//Check upload status and respond
if (!$upload) { 
      echo "<h2>FTP Upload Status: <img src=\"images/check-red.png\" /></h2>";
      echo "<p>No files were uploaded either because none were selected or there was a problem connecting. <br />" ;
      echo "If you continue to have problems please contact the help desk for assistance.</p>";
      echo "<br />";
      } else {
      echo "<h2>FTP Upload Status: <img src=\"images/check-green.png\" /></h2>";
      echo "<p>The County required PDF file was uploaded successfully!</p>";
      }
Hopefully that helps.. maybe?

SS

Re: Upload Image to Folder send path to database validate fo

Posted: Fri Apr 09, 2010 3:38 am
by minorDemocritus
Architek wrote:If you are looking to see if the file actually uploaded you could query the server via an ftp function to see if the file exists.
KLUDGE ALERT! :wink:

Seriously though... that's a pretty roundabout way of doing it. Check out file_exists().

So, something like this might help:

Code: Select all

if (!file_exists($newname)) {
    echo 'Where did that file go?! It was right here a second ago!';
}
However, it appears that the script already checks that the file was uploaded. So, lisa007, I'm not really sure what the issue is. Could you provide more details on what you expect to happen, and what is actually happening (or not happening)?

Also, this is somewhat worrying...

Code: Select all

// from the form
<input type="hidden" name="user_id" value="$_SESSION['user_id']" />
// and from the script
$query="INSERT INTO photos values ('$image','$user')"; //into database
mysql_query( $query );
Of course, I don't know exactly where $user is coming from, but it seems like you're relying on a hidden form field to hold the user_id... that seems to me like it would open up a big security hole. And, $image has the filename from the user... and you're inserting that unescaped into the database... worry worry. 8O

It's good to see that you're not saving the file with a user-provided filename, at least. :mrgreen:

Re: Upload Image to Folder send path to database validate fo

Posted: Fri Apr 09, 2010 10:38 am
by Architek
KLUDGE ALERT!
I had to actually look that up... yea its how I roll but typically it gets the job done. Actually I have had issues with file exist for some reason.