File upload with validation issue
Posted: Sun Mar 12, 2006 9:57 pm
Im using the following to upload a single image file. The form works to limit the size of the file (If the file is over 500k it won't be uploaded). However - my error handling doesn't seem to be working correctly. I've left out the code thats not associated with the image upload below for the most part.
Anyone have any ideas?
The processor "listingsubmit.php"
Anyone have any ideas?
Code: Select all
<script language=javascript>
extArray = new Array(".jpg", ".jpeg",".gif"); //".png", , ".gif"
function callSave()
{
if(!isCurrency(document.frmlisting.txtlistingprice.value)){
alert("Price: Incorrect data");
document.frmlisting.txtlistingprice.select();
return;
}
if(isBlank(document.frmlisting.txtlistingtitle.value)){
alert("Title is Required");
document.frmlisting.txtlistingtitle.focus();
return;
}
if(!isBlank(document.frmlisting.txtlistingimage.value)){
if(!isValidFile(document.frmlisting.txtlistingimage.value)){
alert("Selected file is not a vaild image type. \nPlease select "+ (extArray.join(" ").toUpperCase())+ " files. ");
document.frmlisting.txtlistingimage.select();
return;
}
}
if(isBlank(document.frmlisting.txtlistingemail.value)){
alert("Email is Required");
document.frmlisting.txtlistingemail.select();
return;
}
if(!isEmail(document.frmlisting.txtlistingemail.value)){
alert("Email: Incorrect data");
document.frmlisting.txtlistingemail.select();
return;
}
document.frmlisting.action="listingsubmit.php";
document.frmlisting.submit();
}
</script>
<FORM name="frmlisting" method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="500000">
<Input type="file" name="txtlistingimage" style="WIDTH: 275px; HEIGHT: 20px" size="39" maxlength="100">
<Input type=hidden name="mode" value="<?=$mode?>">
<input type=hidden name="l_id" value="<?=$l_id?>">
<input type=hidden name="c_id" value="<?=$c_id?>">
<input type=hidden name="cboCity" value="<?=$intcityid?>">
<input type=hidden name="txtpreviousimage" value="<?=$listingimage?>">
<input type=hidden name="txtfrmpg" value='<?=$frmpg?>'>
<input type="button" class="btn_text" value="Preview" onclick="javascript:callSave();" style="border:solid-1px; color: #333333 ">Code: Select all
<?
include("connection.php");
$c_id = $_POST['c_id'];
$city = $_POST['cboCity'];
$l_id = $_POST['l_id'];
$listing_title = $_POST['txtlistingtitle'];
$listing_location = $_POST['txtlistinglocation'];
if(isset($_POST['txtlistingprice'])){
$listing_price = $_POST['txtlistingprice'];
}else{
$listing_price =0;
}
$listing_text = $_POST['txtlistingtext'];
$listing_address = $_POST['txtlistingaddress'];
$listing_city = $_POST['txtlistingcity'];
$listing_email = $_POST['txtlistingemail'];
$listing_emailoption = $_POST['rademailoption'];
$listing_contactinfo = $_POST['txtlistingcontactinfo'];
$listing_date = $_POST['txtlistingdate'];
$listing_show = "N";
$listing_buysell = $_POST['radfor'];
$listing_premier = $_POST['chkpremier'];
if($listing_premier=="on"){
$listing_premier = "Y";
}else{
$listing_premier = "N";
}
$listing_date = date("Y-m-d");
if(isset($_GET['mode']))
{
$mode =$_GET['mode'];
}
if(isset($_POST['mode']))
{
$mode =$_POST['mode'];
}
$frmpg = $_POST['txtfrmpg']; //form vars
$dirupload = "images/listing/"; // path to the image directory
switch ($mode){ //defined on the form and above add or edit
case "Add":
if($_FILES['txtlistingimage']['name'] == ""){
$listing_image = "";
}else{
$listing_image = getfilename($_FILES['txtlistingimage']['name'],1);
copy ( $_FILES['txtlistingimage']['tmp_name'],$dirupload.$listing_image)
or $msgid=2;
}
//-- GET SIZE OF UPLOADED IMAGE
var_dump($_FILES);
$file = $_FILES['txtlistingimage']; //file from form
$max_size = 500000; // roughly 500K
if(filesize($file['tmp_name']) > $max_size)
die('File size is too great.');
//$img_info = getimagesize($file['tmp_name']);
$img_info = getimagesize($_FILES['txtlistingimage']['tmp_name']);
if(($img_info[0] > 600) || ($img_info[1] > 600))
die('Image dimensions are greater than 600px x 600px.');
if(is_uploaded_file($file['tmp_name'])){
if(move_uploaded_file($file['tmp_name'], $dirupload.$file['name'])){
echo 'w00t! The file was uploaded and is in '.$dirupload;
}
} else {
echo 'No file uploaded to be moved.';
}
$strInsert="Insert into listing_master(city_id,category_id,listing_title,listing_location,listing_price,listing_text,listing_address,listing_city,listing_image,listing_email,listing_email_option,listing_contact_information,listing_date,listing_show,listing_buysell,listing_premier) values (";
if($listing_date == ""){
$strInsert=$strInsert . "$city,$c_id,'$listing_title','$listing_location',$listing_price,'$listing_text','$listing_address','$listing_city','$listing_image','$listing_email','$listing_emailoption','$listing_contactinfo',NULL,'$listing_show','$listing_buysell','$listing_premier')";
}else{
$strInsert=$strInsert . "$city,$c_id,'$listing_title','$listing_location',$listing_price,'$listing_text','$listing_address','$listing_city','$listing_image','$listing_email','$listing_emailoption','$listing_contactinfo','$listing_date','$listing_show','$listing_buysell','$listing_premier')";
}
$MsgId=1;
if(!($dbResult = mysql_query($strInsert, $dbLink)))
{
$success = "false";
$MsgId=2;
}
// $ssql = "SELECT max(listing_id) as listing_id FROM listing_master";
// $dbResultid = mysql_query($ssql,$dbLink);
// $rowlistid = mysql_fetch_array($dbResultid, MYSQL_ASSOC);
// $listingid = $rowlistid['listing_id'];
$listingid = mysql_insert_id();
header("Location:listingpreview.php?l_id=$listingid&cityid=".$city."&c_id=$c_id&catid=$c_id&msgid=".$MsgId);
return;
break;
//Begin Edit
case "Edit":
if($_FILES['txtlistingimage']['name'] != ""){
if ($_POST['txtpreviousimage'] != ""){
if(file_exists(realpath($dirupload.$_POST['txtpreviousimage']))){
unlink(realpath($dirupload.$_POST['txtpreviousimage']));
}
}
$listing_image = getfilename($_FILES['txtlistingimage']['name'],1);
copy ( $_FILES['txtlistingimage']['tmp_name'],$dirupload.$listing_image)
or $msgid=2;
}else{
if ($_POST['txtpreviousimage'] != ""){
$listing_image=$_POST['txtpreviousimage'];
}else{
$listing_image="";
}
}
$strEdit="Update listing_master Set ";
$strEdit=$strEdit . "city_id = " . $city . ",";
$strEdit=$strEdit . "category_id = " . $c_id . ",";
$strEdit=$strEdit . "listing_title = '" . $listing_title . "',";
$strEdit=$strEdit . "listing_location = '" . $listing_location . "',";
$strEdit=$strEdit . "listing_price = ". $listing_price .",";
$strEdit=$strEdit . "listing_text = '" . $listing_text . "',";
$strEdit=$strEdit . "listing_address = '" . $listing_address . "',";
$strEdit=$strEdit . "listing_city = '" . $listing_city . "',";
$strEdit=$strEdit . "listing_image = '" . $listing_image . "',";
$strEdit=$strEdit . "listing_email = '" . $listing_email . "',";
$strEdit=$strEdit . "listing_email_option = '" . $listing_emailoption . "',";
$strEdit=$strEdit . "listing_contact_information = '" . $listing_contactinfo . "',";
if($listing_date == ""){
$strEdit=$strEdit . "listing_date = NULL,";
}else{
$strEdit=$strEdit . "listing_date = '" . $listing_date . "',";
}
$strEdit=$strEdit . "listing_show = '" . $listing_show . "',";
$strEdit=$strEdit . "listing_buysell = '" . $listing_buysell . "',";
$strEdit=$strEdit . "listing_premier = '" . $listing_premier . "'";
$strEdit=$strEdit . " where listing_id = ". $_POST['l_id'];
//echo $strEdit;
//return;
$MsgId=1;
if(!($dbResult = mysql_query($strEdit, $dbLink)))
{
$success = "false";
$MsgId=2;
}
// header("Location:listing_list.php?cityid=".$city."&c_id=$c_id&msgid=".$MsgId);
if($frmpg==""){
header("Location:listingpreview.php?l_id=$l_id&cityid=".$city."&c_id=$c_id&catid=$c_id&msgid=".$MsgId);
}else{
header("Location:listing_publish.php?l_id=$l_id&cityid=".$city."&c_id=$c_id&catid=$c_id");
}
return;
break;
//Begin Delete
case "Delete":
?>