Page 1 of 1

Upload image in form

Posted: Sat Feb 12, 2011 10:31 pm
by merchhaus
My website is close to being ready and I can't figure this crap out. I have a form where users can post products, which works, but I cannot figure out how to get the image to upload. Below is the form

Code: Select all

echo "<form method=post name=f1 action='$PHP_SELF' enctype=multipart/form-data>";

//////////        Starting of first drop downlist /////////
echo "<select name='cat' onchange=\"reload(this.form)\"><option value=''>Select Category</option>";
while($noticia2 = mysql_fetch_array($catquer)) { 
if($noticia2['cat_id']==@$cat){echo "<option selected value='$noticia2[cat_id]'>$noticia2[category]</option>"."<BR>";}
else{echo  "<option value='$noticia2[cat_id]'>$noticia2[category]</option>";}
}
echo "</select>";
//////////////////  This will end the first drop down list ///////////
?>
  <br>
  <br>
<?php

//////////        Starting of second drop downlist /////////
echo "<select name='subcat' onchange=\"reload3(this.form)\"><option value=''>Select Subcategory</option>";
while($noticia = mysql_fetch_array($subcatquer)) { 
if($noticia['subcat_id']==@$subcat){echo "<option selected value='$noticia[subcat_id]'>$noticia[subcategory]</option>"."<BR>";}
else{echo  "<option value='$noticia[subcat_id]'>$noticia[subcategory]</option>";}
}
echo "</select>";
//////////////////  This will end the second drop down list ///////////
?>
  <br>
  <br>
<?php

//////////        Starting of third drop downlist /////////
echo "<select name='prod_type'><option value=''>Select Product Type</option>";
while($noticia3 = mysql_fetch_array($prodtypequer)) { 
{echo "<option value='$noticia3[type_id]'>$noticia3[product_type]</option>";}
}
echo "</select>";
//////////////////  This will end the third drop down list ///////////
?>
  <br>
  <br>
  <label for="prod_name">*Product Name:</label><br>
  <input type="text" name="prod_name" size="40" value="<?php echo $prod_name; ?>"/>
  <br>
  <br>
  <label for="short_desc">*Short product description:</label><br>
  <input type="text" name="short_desc" size="40" value="<?php echo $short_desc; ?>"/>
  <br>
  <br>
  <label for="long_desc">*Long product description:</label><br>
  <textarea rows="10" cols="30" name="long_desc" value="<?php echo $long_desc; ?>"></textarea>
  <br>
  <br>
  <label for="avail_date">Available Date:<label><br>
  <input type="text" name="avail_date" size="40" value="<?php echo $avail_date; ?>"/>
  <p>or lead time to sellers distribution center.</p>
  <br>
  <label for="country_origin">Country Manufactured In:</label><br>
  <input type="text" name="country_origin" size="40" value="<?php echo $country_origin; ?>"/>
  <br>
  <label for="photo">Product Image:</label><br>
  <input type="file" name="photo" id="photo">
  <p>* is required</p>

<br>
<br>

<input type="submit" name="submit" value="Post Item"/>
</form>
and here is the php

Code: Select all

<?php
session_start();

include 'auth.inc.php';
include 'db.inc.php';

$db = mysql_connect (MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or
	die ('Unable to connect. Check your connection parameters.');
mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db));
//////// End of connecting to database ////////

function sql_safe($s)
{    
	if (get_magic_quotes_gpc())        
		$s = stripslashes($s);    
		
		return mysql_real_escape_string($s);
}

//filter incoming values
$cat = (isset($_POST['cat'])) ? trim($_POST['cat']) : '';
$subcat = (isset($_POST['subcat'])) ? $_POST['subcat'] : '';
$prod_type = (isset($_POST['prod_type'])) ? trim($_POST['prod_type']) : '';
$prod_name = (isset($_POST['prod_name'])) ? trim($_POST['prod_name']) : '';
$short_desc = (isset($_POST['short_desc'])) ? trim($_POST['short_desc']) : '';
$long_desc = (isset($_POST['long_desc'])) ? trim($_POST['long_desc']) : '';
$avail_date = (isset($_POST['avail_date'])) ? trim($_POST['avail_date']) : '';
$country_origin = (isset($_POST['country_origin'])) ? trim($_POST['country_origin']) : '';
$user_id = $_SESSION['user_id'];
$username = $_SESSION['username'];
$file = $_FILES['image']['tmp_name'];
$image = addslashes(file_get_contents($_FILES['image']['tmp_name']));
$image_name = addslashes($_FILES['image']['name']);
$image_size = getimagesize($_FILES['image']['tmp_name']);
	
if (isset($_POST['submit']) && $_POST['submit'] == 'Post Item') {
	
	$errors = array();
	
	//make sure manditory fields have been entered
	if (empty($prod_name)) {
		$errors[] = 'Product Name cannot be blank.';
	}
	
	//32 check if product name is already registered
	$query = 'SELECT prod_name FROM product WHERE prod_name = "' .
		$prod_name . '"';
	$result = mysql_query($query, $db) or die(mysql_error());
	if (mysql_num_rows($result) > 0) {
		$errors[] = 'A product named ' . $prod_name . ' has already been posted.';
		$prod_name = '';
} 

mysql_free_result($result);

if (empty($short_desc)) {
	$errors[] = 'Short Description cannot be blank.';
}
if (empty($long_desc)) {
	$errors[] = 'Long Description cannot be blank.';
}
if (empty($avail_date)) {
	$errors[] = 'Availibility Date cannot be blank.';
}
if (empty($country_origin)) {
	$errors[] = 'Country of Origin cannot be blank.';
}
if($image_size==FALSE) {
	$errors[] = 'Image must be selected.';
}

if(count($errors) > 0) {
	echo '<p><strong style="color:#FF000;">Unable to process your ' .
		'item.</strong></p>';
	echo '<p>Please fix the following:</p>';
	echo '<ul>';
	foreach ($errors as $error) {
		echo '<li>' . $error . '</li>';
	}
	echo '</ul>';
		
} else {
	//65 No errors so enter the information into the database.
	
	$query = 'INSERT INTO prod_cat
			(prod_id, cat, subcat, prod_type)
		VALUES
			(NULL, "' . mysql_real_escape_string($cat, $db) . '", ' .
			'"' . mysql_real_escape_string($subcat, $db) . '", ' .
			'"' . mysql_real_escape_string($prod_type, $db) . '")';
		$result = mysql_query($query, $db) or die(mysql_error());
		
		$prod_id  = mysql_insert_id($db);
		
		$query = 'INSERT INTO product
				(prod_id, prod_name, short_desc, long_desc, avail_date, country_origin)
			VALUES
			   (' . $prod_id . ', ' .
				'"' . mysql_real_escape_string($prod_name, $db)  . '", ' .
				'"' . mysql_real_escape_string($short_desc, $db)  . '", ' .
				'"' . mysql_real_escape_string($long_desc, $db)  . '", ' .
				'"' . mysql_real_escape_string($avail_date, $db)  . '", ' .
				'"' . mysql_real_escape_string($country_origin, $db)  . '")';
		$result = mysql_query($query, $db) or die(mysql_error());
		
		$query = 'INSERT INTO user_product
			(user_id, prod_id)
		VALUES
			(' . $user_id . ', ' . $prod_id . ')';
		$result = mysql_query($query, $db) or die(mysql_error());	
	
		$query = 'INSERT INTO images 
			(id, image_name, image_time, image, prod_id)
		VALUES 
			(NULL,' . $image_name . ',NULL,' . $image . ', ' . $prod_id . ')';
			$result = mysql_query($query, $db) or die(mysql_error());	

		$_SESSION['logged'] = 1;
		$_SESSION['username'] = $username;
		
		header('Refresh: 5; URL=user.php');

?>
Any help is much appreciated