PHP RSS PHP RSS

File Upload Variables

Reply

Join Date: May 2008
Posts: 6
Reputation: 2xldesign is an unknown quantity at this point 
Solved Threads: 0
2xldesign 2xldesign is offline Offline
Newbie Poster

File Upload Variables

 
0
  #1
May 11th, 2008
I am working on a 2 page form. I need to have a file upload on the first page. I need to pass the file upload values to the insert page. I am not sure what approach to take. I have tried sessions but had no luck.

Here is a simplified version of my code.

Page 1:
php Syntax (Toggle Plain Text) 
  1. <form method="post" enctype="multipart/form-data">
  2. <input type="hidden" name="MAX_FILE_SIZE" value="2000000">
  3. <input name="userfile" type="file" id="userfile"> 
  4. <input name="upload" type="submit" class="box" id="upload" value=" Upload "></td>
  5. </form>

Page 2:
php Syntax (Toggle Plain Text) 
  1. <form action="insert.php" method="post">
  2. <input type="text" name="first" id="first" />
  3. <input type="submit" name="button" id="button" value="Submit" />
  4. </form>

Page 3:
php Syntax (Toggle Plain Text) 
  1. <?php
  2. $uploadDir = 'upload/';
  3.  
  4. if(isset($_POST['upload']))
  5. {
  6. $fileName = $_FILES['userfile']['name'];
  7. $tmpName = $_FILES['userfile']['tmp_name'];
  8. $fileSize = $_FILES['userfile']['size'];
  9. $fileType = $_FILES['userfile']['type'];
  10. $filePath = $uploadDir . $fileName;
  11. $result = move_uploaded_file($tmpName, $filePath);
  12. if (!$result) {
  13. echo "Error uploading file";
  14. exit;
  15. }
  16.  
  17. include 'includes/config.php';
  18. include 'includes/opendb.php';
  19. if(!get_magic_quotes_gpc())
  20. {
  21. $fileName = addslashes($fileName);
  22. $filePath = addslashes($filePath);
  23. }
  24. $query = "INSERT INTO contacts (first, name, size, type, path ) ".
  25. "VALUES ('$first', '$fileName', '$fileSize', '$fileType', '$filePath')";
  26. mysql_query($query) or die('Error, query failed : ' . mysql_error());
  27. include 'includes/closedb.php';
  28.  
  29. echo "<br>Files uploaded<br>";
  30. }
  31. ?>

Need to get the upload values from Page1 - Page3

Thank you in advance,

Scott
Last edited by peter_budo; May 11th, 2008 at 1:58 pm. Reason: Keep It Organized - please use [code] tags
Reply With Quote Quick reply to this message  
Join Date: Jan 2008
Posts: 71
Reputation: amigura is an unknown quantity at this point 
Solved Threads: 7
amigura's Avatar
amigura amigura is offline Offline
Junior Poster in Training

Re: File Upload Variables

 
0
  #2
May 11th, 2008
u could do it all in one page in stead of 3 pages. some info about restricting uploads
http://www.w3schools.com/php/php_file_upload.asp

use this on db inputs - mysql_real_escape_string ($user_input)
http://uk3.php.net/manual/en/functio...ape-string.php

for the $uploadDir i would not add this to db value as it will save on db space and if you want to change image dir u will have more flexibility to do so, that is of course the $uploadDir is constant and none changing for all images.


PHP Syntax (Toggle Plain Text) 
  1. <?php
  2. $uploadDir = 'upload/';
  3.  
  4. if(isset($_POST['upload']))
  5. {
  6. $fileName = $_FILES['userfile']['name'];
  7. $tmpName = $_FILES['userfile']['tmp_name'];
  8. $fileSize = $_FILES['userfile']['size'];
  9. $fileType = $_FILES['userfile']['type'];
  10. $filePath = $uploadDir . $fileName;
  11. $result = move_uploaded_file($tmpName, $filePath);
  12.  
  13. if (!$result) {
  14. $err= "Error uploading file";
  15. }else{ // upload good do db
  16.  
  17. include 'includes/config.php';
  18. include 'includes/opendb.php';
  19.  
  20. if(!get_magic_quotes_gpc())
  21. {
  22. $fileName = addslashes($fileName);
  23. $filePath = addslashes($filePath);
  24. }
  25.  
  26. $query = "INSERT INTO contacts (first, name, size, type, path ) ".
  27. "VALUES ('$first', '$fileName', '$fileSize', '$fileType', '$filePath')";
  28. mysql_query($query) or die('Error, query failed : ' . mysql_error());
  29. include 'includes/closedb.php';
  30.  
  31. $err= "<br>Files uploaded<br>";
  32. }
  33.  
  34. }
  35. ?>
  36.  
  37. <?php echo $err; ?>
  38. <form method="post" enctype="multipart/form-data">
  39. first <input type="text" name="first" id="first" /><br/>
  40. <input type="hidden" name="MAX_FILE_SIZE" value="2000000">
  41. filename <input name="userfile" type="file" id="userfile"><br /> 
  42. <input name="upload" type="submit" class="box" id="upload" value=" Upload "></td>
  43. </form>
Last edited by amigura; May 11th, 2008 at 8:38 am.
http://www.amigura.co.uk
Reply With Quote Quick reply to this message  
Join Date: May 2008
Posts: 6
Reputation: 2xldesign is an unknown quantity at this point 
Solved Threads: 0
2xldesign 2xldesign is offline Offline
Newbie Poster

Re: File Upload Variables

 
0
  #3
May 11th, 2008
The form has to be over several pages because of the length. I can get the upload to work on a 1 page form no problem. But....... the client wants it over several pages, and the upload needs to be on the first page.

Thanks,

Scott
Reply With Quote Quick reply to this message  
Join Date: Jan 2008
Posts: 71
Reputation: amigura is an unknown quantity at this point 
Solved Threads: 7
amigura's Avatar
amigura amigura is offline Offline
Junior Poster in Training

Re: File Upload Variables

 
0
  #4
May 11th, 2008
i don't know if it will work but you need to pass file vars to form 2 then on to form 3
you should have upload on form 2 or 3 for safety reason.

Page 2:

PHP Syntax (Toggle Plain Text) 
  1. <form action="insert.php" method="post">
  2. <input type="text" name="first" id="first" />
  3. <input type="hidden" name="tempfile" id="tempfile" value="<?php echo $_FILES['userfile']['tmp_name']; ?>" />
  4. <input type="hidden" name="filename" id="filename" value="<?php echo $_FILES['userfile']['name']; ?>" />
  5. <input type="submit" name="button" id="button" value="Submit" />
  6. </form>
http://www.amigura.co.uk
Reply With Quote Quick reply to this message  
Join Date: May 2008
Posts: 6
Reputation: 2xldesign is an unknown quantity at this point 
Solved Threads: 0
2xldesign 2xldesign is offline Offline
Newbie Poster

Re: File Upload Variables

 
0
  #5
May 11th, 2008
Thank you for the help. Would I use a normal session to pass from page 1 to page 2?

$_SESSION['userfile']['tmp_name'];
$_SESSION['userfile']['name'];

Since the echo is for $_FILES I was not sure.

Thanks again!

Scott
Reply With Quote Quick reply to this message  
Join Date: May 2008
Posts: 6
Reputation: 2xldesign is an unknown quantity at this point 
Solved Threads: 0
2xldesign 2xldesign is offline Offline
Newbie Poster

Re: File Upload Variables

 
0
  #6
May 13th, 2008
I am trying a different approach and I think I am on the right track. I put the file upload script in Page 2 and I am trying to use UPDATE to insert the rest of the information (I hope I am going in the right direction). Now!.... what would be the best way to select the last inserted id or record?

Thank you for the help so far,

Scott
Reply With Quote Quick reply to this message  
Join Date: May 2008
Posts: 31
Reputation: rgviza is an unknown quantity at this point 
Solved Threads: 5
rgviza rgviza is offline Offline
Light Poster

Re: File Upload Variables

 
0
  #7
May 14th, 2008
Originally Posted by 2xldesign View Post
I am trying a different approach and I think I am on the right track. I put the file upload script in Page 2 and I am trying to use UPDATE to insert the rest of the information (I hope I am going in the right direction). Now!.... what would be the best way to select the last inserted id or record?

Thank you for the help so far,

Scott
I'd put the file upload in page one like the client originally wanted.

On loading page 2 of form, upload file, write it to disk and set a session variable with the file path. Also collect the form variables into the session and display form page 2.

On loading page 3 of form, you write the variables from page 2 to session and display the rest of form. On submit of the last page, you take the POST variables along with the form data in session and insert into database in one shot along with file path if necessary, then display the thank you page.

The whole affair should be pretty straightforward and simple to do this way. It's one query and you are collecting the file on the first page.

-r
Reply With Quote Quick reply to this message  
Join Date: May 2008
Posts: 6
Reputation: 2xldesign is an unknown quantity at this point 
Solved Threads: 0
2xldesign 2xldesign is offline Offline
Newbie Poster

Re: File Upload Variables

 
0
  #8
May 14th, 2008
Originally Posted by rgviza View Post
I'd put the file upload in page one like the client originally wanted.

On loading page 2 of form, upload file, write it to disk and set a session variable with the file path. Also collect the form variables into the session and display form page 2.

On loading page 3 of form, you write the variables from page 2 to session and display the rest of form. On submit of the last page, you take the POST variables along with the form data in session and insert into database in one shot along with file path if necessary, then display the thank you page.

The whole affair should be pretty straightforward and simple to do this way. It's one query and you are collecting the file on the first page.

-r
LOL..... I have come to find out I am an HTML guy not a PHP guy.... I have a new appreciation for all of you php coders. Could you PLEASE show me some code to point me in the right direction? Or show me a sample in the code I started the thread with?

I honestly appreciate everyone's help on this.

Scott
Reply With Quote Quick reply to this message  
Join Date: May 2008
Posts: 31
Reputation: rgviza is an unknown quantity at this point 
Solved Threads: 5
rgviza rgviza is offline Offline
Light Poster

Re: File Upload Variables

 
0
  #9
May 14th, 2008
PHP Syntax (Toggle Plain Text) 
  1. #page 1 form processor
  2. <?php
  3. session_start();
  4. #
  5. $uploadDir = 'upload/';
  6. #
  7.  
  8. #
  9. if(isset($_POST['upload']))
  10. #
  11. {
  12. #
  13. $fileName = $_FILES['userfile']['name'];
  14. #
  15. $tmpName = $_FILES['userfile']['tmp_name'];
  16. #
  17. $fileSize = $_FILES['userfile']['size'];
  18. #
  19. $fileType = $_FILES['userfile']['type'];
  20. #
  21. $filePath = $uploadDir . $fileName;
  22. #
  23. $result = move_uploaded_file($tmpName, $filePath);
  24. #
  25. if (!$result) {
  26. #
  27. echo "Error uploading file";
  28. #
  29. exit;
  30. #
  31. }
  32. else
  33. {
  34.     $_SESSION['uploadedfilepath']=$filePath;
  35. }
  36. ## read form vars here into session
  37.     $_SESSION['formpage1']=$_POST;
  38.  
  39. ?>
  40.  
  41. <!-- display form page 2 here -->

Then collect each form post page like that (sans the file stuff for the rest of the pages).

At the end you'll have 2 arrays in session and the file upload path and you can do this when submitting the final page.

PHP Syntax (Toggle Plain Text) 
  1. session_start();
  2. function filterbadstuff($value)
  3. {
  4.   /*filter out xss, sql injection etc here so your form doesn't get hacked*/
  5.      return $filteredvalue;
  6. }
  7. $filteredformvars=array();
  8. while(list($fieldname, $fieldvalue)=each($_SESSION['formpage1']))
  9. {
  10.       $filteredformvars[$fieldname]=filterbadstuff($fieldvalue);
  11. }
  12. while(list($fieldname, $fieldvalue)=each($_SESSION['formpage2']))
  13. {
  14.       $filteredformvars[$fieldname]=filterbadstuff($fieldvalue);
  15. }
  16. while(list($fieldname, $fieldvalue)=each($_POST))
  17. {
  18.       $filteredformvars[$fieldname]=filterbadstuff($fieldvalue);
  19. }

At this point $filteredformvars has all of your form data in a neat array. I don't know what your data looks like but you should use php filters to scrub the data before building a query.
Just filter the data in that filterbadstuff() function.
Otherwise a nice injection can allow someone to steal your customer data. Don't forget to call the session_start(); at the top of every page where you are getting data to and from session.

Check out the php data filtering as well as mysql functions for this. Data scrubbing is way beyond the scope of a forum post. This code is not debugged. It's meant to show you some ways of handling this.

By hacking this out yourself you'll learn important stuff...

-r
Last edited by rgviza; May 14th, 2008 at 3:50 am.
Reply With Quote Quick reply to this message  
Join Date: May 2008
Posts: 6
Reputation: 2xldesign is an unknown quantity at this point 
Solved Threads: 0
2xldesign 2xldesign is offline Offline
Newbie Poster

Re: File Upload Variables

 
0
  #10
May 14th, 2008
Excellent! Thank you for the help..... I am getting a blank page on Page 2 though.....

Here is Page 1

php Syntax (Toggle Plain Text) 
  1. <?php session_start();
  2. $_SESSION['userfile'];
  3. ?>
  4. <html>
  5. <body>
  6.  
  7. <form action="page2.php" method="post" enctype="multipart/form-data">
  8. <input type="hidden" name="MAX_FILE_SIZE" value="2000000">
  9. <input name="userfile" type="file" id="userfile"> 
  10. <input name="upload" type="submit" class="box" id="upload" value=" Upload "></td>
  11. </form>
  12.  
  13. </body>
  14. </html>
  15.  
  16. Page 2
  17.  
  18. <?php
  19. session_start();
  20. $_SESSION['userfile'];
  21.  
  22. $uploadDir = 'upload/';
  23. if(isset($_POST['upload']))
  24. {
  25. $fileName = $_FILES['userfile']['name'];
  26. $tmpName = $_FILES['userfile']['tmp_name'];
  27. $fileSize = $_FILES['userfile']['size'];
  28. $fileType = $_FILES['userfile']['type'];
  29. $filePath = $uploadDir . $fileName;
  30. $result = move_uploaded_file($tmpName, $filePath);
  31. if (!$result) {
  32. echo "Error uploading file";
  33. exit;
  34. }
  35. else
  36. {
  37.     $_SESSION['uploadedfilepath']=$filePath;
  38. }
  39.     $_SESSION['userfile']=$_POST;
  40. ?>
  41. <html>
  42. <body>
  43.  
  44. <form action="insert.php" method="post">
  45. <input type="text" name="first" id="first" />
  46. <input type="submit" name="button" id="button" value="Submit" />
  47. </form>
  48.  
  49. </body>
  50. </html>

Am I missing something simple?

-Scott
Last edited by peter_budo; May 14th, 2008 at 3:58 pm. Reason: Keep It Organized - please use [code] tags
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the PHP Forum
Thread Tools Search this Thread



# 5.2.10 action address apache api array auto autoincrement beginner binary broken cakephp checkbox class classes cms code cron curl database date dehasher destroy display dissertation domain dynamic echo echo$_get[x]changingitintovariable... email error errorlog fatalerror file files folder form forms function functions google href htaccess html if-else image images include insert ip javascript joomla legislation limit link load login mail masterthesis menu mlm multiple mysql mysqlquery oop open paypal pdf persist php popup problem query radio random record recursion remote script search server sessions sms sockets source space sql syntax system table tutorial update upload url validator variable video web youtube
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC