Page 1 of 1

modify image/data upload page to redirect to receive page?

Posted: Fri Aug 24, 2007 6:49 pm
by cybergirl
Hello,

I have an image/data upload page that I would really like to retrieve a redirect page that shows pass or failure. I just need to know how to modify the load.php page and then how to create the receive page that states if it passed or failed.

so here's what I got for the load.php page:

Code: Select all

<?php
include 'config.php';
include 'opendb.php';
?>

<?php

define("DEBUG", False); //Chane to true to show debug info again

if(isset($_REQUEST['action'])) {
      $action = $_REQUEST['action'];
} else {
      die("Please do not access this page directly - use the upload image form!");
}

$uploadDir = "/home/dtours3/public_html/tours/tourimages/"; //Folder to upload files to. don't forget to add the trailing slash!


//We'll do the MySQL Bit first, to get an ID back...


$title =           isset($_REQUEST['title'])?          $_REQUEST['title']:"";
$company =         isset($_REQUEST['company'])?        $_REQUEST['company']:"";
$contact_info =    isset($_REQUEST['contact_info'])?   $_REQUEST['contact_info']:"";
$feature_num =     isset($_REQUEST['feature_num'])?    $_REQUEST['feature_num']:"";
$category =        isset($_REQUEST['category'])?       $_REQUEST['category']:"";
$desc =            isset($_REQUEST['desc'])?           $_REQUEST['desc']:"";


// Write ourselves a function to format variables for inserting into MySQL
function MySQLFormatVariable($variable) {
      if($variable == "") {
            return "NULL";
      } else {
            return "'" . mysql_real_escape_string($variable) . "'";
      }
}




$query = "
  INSERT into tours (
                  title,
                  company,
                  contact_info,
                  feature_num,
                  category,
                  `desc`,
                  `tourimage01`,
                  `tourimage02`,
                  `tourimage03`,
                  `tourimage04`,
                  `tourimage05`,
                  `tourimage01thumb`,
                  `tourimage02thumb`,
                  `tourimage03thumb`,
                  `tourimage04thumb`,
                  `tourimage05thumb`,
                  logo
) VALUES(
                  " . MySQLFormatVariable($title) . ",
                  " . MySQLFormatVariable($company) . ",
                  " . MySQLFormatVariable($contact_info) . ",
                  " . MySQLFormatVariable($feature_num) . ",
                  " . MySQLFormatVariable($category) . ",
                  " . MySQLFormatVariable($desc) . ",
                  " . MySQLFormatVariable($_FILES['images']['name'][0]) . ",
                  " . MySQLFormatVariable($_FILES['images']['name'][1]) . ",
                  " . MySQLFormatVariable($_FILES['images']['name'][2]) . ",
                  " . MySQLFormatVariable($_FILES['images']['name'][3]) . ",
                  " . MySQLFormatVariable($_FILES['images']['name'][4]) . ",
                  " . MySQLFormatVariable($_FILES['images']['name'][5]) . ",
                  " . MySQLFormatVariable($_FILES['images']['name'][6]) . ",
                  " . MySQLFormatVariable($_FILES['images']['name'][7]) . ",
                  " . MySQLFormatVariable($_FILES['images']['name'][8]) . ",
                  " . MySQLFormatVariable($_FILES['images']['name'][9]) . ",
                  " . MySQLFormatVariable($_FILES['logo']['name']) . "
)";


print "<PRE>" . $query ."</PRE>"; //DEBUG ONLY, comment out before use!


$result = mysql_query($query);


if (!$result) {
    $message  = 'Database Query Failed! Error information shown below:<BR><BR>Invalid query: ' . mysql_error() . "<BR>";
    $message .= 'Whole query: ' . nl2br($query);
    die($message);
}

$recordID = mysql_insert_id();
if(DEBUG){print "tourid: " . $recordID;}
if(DEBUG){print "<PRE>" . print_r($_FILES, true) ."</PRE>";}


//loop hrough images, move them to uplaod directory
while(list($key,$value) = each($_FILES['images']['name'])) {
      if(!empty($value)) {                   //(Only handle files that have been populated, ignore empty boxes)
            if(DEBUG){print "Handling: " . $value . "<BR>";}
            $filename = $uploadDir  .  $value;

                  $type=$_FILES['images']['type'][$key];
                  if(
                        $type == "image/jpeg" ||
                        $type == "image/png" ||
                        $type == "image/gif" ||
                        $type == "image/wbmp"
                  ) {
                        if(DEBUG){print "Atttemping Copy ($filename)...";}
                        $res = copy($_FILES['images']['tmp_name'][$key], $filename); //  move the file from the temp folder to our upload folder
                        if(DEBUG){if($res) {print "OK";}else{print "Failed";}}
                        if(DEBUG){print "<BR>";}
                        chmod($filename,0777);                 // set permission to the file. (Othersise, you won't be able to access through FTP under certain conditions)*/
            } else {
                        die("Sorry, an error occured whilst uploading a file: Unaccepted file type: $value ({$type}). Only the following image types are accepted:
                        <UL>
                        <LI>JPEG (.jpg)</LI>
                        <LI>Portable Network Graphics (.png)</LI>
                        <LI>Graphics Interchange Format (.gif)</LI></UL>Please go back and try again using valid image types");
            }
      }
}
//handle the logo - it's in logo not images[]
$value = $_FILES['logo']['name'];
if(!empty($value)) {
      if(DEBUG){print "Handling: " . $value . "<BR>";}
      $filename = $uploadDir  .  $value;

      copy($_FILES['logo']['tmp_name'], $filename); //  move the file from the temp folder to our upload folder
      chmod($filename,0777);                 // set permission to the file. (Othersise, you won't be able to access through FTP under certain conditions)*/
}

print "File upload completed OK. The following files have been uploaded:<BR>\n<UL>";
reset($_FILES['images']['name']);

while(list($key,$value) = each($_FILES['images']['name'])) {
      if(!empty($value)) {
            print "<LI>$value</LI>";
      }
}
print "<LI>{$_FILES['logo']['name']}</LI>\n</UL><BR>Your unique ID is: <B>$recordID</B>";


?>

it works, BUT this is an example of the junk I get on the load page:


INSERT into tours (
title,
company,
contact_info,
feature_num,
category,
`desc`,
`tourimage01`,
`tourimage02`,
`tourimage03`,
`tourimage04`,
`tourimage05`,
`tourimage01thumb`,
`tourimage02thumb`,
`tourimage03thumb`,
`tourimage04thumb`,
`tourimage05thumb`,
logo
) VALUES(
NULL,
' Aloha Waterfront Motel',
NULL,
'10',
'hotel',
'This is a Cool place to stay.',
'pool.jpg',
'rooma.jpg',
'roomb.jpg',
'roomc.jpg',
'sundeck.jpg',
'pool_th.jpg',
'rooma_th.jpg',
'roomb_th.jpg',
'roomc_th.jpg',
'sundeck_th.jpg',
'_MG_0900_th.jpg'
)


Warning: copy(/home/dtours3/public_html/tours/tourimages/pool.jpg): failed to open stream: Permission denied in /home/dtours3/public_html/load.php on line 113

Warning: chmod(): Operation not permitted in /home/dtours3/public_html/load.php on line 116

Warning: copy(/home/dtours3/public_html/tours/tourimages/rooma.jpg): failed to open stream: Permission denied in /home/dtours3/public_html/load.php on line 113

Warning: chmod(): Operation not permitted in /home/dtours3/public_html/load.php on line 116

Warning: copy(/home/dtours3/public_html/tours/tourimages/roomb.jpg): failed to open stream: Permission denied in /home/dtours3/public_html/load.php on line 113

Warning: chmod(): Operation not permitted in /home/dtours3/public_html/load.php on line 116

Warning: copy(/home/dtours3/public_html/tours/tourimages/roomc.jpg): failed to open stream: Permission denied in /home/dtours3/public_html/load.php on line 113

Warning: chmod(): Operation not permitted in /home/dtours3/public_html/load.php on line 116

Warning: copy(/home/dtours3/public_html/tours/tourimages/sundeck.jpg): failed to open stream: Permission denied in /home/dtours3/public_html/load.php on line 113

Warning: chmod(): Operation not permitted in /home/dtours3/public_html/load.php on line 116

Warning: copy(/home/dtours3/public_html/tours/tourimages/pool_th.jpg): failed to open stream: Permission denied in /home/dtours3/public_html/load.php on line 113

Warning: chmod(): Operation not permitted in /home/dtours3/public_html/load.php on line 116

Warning: copy(/home/dtours3/public_html/tours/tourimages/rooma_th.jpg): failed to open stream: Permission denied in /home/dtours3/public_html/load.php on line 113

Warning: chmod(): Operation not permitted in /home/dtours3/public_html/load.php on line 116

Warning: copy(/home/dtours3/public_html/tours/tourimages/roomb_th.jpg): failed to open stream: Permission denied in /home/dtours3/public_html/load.php on line 113

Warning: chmod(): Operation not permitted in /home/dtours3/public_html/load.php on line 116

Warning: copy(/home/dtours3/public_html/tours/tourimages/roomc_th.jpg): failed to open stream: Permission denied in /home/dtours3/public_html/load.php on line 113

Warning: chmod(): Operation not permitted in /home/dtours3/public_html/load.php on line 116

Warning: copy(/home/dtours3/public_html/tours/tourimages/sundeck_th.jpg): failed to open stream: Permission denied in /home/dtours3/public_html/load.php on line 113

Warning: chmod(): Operation not permitted in /home/dtours3/public_html/load.php on line 116
File upload completed OK. The following files have been uploaded:

* pool.jpg
* rooma.jpg
* roomb.jpg
* roomc.jpg
* sundeck.jpg
* pool_th.jpg
* rooma_th.jpg
* roomb_th.jpg
* roomc_th.jpg
* sundeck_th.jpg
* _MG_0900_th.jpg


Your unique ID is: 51

Posted: Fri Aug 24, 2007 9:56 pm
by feyd
The errors would suggest your upload directory is not writable by PHP. There are a few other things to be aware of:
  • move_uploaded_file() should always be used over copy() when initially moving/copying the temporary uploaded file to a more permanent store.
  • The type provided in $_FILES is entirely, 100%, unreliable. It is supplied by the submitting agent and not checked in the slightest by PHP. The FileInfo extension, mime_content_type() and/or getimagesize() should be used instead. Even those can be fooled, so care must be taken always.

Posted: Fri Aug 24, 2007 11:20 pm
by cybergirl
HI,

I tried the first thing you said, and it worked

Code: Select all

move_uploaded_file($_FILES['logo']['tmp_name'], $filename);
but I don't comprehend your second point. Can you please write it out for me, I don't quite get it, or where it's supposed to be.

And these will get rid of all those errors?
Warning: chmod(): Operation not permitted in /home/dtours3/public_html/load.php on line 116

Warning: copy(/home/dtours3/public_html/tours/tourimages/roomb_th.jpg): failed to open stream: Permission denied in /home/dtours3/public_html/load.php on line 113
Or what will fix that?