Able to upload certain files and reload of form action
Posted: Wed Oct 01, 2008 4:59 pm
What I'm wanting to do with this code is make it to where the only type of files that can ONLY be uploaded are files that have the extention .jpg. I would also like to make it to where upon submission of the form the page reloads and automattically adds it to the table below.
Code: Select all
<?php
/* addshowname.php */
/* This form after submission takes the results of the form and inserts the values into the database as a new show name is created. */
require ('database.php');
// Where the file is going to be placed
$target_path = "../defiant/images/";
/* Add the original filename to our target path.
Result is "images/filename.extension" */
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
//This code runs if the form has been submitted
if (isset($_POST['submit'])) {
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ".basename( $_FILES['uploadedfile']['name'])." has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}
// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST['showname'] = addslashes($_POST['showname']);
}
$showname = $_POST['showname'];
$check = mysql_query("SELECT showname FROM shows WHERE showname = '$showname'")
or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the name exists it gives an error
if ($check2 != 0) {
die('Sorry, the show name '.$_POST['showname'].' is already in use.');
}
// now we insert it into the database
$insert = "INSERT INTO shows (showname, type, showimage, showlabel) VALUES ('".$_POST['showname']."','".$_POST['type']."','$target_path','1')";
$add_show = mysql_query($insert) or die(mysql_error());
}
echo '<form enctype="multipart/form-data" action="addshowname.php" method="post">';
echo '<input name="MAX_FILE_SIZE" type="hidden" value="100000">';
echo '<fieldset>';
echo '<legend>Enter the following information to add a show name:</legend>';
echo '<p>Enter Show Name:<input name="showname" type="text"></p>';
echo '<p>Show Type:<select name="type"><option></option><option>Weekly Show</option><option>Pay Per View</option></select></p>';
echo '<p>Upload Show Image:<input name="uploadedfile" type="file"></p>';
echo '<div align="center"><input name="submit" type="submit"><input name="sumbitted" type="hidden" value="TRUE"></div>';
echo '</fieldset>';
echo '</form>';
print '<center><h2><span style="color: #CC0000">Edit/Delete A Show</span></h2></center>';
print '<center><table width="50%" border="1">';
if(!isset($_GET['action']) && !isset($_POST['name'])) {
//Define the query
$query = "SELECT * FROM shows";
if ($r = mysql_query ($query)){ // Run the query.
if (mysql_num_rows($r) > 0)
{
// Retrieve and print every record
while ($row = mysql_fetch_array ($r)){
print '<tr><td>'.$row['showname'].'</td><td><a href="addshowname.php?action=edit&id='.$row['id'].'">Edit</a></td><td><a href="addshowname.php?action=delete&id='.$row['id'].'">Delete</a></td></tr>';
}
}
else
{
print "No Shows\n";
}
} else {
die ('<p>Could not retrieve the data because <b>' . mysql_error() . '</b>. The query was '."$query.".'</p>');
} //End of query IF
print '</table></center>';
}
if($_GET['action'] == 'edit') {
$query = "SELECT * FROM shows WHERE id = '".$_GET['id']."'";
$res = mysql_fetch_array(mysql_query($query));
print('<form action="'.$_SERVER['PHP_SELF'].'" method="post" name="form1">');
print('<table border=1 cellpadding=5 cellspacing=0 width=350>');
print('<tr><td>Name of show:</td><td><input type="text" name="name" value="'.$res['showname'].'"/></td></tr>');
print('<tr><td>Show Type Type:</td><td><select name="type">');
$types = array('Weekly Show','Pay Per View');
foreach($types as $type) {
if($type == $res['type']) {
print('<option value="'.$type.'" selected="selected">'.$type.'</option>');
}
else {
print('<option value="'.$type.'">'.$type.'</option>');
}
}
print('</select></td></tr>');
print('<tr><th colspan=2><input type="hidden" name="id" value="'.$_GET['id'].'" /><input type="submit" value="Edit Show" /></th></tr></table></form></center>');
}
if(isset($_POST['name'])) {
$query = "UPDATE shows SET showname = '".mysql_real_escape_string($_POST['name'])."', location = '".mysql_real_escape_string($_POST['loc'])."', date = '".mysql_real_escape_string($_POST['date'])."' WHERE id = '".$_POST['id']."'"; if(mysql_query($query)) {
echo "Show updated.";
}
else {
die('<p>The show could not update because <b>' . mysql_error() . '</b>. The query was '."$query.".'</p>');
}
}
if($_GET['action'] == 'delete') {
$query = "DELETE FROM shows WHERE id = '".$_GET['id']."'";
if(mysql_query($query)) {
echo "Deletion successful.";
}
else {
die ('<p>Could not delete post because ' . mysql_error() . '. The query was '."$query.".'</p>');
}
}
?>