Page 1 of 1

Users upload images in form

Posted: Thu Feb 24, 2011 2:24 pm
by merchhaus
I am building an ecommerce type website where users can post their own products to sell. So far everything works with sellers posting products and pages to view the products and seller info. Where I am running into trouble is with images. I need to add in the ability to add an image for the product into the (currently working) form for adding a product and I need it to be tied to the product id.(prod_id). You can check out the site at www.merchanthaus.com to see what I am doing.

Here is the form part of the page:

Start of the form with 3 dynamic dependent drop-downs

Code: Select all

echo "<form method=post name=f1 action='$PHP_SELF' enctype=multipart/form-data>";

//////////        Starting of first drop downlist /////////
echo "<select name='cat' onchange=\"reload(this.form)\"><option value=''>Select Category</option>";
while($noticia2 = mysql_fetch_array($catquer)) { 
if($noticia2['cat_id']==@$cat){echo "<option selected value='$noticia2[cat_id]'>$noticia2[category]</option>"."<BR>";}
else{echo  "<option value='$noticia2[cat_id]'>$noticia2[category]</option>";}
}
echo "</select>";
//////////////////  This will end the first drop down list ///////////
?>
  <br>
  <br>
<?php

//////////        Starting of second drop downlist /////////
echo "<select name='subcat' onchange=\"reload3(this.form)\"><option value=''>Select Subcategory</option>";
while($noticia = mysql_fetch_array($subcatquer)) { 
if($noticia['subcat_id']==@$subcat){echo "<option selected value='$noticia[subcat_id]'>$noticia[subcategory]</option>"."<BR>";}
else{echo  "<option value='$noticia[subcat_id]'>$noticia[subcategory]</option>";}
}
echo "</select>";
//////////////////  This will end the second drop down list ///////////
?>
  <br>
  <br>
<?php

//////////        Starting of third drop downlist /////////
echo "<select name='prod_type'><option value=''>Select Product Type</option>";
while($noticia3 = mysql_fetch_array($prodtypequer)) { 
{echo "<option value='$noticia3[type_id]'>$noticia3[product_type]</option>";}
}
echo "</select>";
//////////////////  This will end the third drop down list ///////////
?>
Rest of the form including the image upload:

Code: Select all

 <br>
  <br>
  <label for="prod_name">*Product Name:</label><br>
  <input type="text" name="prod_name" size="40" value="<?php echo $prod_name; ?>"/>
  <br>
  <br>
  <label for="short_desc">*Short product description:</label><br>
  <input type="text" name="short_desc" size="40" value="<?php echo $short_desc; ?>"/>
  <br>
  <br>
  <label for="long_desc">*Long product description:</label><br>
  <textarea rows="10" cols="30" name="long_desc" value="<?php echo $long_desc; ?>"></textarea>
  <br>
  <br>
  <label for="avail_date">Available Date:<label><br>
  <input type="text" name="avail_date" size="40" value="<?php echo $avail_date; ?>"/>
  <p>or lead time to sellers distribution center.</p>
  <br>
  <label for="country_origin">Country Manufactured In:</label><br>
  <input type="text" name="country_origin" size="40" value="<?php echo $country_origin; ?>"/>
  <br>
  <label for="photo">Product Image:</label><br>
  <input type="file" name="photo" id="photo">
  <p>* is required</p>

<br>
<br>

<input type="submit" name="submit" value="Post Item"/>
</form>
And now for the background php starting after connecting to the database:

Code: Select all

function sql_safe($s)
{    
        if (get_magic_quotes_gpc())        
                $s = stripslashes($s);    
                
                return mysql_real_escape_string($s);
}

//filter incoming values
$cat = (isset($_POST['cat'])) ? trim($_POST['cat']) : '';
$subcat = (isset($_POST['subcat'])) ? $_POST['subcat'] : '';
$prod_type = (isset($_POST['prod_type'])) ? trim($_POST['prod_type']) : '';
$prod_name = (isset($_POST['prod_name'])) ? trim($_POST['prod_name']) : '';
$short_desc = (isset($_POST['short_desc'])) ? trim($_POST['short_desc']) : '';
$long_desc = (isset($_POST['long_desc'])) ? trim($_POST['long_desc']) : '';
$avail_date = (isset($_POST['avail_date'])) ? trim($_POST['avail_date']) : '';
$country_origin = (isset($_POST['country_origin'])) ? trim($_POST['country_origin']) : '';
$user_id = $_SESSION['user_id'];
$username = $_SESSION['username'];
$file = $_FILES['image']['tmp_name'];
$image = addslashes(file_get_contents($_FILES['image']['tmp_name']));
$image_name = addslashes($_FILES['image']['name']);
$image_size = getimagesize($_FILES['image']['tmp_name']);
        
if (isset($_POST['submit']) && $_POST['submit'] == 'Post Item') {
        
        $errors = array();
        
        //make sure manditory fields have been entered
        if (empty($prod_name)) {
                $errors[] = 'Product Name cannot be blank.';
        }
        
        //32 check if product name is already registered
        $query = 'SELECT prod_name FROM product WHERE prod_name = "' .
                $prod_name . '"';
        $result = mysql_query($query, $db) or die(mysql_error());
        if (mysql_num_rows($result) > 0) {
                $errors[] = 'A product named ' . $prod_name . ' has already been posted.';
                $prod_name = '';
} 

mysql_free_result($result);

if (empty($short_desc)) {
        $errors[] = 'Short Description cannot be blank.';
}
if (empty($long_desc)) {
        $errors[] = 'Long Description cannot be blank.';
}
if (empty($avail_date)) {
        $errors[] = 'Availibility Date cannot be blank.';
}
if (empty($country_origin)) {
        $errors[] = 'Country of Origin cannot be blank.';
}
if($image_size==FALSE) {
        $errors[] = 'Image must be selected.';
}

if(count($errors) > 0) {
        echo '<p><strong style="color:#FF000;">Unable to process your ' .
                'item.</strong></p>';
        echo '<p>Please fix the following:</p>';
        echo '<ul>';
        foreach ($errors as $error) {
                echo '<li>' . $error . '</li>';
        }
        echo '</ul>';
                
} else {
        //65 No errors so enter the information into the database.
        
        $query = 'INSERT INTO prod_cat
                        (prod_id, cat, subcat, prod_type)
                VALUES
                        (NULL, "' . mysql_real_escape_string($cat, $db) . '", ' .
                        '"' . mysql_real_escape_string($subcat, $db) . '", ' .
                        '"' . mysql_real_escape_string($prod_type, $db) . '")';
                $result = mysql_query($query, $db) or die(mysql_error());
                
                $prod_id  = mysql_insert_id($db);
                
                $query = 'INSERT INTO product
                                (prod_id, prod_name, short_desc, long_desc, avail_date, country_origin)
                        VALUES
                           (' . $prod_id . ', ' .
                                '"' . mysql_real_escape_string($prod_name, $db)  . '", ' .
                                '"' . mysql_real_escape_string($short_desc, $db)  . '", ' .
                                '"' . mysql_real_escape_string($long_desc, $db)  . '", ' .
                                '"' . mysql_real_escape_string($avail_date, $db)  . '", ' .
                                '"' . mysql_real_escape_string($country_origin, $db)  . '")';
                $result = mysql_query($query, $db) or die(mysql_error());
                
                $query = 'INSERT INTO user_product
                        (user_id, prod_id)
                VALUES
                        (' . $user_id . ', ' . $prod_id . ')';
                $result = mysql_query($query, $db) or die(mysql_error());       
        
                $query = 'INSERT INTO images 
                        (id, image_name, image_time, image, prod_id)
                VALUES 
                        (NULL,' . $image_name . ',NULL,' . $image . ', ' . $prod_id . ')';
                        $result = mysql_query($query, $db) or die(mysql_error());       

                $_SESSION['logged'] = 1;
                $_SESSION['username'] = $username;
                
                header('Refresh: 5; URL=user.php');

?>
I've looked at about a hundred forums, blogs, and tutorials and cannot figure this out. If I absolutely have to then I'm gonna make the user upload the image later, but I really don't want to do that. If anyone has a suggestion for a better way to do this I'm all ears.

Thanks,
merchhaus