•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 363,390 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,772 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our PHP advertiser: Lunarpages PHP Web Hosting
Views: 555 | Replies: 9
 |
•
•
Join Date: May 2008
Posts: 6
Reputation: 
Rep Power: 0
Solved Threads: 0
Newbie Poster
I am working on a 2 page form. I need to have a file upload on the first page. I need to pass the file upload values to the insert page. I am not sure what approach to take. I have tried sessions but had no luck.
Here is a simplified version of my code.
Page 1:
Page 2:
Page 3:
Need to get the upload values from Page1 - Page3
Thank you in advance,
Scott
Here is a simplified version of my code.
Page 1:
php Syntax (Toggle Plain Text)
Page 2:
php Syntax (Toggle Plain Text)
Page 3:
php Syntax (Toggle Plain Text)
Need to get the upload values from Page1 - Page3
Thank you in advance,
Scott
Last edited by peter_budo : May 11th, 2008 at 12:58 pm. Reason: Keep It Organized - please use [code] tags
•
•
Join Date: Jan 2008
Posts: 71
Reputation:
Rep Power: 1
Solved Threads: 7
Junior Poster in Training
u could do it all in one page in stead of 3 pages. some info about restricting uploads
http://www.w3schools.com/php/php_file_upload.asp
use this on db inputs - mysql_real_escape_string ($user_input)
http://uk3.php.net/manual/en/functio...ape-string.php
for the $uploadDir i would not add this to db value as it will save on db space and if you want to change image dir u will have more flexibility to do so, that is of course the $uploadDir is constant and none changing for all images.
http://www.w3schools.com/php/php_file_upload.asp
use this on db inputs - mysql_real_escape_string ($user_input)
http://uk3.php.net/manual/en/functio...ape-string.php
for the $uploadDir i would not add this to db value as it will save on db space and if you want to change image dir u will have more flexibility to do so, that is of course the $uploadDir is constant and none changing for all images.
<?php
$uploadDir = 'upload/';
if(isset($_POST['upload']))
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$filePath = $uploadDir . $fileName;
$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
$err= "Error uploading file";
}else{ // upload good do db
include 'includes/config.php';
include 'includes/opendb.php';
if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}
$query = "INSERT INTO contacts (first, name, size, type, path ) ".
"VALUES ('$first', '$fileName', '$fileSize', '$fileType', '$filePath')";
mysql_query($query) or die('Error, query failed : ' . mysql_error());
include 'includes/closedb.php';
$err= "<br>Files uploaded<br>";
}
}
?>
<?php echo $err; ?>
<form method="post" enctype="multipart/form-data">
first <input type="text" name="first" id="first" /><br/>
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
filename <input name="userfile" type="file" id="userfile"><br />
<input name="upload" type="submit" class="box" id="upload" value=" Upload "></td>
</form> Last edited by amigura : May 11th, 2008 at 7:38 am.
•
•
Join Date: May 2008
Posts: 6
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
The form has to be over several pages because of the length. I can get the upload to work on a 1 page form no problem. But....... the client wants it over several pages, and the upload needs to be on the first page.
Thanks,
Scott
Thanks,
Scott
•
•
Join Date: Jan 2008
Posts: 71
Reputation:
Rep Power: 1
Solved Threads: 7
Junior Poster in Training
i don't know if it will work but you need to pass file vars to form 2 then on to form 3
you should have upload on form 2 or 3 for safety reason.
Page 2:
you should have upload on form 2 or 3 for safety reason.
Page 2:
<form action="insert.php" method="post"> <input type="text" name="first" id="first" /> <input type="hidden" name="tempfile" id="tempfile" value="<?php echo $_FILES['userfile']['tmp_name']; ?>" /> <input type="hidden" name="filename" id="filename" value="<?php echo $_FILES['userfile']['name']; ?>" /> <input type="submit" name="button" id="button" value="Submit" /> </form>
•
•
Join Date: May 2008
Posts: 6
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
Thank you for the help. Would I use a normal session to pass from page 1 to page 2?
$_SESSION['userfile']['tmp_name'];
$_SESSION['userfile']['name'];
Since the echo is for $_FILES I was not sure.
Thanks again!
Scott
$_SESSION['userfile']['tmp_name'];
$_SESSION['userfile']['name'];
Since the echo is for $_FILES I was not sure.
Thanks again!
Scott
•
•
Join Date: May 2008
Posts: 6
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
I am trying a different approach and I think I am on the right track. I put the file upload script in Page 2 and I am trying to use UPDATE to insert the rest of the information (I hope I am going in the right direction). Now!.... what would be the best way to select the last inserted id or record?
Thank you for the help so far,
Scott
Thank you for the help so far,
Scott
•
•
Join Date: May 2008
Posts: 31
Reputation:
Rep Power: 1
Solved Threads: 5
Light Poster
•
•
•
•
Originally Posted by 2xldesign 
I am trying a different approach and I think I am on the right track. I put the file upload script in Page 2 and I am trying to use UPDATE to insert the rest of the information (I hope I am going in the right direction). Now!.... what would be the best way to select the last inserted id or record?
Thank you for the help so far,
Scott
I'd put the file upload in page one like the client originally wanted.
On loading page 2 of form, upload file, write it to disk and set a session variable with the file path. Also collect the form variables into the session and display form page 2.
On loading page 3 of form, you write the variables from page 2 to session and display the rest of form. On submit of the last page, you take the POST variables along with the form data in session and insert into database in one shot along with file path if necessary, then display the thank you page.
The whole affair should be pretty straightforward and simple to do this way. It's one query and you are collecting the file on the first page.
-r
•
•
Join Date: May 2008
Posts: 6
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
•
•
•
•
Originally Posted by rgviza
I'd put the file upload in page one like the client originally wanted.
On loading page 2 of form, upload file, write it to disk and set a session variable with the file path. Also collect the form variables into the session and display form page 2.
On loading page 3 of form, you write the variables from page 2 to session and display the rest of form. On submit of the last page, you take the POST variables along with the form data in session and insert into database in one shot along with file path if necessary, then display the thank you page.
The whole affair should be pretty straightforward and simple to do this way. It's one query and you are collecting the file on the first page.
-r
LOL..... I have come to find out I am an HTML guy not a PHP guy.... I have a new appreciation for all of you php coders. Could you PLEASE show me some code to point me in the right direction? Or show me a sample in the code I started the thread with?
I honestly appreciate everyone's help on this.
Scott
•
•
Join Date: May 2008
Posts: 31
Reputation:
Rep Power: 1
Solved Threads: 5
Light Poster
#page 1 form processor
<?php
session_start();
#
$uploadDir = 'upload/';
#
#
if(isset($_POST['upload']))
#
{
#
$fileName = $_FILES['userfile']['name'];
#
$tmpName = $_FILES['userfile']['tmp_name'];
#
$fileSize = $_FILES['userfile']['size'];
#
$fileType = $_FILES['userfile']['type'];
#
$filePath = $uploadDir . $fileName;
#
$result = move_uploaded_file($tmpName, $filePath);
#
if (!$result) {
#
echo "Error uploading file";
#
exit;
#
}
else
{
$_SESSION['uploadedfilepath']=$filePath;
}
## read form vars here into session
$_SESSION['formpage1']=$_POST;
?>
<!-- display form page 2 here -->Then collect each form post page like that (sans the file stuff for the rest of the pages).
At the end you'll have 2 arrays in session and the file upload path and you can do this when submitting the final page.
session_start();
function filterbadstuff($value)
{
/*filter out xss, sql injection etc here so your form doesn't get hacked*/
return $filteredvalue;
}
$filteredformvars=array();
while(list($fieldname, $fieldvalue)=each($_SESSION['formpage1']))
{
$filteredformvars[$fieldname]=filterbadstuff($fieldvalue);
}
while(list($fieldname, $fieldvalue)=each($_SESSION['formpage2']))
{
$filteredformvars[$fieldname]=filterbadstuff($fieldvalue);
}
while(list($fieldname, $fieldvalue)=each($_POST))
{
$filteredformvars[$fieldname]=filterbadstuff($fieldvalue);
}At this point $filteredformvars has all of your form data in a neat array. I don't know what your data looks like but you should use php filters to scrub the data before building a query.
Just filter the data in that filterbadstuff() function.
Otherwise a nice injection can allow someone to steal your customer data. Don't forget to call the session_start(); at the top of every page where you are getting data to and from session.
Check out the php data filtering as well as mysql functions for this. Data scrubbing is way beyond the scope of a forum post. This code is not debugged. It's meant to show you some ways of handling this.
By hacking this out yourself you'll learn important stuff...
-r
Last edited by rgviza : May 14th, 2008 at 2:50 am.
•
•
Join Date: May 2008
Posts: 6
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
Excellent! Thank you for the help..... I am getting a blank page on Page 2 though.....
Here is Page 1
Am I missing something simple?
-Scott
Here is Page 1
php Syntax (Toggle Plain Text)
Am I missing something simple?
-Scott
Last edited by peter_budo : May 14th, 2008 at 2:58 pm. Reason: Keep It Organized - please use [code] tags
|
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
•
•
•
•
•
•
•
•
DaniWeb PHP Marketplace
Linear Mode
- File upload (PHP)
- Upload image from imagefield (ASP.NET)
- Preview an image before upload (JavaScript / DHTML / AJAX)
- pass variables across pages (PHP)
- Uploading multiple Images through input type="file" (PHP)
- Receiving closed filehandle warning (Perl)
- File Attachment Small Problem (PHP)
- Automating an FTP upload (Shell Scripting)
- vc++ mfc-i can't make getline work with a string for file input (C++)
Other Threads in the PHP Forum
- Previous Thread: Page Navigation
- Next Thread: Display Username
