My submit code does nothing???

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
cturner
Forum Contributor
Posts: 153
Joined: Sun Jul 16, 2006 3:03 am
Location: My computer

My submit code does nothing???

Post by cturner »

When I test the code that is below nothing happens. Can someone please tell me why? Thanks in advance.

Code: Select all

require "config.php";
$findphoto = mysql_real_escape_string($_FILES['findphoto']);
$photo = mysql_real_escape_string($_POST['photo']);
$id = mysql_real_escape_string($_GET['id']);
$arrErrors = array();
if (isset($_POST['btnsubmit'])) {	
	if($_FILES['findphoto']['name'] == '') {
       $arrErrors['findphoto'] = 'You did not select a photo to upload';
    }
	if ($photo == '') {
		$arrErrors['photo'] = 'Please enter a photo name and file extension that you wish to upload for this clearing sale.';
	}	
	if (count($arrErrors) == 0) {
		$query = mysql_query("SELECT `id` FROM `clearingsales` WHERE `id` = '$id'") or die("Could not query because:" .mysql_error());
		$row = mysql_fetch_assoc($query);
		$parent_id = $row['id'];
		$insert = "INSERT INTO `clearingsales_photos` (`parent_id`, `photos`) VALUES ('$parent_id', '$photo')";
		if (mysql_query ($insert)) {
			print "<strong>Photo has been added to the database. Please don't forget to upload the photos via ftp.</strong><br /><br />";
		} else {
			print "<p>Could not add the entry because: <b>" . mysql_error() . "</b>. The query was $insert.</p>";
		}
	} else {
        // The error array had something in it. There was an error.
        // Start adding error text to an error string.
        $strError = '<div class="formerror"><p>Please check the following and try again:</p><ul>';
        // Get each error and add it to the error string
        // as a list item.
        foreach ($arrErrors as $error) {
            $strError .= "<li>$error</li>";
        }
        $strError .= '</ul></div>';
	}
}
The form:

Code: Select all

<form action="<?php echo $PHP_SELF; ?>" method="get" enctype="multipart/form-data" name="attachForm" id="attachForm">
<input type="hidden" name="id" value="<?php echo $id; ?>" />
Before selecting the photo please make sure the photo size is 100 x 100 and make sure the photo's file extension is a jpg.<br /><br />
Please find the product photo then copy the file name and extension only then paste the file name in the textbox below. After you have done that you will need to upload the file via ftp.
  <p<?php if (!empty($arrErrors['findphoto'])) echo ' class="formerror"'; ?>><input type="file" name="findphoto" />
  <br />
  <p<?php if (!empty($arrErrors['photo'])) echo ' class="formerror"'; ?>><input type="text" name="photo" />
  <br />
  <input name="btnsubmit" type="submit" id="btnsubmit" value="SUBMIT" />
</form>
User avatar
louie35
Forum Contributor
Posts: 144
Joined: Fri Jan 26, 2007 8:40 am
Location: Dublin
Contact:

Post by louie35 »

the form method is set to get while your php code is looking for post. change your form from get to post like this:

Code: Select all

<form action="<?php echo $PHP_SELF; ?>" method="post" enctype="multipart/form-data" name="attachForm" id="attachForm">
and also change this in ypur php code

Code: Select all

//$id = mysql_real_escape_string($_GET['id']);
//to 
$id = mysql_real_escape_string($_POST['id']);
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Don't use PHP_SELF.

Long explanations short, it contains user input which allows someone to insert HTML into your page.
Post Reply