Upload image in form
Posted: Sat Feb 12, 2011 10:31 pm
My website is close to being ready and I can't figure this crap out. I have a form where users can post products, which works, but I cannot figure out how to get the image to upload. Below is the form
and here is the php
Any help is much appreciated
Code: Select all
echo "<form method=post name=f1 action='$PHP_SELF' enctype=multipart/form-data>";
////////// Starting of first drop downlist /////////
echo "<select name='cat' onchange=\"reload(this.form)\"><option value=''>Select Category</option>";
while($noticia2 = mysql_fetch_array($catquer)) {
if($noticia2['cat_id']==@$cat){echo "<option selected value='$noticia2[cat_id]'>$noticia2[category]</option>"."<BR>";}
else{echo "<option value='$noticia2[cat_id]'>$noticia2[category]</option>";}
}
echo "</select>";
////////////////// This will end the first drop down list ///////////
?>
<br>
<br>
<?php
////////// Starting of second drop downlist /////////
echo "<select name='subcat' onchange=\"reload3(this.form)\"><option value=''>Select Subcategory</option>";
while($noticia = mysql_fetch_array($subcatquer)) {
if($noticia['subcat_id']==@$subcat){echo "<option selected value='$noticia[subcat_id]'>$noticia[subcategory]</option>"."<BR>";}
else{echo "<option value='$noticia[subcat_id]'>$noticia[subcategory]</option>";}
}
echo "</select>";
////////////////// This will end the second drop down list ///////////
?>
<br>
<br>
<?php
////////// Starting of third drop downlist /////////
echo "<select name='prod_type'><option value=''>Select Product Type</option>";
while($noticia3 = mysql_fetch_array($prodtypequer)) {
{echo "<option value='$noticia3[type_id]'>$noticia3[product_type]</option>";}
}
echo "</select>";
////////////////// This will end the third drop down list ///////////
?>
<br>
<br>
<label for="prod_name">*Product Name:</label><br>
<input type="text" name="prod_name" size="40" value="<?php echo $prod_name; ?>"/>
<br>
<br>
<label for="short_desc">*Short product description:</label><br>
<input type="text" name="short_desc" size="40" value="<?php echo $short_desc; ?>"/>
<br>
<br>
<label for="long_desc">*Long product description:</label><br>
<textarea rows="10" cols="30" name="long_desc" value="<?php echo $long_desc; ?>"></textarea>
<br>
<br>
<label for="avail_date">Available Date:<label><br>
<input type="text" name="avail_date" size="40" value="<?php echo $avail_date; ?>"/>
<p>or lead time to sellers distribution center.</p>
<br>
<label for="country_origin">Country Manufactured In:</label><br>
<input type="text" name="country_origin" size="40" value="<?php echo $country_origin; ?>"/>
<br>
<label for="photo">Product Image:</label><br>
<input type="file" name="photo" id="photo">
<p>* is required</p>
<br>
<br>
<input type="submit" name="submit" value="Post Item"/>
</form>
Code: Select all
<?php
session_start();
include 'auth.inc.php';
include 'db.inc.php';
$db = mysql_connect (MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or
die ('Unable to connect. Check your connection parameters.');
mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db));
//////// End of connecting to database ////////
function sql_safe($s)
{
if (get_magic_quotes_gpc())
$s = stripslashes($s);
return mysql_real_escape_string($s);
}
//filter incoming values
$cat = (isset($_POST['cat'])) ? trim($_POST['cat']) : '';
$subcat = (isset($_POST['subcat'])) ? $_POST['subcat'] : '';
$prod_type = (isset($_POST['prod_type'])) ? trim($_POST['prod_type']) : '';
$prod_name = (isset($_POST['prod_name'])) ? trim($_POST['prod_name']) : '';
$short_desc = (isset($_POST['short_desc'])) ? trim($_POST['short_desc']) : '';
$long_desc = (isset($_POST['long_desc'])) ? trim($_POST['long_desc']) : '';
$avail_date = (isset($_POST['avail_date'])) ? trim($_POST['avail_date']) : '';
$country_origin = (isset($_POST['country_origin'])) ? trim($_POST['country_origin']) : '';
$user_id = $_SESSION['user_id'];
$username = $_SESSION['username'];
$file = $_FILES['image']['tmp_name'];
$image = addslashes(file_get_contents($_FILES['image']['tmp_name']));
$image_name = addslashes($_FILES['image']['name']);
$image_size = getimagesize($_FILES['image']['tmp_name']);
if (isset($_POST['submit']) && $_POST['submit'] == 'Post Item') {
$errors = array();
//make sure manditory fields have been entered
if (empty($prod_name)) {
$errors[] = 'Product Name cannot be blank.';
}
//32 check if product name is already registered
$query = 'SELECT prod_name FROM product WHERE prod_name = "' .
$prod_name . '"';
$result = mysql_query($query, $db) or die(mysql_error());
if (mysql_num_rows($result) > 0) {
$errors[] = 'A product named ' . $prod_name . ' has already been posted.';
$prod_name = '';
}
mysql_free_result($result);
if (empty($short_desc)) {
$errors[] = 'Short Description cannot be blank.';
}
if (empty($long_desc)) {
$errors[] = 'Long Description cannot be blank.';
}
if (empty($avail_date)) {
$errors[] = 'Availibility Date cannot be blank.';
}
if (empty($country_origin)) {
$errors[] = 'Country of Origin cannot be blank.';
}
if($image_size==FALSE) {
$errors[] = 'Image must be selected.';
}
if(count($errors) > 0) {
echo '<p><strong style="color:#FF000;">Unable to process your ' .
'item.</strong></p>';
echo '<p>Please fix the following:</p>';
echo '<ul>';
foreach ($errors as $error) {
echo '<li>' . $error . '</li>';
}
echo '</ul>';
} else {
//65 No errors so enter the information into the database.
$query = 'INSERT INTO prod_cat
(prod_id, cat, subcat, prod_type)
VALUES
(NULL, "' . mysql_real_escape_string($cat, $db) . '", ' .
'"' . mysql_real_escape_string($subcat, $db) . '", ' .
'"' . mysql_real_escape_string($prod_type, $db) . '")';
$result = mysql_query($query, $db) or die(mysql_error());
$prod_id = mysql_insert_id($db);
$query = 'INSERT INTO product
(prod_id, prod_name, short_desc, long_desc, avail_date, country_origin)
VALUES
(' . $prod_id . ', ' .
'"' . mysql_real_escape_string($prod_name, $db) . '", ' .
'"' . mysql_real_escape_string($short_desc, $db) . '", ' .
'"' . mysql_real_escape_string($long_desc, $db) . '", ' .
'"' . mysql_real_escape_string($avail_date, $db) . '", ' .
'"' . mysql_real_escape_string($country_origin, $db) . '")';
$result = mysql_query($query, $db) or die(mysql_error());
$query = 'INSERT INTO user_product
(user_id, prod_id)
VALUES
(' . $user_id . ', ' . $prod_id . ')';
$result = mysql_query($query, $db) or die(mysql_error());
$query = 'INSERT INTO images
(id, image_name, image_time, image, prod_id)
VALUES
(NULL,' . $image_name . ',NULL,' . $image . ', ' . $prod_id . ')';
$result = mysql_query($query, $db) or die(mysql_error());
$_SESSION['logged'] = 1;
$_SESSION['username'] = $username;
header('Refresh: 5; URL=user.php');
?>