File Upload Variables

Question

2xldesign 0 Newbie Poster

15 Years Ago

I am working on a 2 page form. I need to have a file upload on the first page. I need to pass the file upload values to the insert page. I am not sure what approach to take. I have tried sessions but had no luck.

Here is a simplified version of my code.

Page 1:

<form method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
<input name="userfile" type="file" id="userfile"> 
<input name="upload" type="submit" class="box" id="upload" value=" Upload "></td>
</form>

Page 2:

<form action="insert.php" method="post">
<input type="text" name="first" id="first" />
<input type="submit" name="button" id="button" value="Submit" />
</form>

Page 3:

<?php
$uploadDir = 'upload/';

if(isset($_POST['upload']))
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$filePath = $uploadDir . $fileName;
$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading file";
exit;
}

include 'includes/config.php';
include 'includes/opendb.php';
if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}
$query = "INSERT INTO contacts (first, name, size, type, path ) ".
"VALUES ('$first', '$fileName', '$fileSize', '$fileType', '$filePath')";
mysql_query($query) or die('Error, query failed : ' . mysql_error());
include 'includes/closedb.php';

echo "<br>Files uploaded<br>";
}
?>

Need to get the upload values from Page1 - Page3

Thank you in advance,

Scott

php

3 Contributors
9 Replies
270 Views
3 Days Discussion Span
Latest Post 15 Years Ago Latest Post by 2xldesign

All 9 Replies

amigura

15 Years Ago

u could do it all in one page in stead of 3 pages. some info about restricting uploads
http://www.w3schools.com/php/php_file_upload.asp

use this on db inputs - mysql_real_escape_string ($user_input)
http://uk3.php.net/manual/en/function.mysql-real-escape-string.php

for the $uploadDir i would not add this to db value as it will save on db space and if you want to change image dir u will have more flexibility to do so, that is of course the $uploadDir is constant and none changing for all images.

<?php
$uploadDir = 'upload/';

if(isset($_POST['upload']))
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$filePath = $uploadDir . $fileName;
$result = move_uploaded_file($tmpName, $filePath);

if (!$result) {
$err= "Error uploading file";
}else{ // upload good do db

include 'includes/config.php';
include 'includes/opendb.php';

if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}

$query = "INSERT INTO contacts (first, name, size, type, path ) ".
"VALUES ('$first', '$fileName', '$fileSize', '$fileType', '$filePath')";
mysql_query($query) or die('Error, query failed : ' . mysql_error());
include 'includes/closedb.php';

$err= "<br>Files uploaded<br>";
}

}
?>

<?php echo $err; ?>
<form method="post" enctype="multipart/form-data">
first <input type="text" name="first" id="first" /><br/>
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
filename <input name="userfile" type="file" id="userfile"><br /> 
<input name="upload" type="submit" class="box" id="upload" value=" Upload "></td>
</form>

amigura

15 Years Ago

i don't know if it will work but you need to pass file vars to form 2 then on to form 3
you should have upload on form 2 or 3 for safety reason.

Page 2:

<form action="insert.php" method="post">
<input type="text" name="first" id="first" />
<input type="hidden" name="tempfile" id="tempfile" value="<?php echo $_FILES['userfile']['tmp_name']; ?>" />
<input type="hidden" name="filename" id="filename" value="<?php echo $_FILES['userfile']['name']; ?>" />
<input type="submit" name="button" id="button" value="Submit" />
</form>

rgviza 8 Light Poster

15 Years Ago

I am trying a different approach and I think I am on the right track. I put the file upload script in Page 2 and I am trying to use UPDATE to insert the rest of the information (I hope I am going in the right direction). Now!.... what would be the best way to select the last inserted id or record?
Thank you for the help so far,
Scott

I'd put the file upload in page one like the client originally wanted.

On loading page 2 of form, upload file, write it to disk and set a session variable with the file path. Also collect the form variables into the session and display form page 2.

On loading page 3 of form, you write the variables from page 2 to session and display the rest of form. On submit of the last page, you take the POST variables along with the form data in session and insert into database in one shot along with file path if necessary, then display the thank you page.

The whole affair should be pretty straightforward and simple to do this way. It's one query and you are collecting the file on the first page.

-r

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

2xldesign 0 Newbie Poster · Answer 1 · 2008-05-11T23:48:24+00:00

The form has to be over several pages because of the length. I can get the upload to work on a 1 page form no problem. But....... the client wants it over several pages, and the upload needs to be on the first page.

Thanks,

Scott

2xldesign 0 Newbie Poster · Answer 2 · 2008-05-12T02:45:41+00:00

Thank you for the help. Would I use a normal session to pass from page 1 to page 2?

$_SESSION;
$_SESSION;

Since the echo is for $_FILES I was not sure.

Thanks again!

Scott

2xldesign 0 Newbie Poster · Answer 3 · 2008-05-13T09:29:37+00:00

I am trying a different approach and I think I am on the right track. I put the file upload script in Page 2 and I am trying to use UPDATE to insert the rest of the information (I hope I am going in the right direction). Now!.... what would be the best way to select the last inserted id or record?

Thank you for the help so far,

Scott

2xldesign 0 Newbie Poster · Answer 4 · 2008-05-14T09:57:32+00:00

I'd put the file upload in page one like the client originally wanted.
On loading page 2 of form, upload file, write it to disk and set a session variable with the file path. Also collect the form variables into the session and display form page 2.
On loading page 3 of form, you write the variables from page 2 to session and display the rest of form. On submit of the last page, you take the POST variables along with the form data in session and insert into database in one shot along with file path if necessary, then display the thank you page.
The whole affair should be pretty straightforward and simple to do this way. It's one query and you are collecting the file on the first page.
-r

LOL..... I have come to find out I am an HTML guy not a PHP guy.... I have a new appreciation for all of you php coders. Could you PLEASE show me some code to point me in the right direction? Or show me a sample in the code I started the thread with?

I honestly appreciate everyone's help on this.

Scott

rgviza 8 Light Poster · Answer 5 · 2008-05-14T12:48:21+00:00

#page 1 form processor
<?php
session_start();
#
$uploadDir = 'upload/';
#
 
#
if(isset($_POST['upload']))
#
{
#
$fileName = $_FILES['userfile']['name'];
#
$tmpName = $_FILES['userfile']['tmp_name'];
#
$fileSize = $_FILES['userfile']['size'];
#
$fileType = $_FILES['userfile']['type'];
#
$filePath = $uploadDir . $fileName;
#
$result = move_uploaded_file($tmpName, $filePath);
#
if (!$result) {
#
echo "Error uploading file";
#
exit;
#
}
else
{
    $_SESSION['uploadedfilepath']=$filePath;
}
## read form vars here into session
    $_SESSION['formpage1']=$_POST;

?>

<!-- display form page 2 here -->

Then collect each form post page like that (sans the file stuff for the rest of the pages).

At the end you'll have 2 arrays in session and the file upload path and you can do this when submitting the final page.

session_start();
function filterbadstuff($value)
{
  /*filter out xss, sql injection etc here so your form doesn't get hacked*/
     return $filteredvalue;
}
$filteredformvars=array();
while(list($fieldname, $fieldvalue)=each($_SESSION['formpage1']))
{
      $filteredformvars[$fieldname]=filterbadstuff($fieldvalue);
}
while(list($fieldname, $fieldvalue)=each($_SESSION['formpage2']))
{
      $filteredformvars[$fieldname]=filterbadstuff($fieldvalue);
}
while(list($fieldname, $fieldvalue)=each($_POST))
{
      $filteredformvars[$fieldname]=filterbadstuff($fieldvalue);
}

At this point $filteredformvars has all of your form data in a neat array. I don't know what your data looks like but you should use php filters to scrub the data before building a query.
Just filter the data in that filterbadstuff() function.
Otherwise a nice injection can allow someone to steal your customer data. Don't forget to call the session_start(); at the top of every page where you are getting data to and from session.

Check out the php data filtering as well as mysql functions for this. Data scrubbing is way beyond the scope of a forum post. This code is not debugged. It's meant to show you some ways of handling this.

By hacking this out yourself you'll learn important stuff...

-r

2xldesign 0 Newbie Poster · Answer 6 · 2008-05-14T20:52:30+00:00

Excellent! Thank you for the help..... I am getting a blank page on Page 2 though.....

Here is Page 1

<?php session_start();
$_SESSION['userfile'];
?>
<html>
<body>

<form action="page2.php" method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
<input name="userfile" type="file" id="userfile"> 
<input name="upload" type="submit" class="box" id="upload" value=" Upload "></td>
</form>

</body>
</html>

Page 2

<?php
session_start();
$_SESSION['userfile'];

$uploadDir = 'upload/';
if(isset($_POST['upload']))
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$filePath = $uploadDir . $fileName;
$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading file";
exit;
}
else
{
    $_SESSION['uploadedfilepath']=$filePath;
}
    $_SESSION['userfile']=$_POST;
?>
<html>
<body>

<form action="insert.php" method="post">
<input type="text" name="first" id="first" />
<input type="submit" name="button" id="button" value="Submit" />
</form>

</body>
</html>

Am I missing something simple?

-Scott

File Upload Variables

Recommended Answers Collapse Answers

All 9 Replies

Recommended Answers