Member Avatar for tie372

I have a form and upload script so people can upload games to my website. The form code:

echo "<form action=newgame.php enctype=multipart/form-data><table border=0  method=post bgcolor=1a1a1a><tr><td width=70%>
game title</td>
<td><input type=text name=title maxlength=48></input></td>
</tr>
<tr><td>summary</td><td><textarea name=summary rows=5 cols=30></textarea></tr>
<tr><td>genre</td><td>
<select name=genre>
<option value=action>action</option>
<option value=adventure>adventure</option>
<option value=arcade>arcade</option>
<option value=other>other</option>
<option value=puzzle>puzzle</option>
<option value=RPG>role-playing</option>
<option value=sports>sports</option>
<option value=strategy>strategy</option>
<option value=widget>widget</option></td></tr>
<tr><td>price (coming soon)</td><td>
</td></tr>
<tr><td>screenshot</td><td>
<input type=file name=screen></input></td></tr>
<tr><td>file</td><td>
<input type=file name=game></input></td></tr>
<tr><td></td><td><input type=submit name=submit value=add></input>";
?>

And here's the upload part...

<?php
session_start();
include "header.html";
include "db.php";

if(!isset($_SESSION[user])){include "loginform.html"; echo "you must be logged in to view this page<br><br>if you have an account, log in above<br><br>if not, <a href=accountcreate.php>create an account</a>"; exit(); }
else
if(isset($_SESSION[user])){
echo "<sup><div align=right>you're logged in as $_SESSION[user] | <a href=logout.php>log out</a></sup></div>";
}
$sql=mysql_query("SELECT * FROM games ORDER BY id DESC");
$id=mysql_num_rows($sql);
$id=$id+1;

$name=$_POST[title];
$summary=$_POST[summary];
$genre=$_POST[genre];

//screenshot
$screenname=$_FILES['screen']['name'];
$screensize=$_FILES['screen']['size'];
$screentype=$_FILES['screen']['type'];

//gamefile
$gamename=$_FILES['game']['name'];
$gamesize=$_FILES['game']['size'];
$gametype=$_FILES['game']['type'];

print_r($_FILES); //for debugging
//screenshot
//basic filter
if(empty($screenname)){echo "no file name was indicated.  hit back and try again"; exit();}
if($screensize>3000000){echo "your file is too big.  hit back and try again"; exit();}

if($screentype == "image/gif" || $screentype =="image/jpg" || $screentype =="image/png" || $screentype =="image/jpeg" || $screentype =="image/bmp"){

$location="screens/" . $id;

move_uploaded_file($_FILES['screen']['tmp_name'], $location);

}

//screenshot
//game



if(empty($gamename)){echo "no file name was indicated.  hit back and try again"; exit();}
if($gamesize>26214400){echo "your file is too big.  hit back and try again"; exit();}



$location="games/" . $id;
echo $location;

move_uploaded_file($_FILES['game']['tmp_name'], $location);


//game

$sql=mysql_query("INSERT INTO games(name, summary, price, genre, user, rating) VALUES ('$name','$summary','0','$genre','$_SESSION[user]','0')");
echo "your game has been created.<br><img src=screens/". $id ."><br><br>";
?>

The screenshot uploading works fine, as expected, but the game file doesn't work. Only the name is recorded, but the filetype and size are left blank.

  • 2 Contributors
  • 1 Reply
  • 113 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by petr.pavel
Member Avatar for petr.pavel

Hi there, I don't see that you'd be using $gametype or $gamesize. Could you please add some code that proves that they are empty indeed?

Also did you try displaying $_FILES? Add var_dump($_FILES['game']); to see what's in there.

Your HTML code doesn't end the table and the form. Also you should use attribute="value" notation and not attribute=value. Lazy programming is the best way to introduce bugs that are very difficult to trace.

Because your HTML doesn't contain any variables, you don't need that echo "" wrapper around it. Just quit PHP source code with ?> have the HTML code and then enter PHP source code again with <?php

You shouldn't use $_POST[title] - $_POST["title"] is better (title would first be tried as a constant).
If you place

ini_set("display_errors", true);
error_reporting(E_ALL);

you'll see what other mistakes you've made.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.