0

Hi,

I have two pages to upload an image for specific client.

the code of the page where I choose the image from file for specific client is:

<?php
    require("headerloggedin.php");
?>
<?php
    $clientid = $_GET["clientid"];

    $query = "SELECT * FROM clients WHERE clientid = $clientid";
                    $resultset = $db->query($query);
                    while($row = mysql_fetch_array($resultset))
                    {
?>
            <div id="content">
                <table>
                    <tr>
                        <td colspan="3"><p id='clientname' align="center"><?php echo $row["clientname"];?></p></td>
                    </tr>
                    <tr>
                        <form enctype="multipart/form-data" method="post" action="addworkprocess.php">
                            <input type="hidden" name="idofclient" value="<?php echo $clientid;?>"/>
                            <td>
                                <p id="text">Add Work:</p>
                                <input type="file" name="0" id="box">
                            </td>
                            <td>
                                <p id="text">Month Completion:</p>
                                <select name="month" id="box">
                                    <option value="">-Select Month-</option>
                                    <?php
                                        $months = array("January","February","March","April","May","June","July","August","September","October","November","December");
                                        foreach ($months as $month): 
                                    ?>
                                    <option value="<?php echo $month; ?>"<?php if ($row['status'] == $month): ?> selected="selected"<?php endif; ?>><?php echo $month; ?></option>
                                    <?php endforeach; ?>
                                </select>
                            </td>
                            <td> 
                                <p id="text">Year of Completion:</p>
                                <?php
                                    // lowest year wanted
                                    $cutoff = 2010;

                                    // current year
                                    $now = date('Y');

                                    // build years menu
                                    echo '<select name="year" id="box">' . PHP_EOL;
                                    for ($y=$now; $y>=$cutoff; $y--) 
                                    {
                                        echo '<option value="' . $y . '">' . $y . '</option>' . PHP_EOL;
                                    }   
                                        echo '</select>' . PHP_EOL;
                                ?>
                            </td>
                        </tr>
                        <tr>
                            <td><input id="formbtn" type="submit" value="Add" /></td>
                        </tr>
                    </form>
                </table>
                <div id="smallbtn">
                    <ul>
                        <li><a href="portfoliologgedin.php">Back</a></li>
                    </ul>
                </div>
            </div>
<?php 
    }
?>
<?php
    require("footerloggedin.php");
?>

and the code of the process page is:

<?php 
    require("headerloggedin.php"); 
?>
<div id="content">
    <?php
        date_default_timezone_set('Europe/Malta');
        if (!empty($_POST["idofclient"]))
        {
            $clientid = $_POST["idofclient"];
            $month = $_POST["month"]; 
            $year = $_POST["year"];
            $datetime = date('Y-m-d H:i:s');

            $filecount=count($_FILES);

            for($j=0;$j<$filecount;$j++)
            {   
                if($_FILES[$j]['size']<=0 ) 
                continue;

                $fileno=$j+1;
                $filetitle = $_FILES[$j]['name'];
                if($filetitle!="")
                {       
                    $fileext = substr($_FILES[$j]['name'], strrpos($_FILES[$j]['name'], '.'));
                    $uploaddir = "../images/work/";
                    $max_size = "108388608";//"2621440";//"8388608";//""6291456";//"5242880";//"1048576";//"512000";//8388608

                    if ($_FILES[$j]['type'] == "text/html")
                    {
                        $var_msg.= "Incorrect File Extension for file {$fileno}!<br>";
                        $insert=false;
                        break;
                    }
                    else
                    {
                        if($_FILES[$j]['size'] > $max_size)
                        {
                            $var_msg.= "File Size Is Too Big for file {$fileno}! Max size is 4 MB<br>!";
                            $insert=false;
                            break;
                        }
                        else
                        {
                            move_uploaded_file($_FILES[$j]['tmp_name'],$uploaddir.$file_name);   
                            move_uploaded_file($_FILES[$j]['tmp_name'], $uploaddir.$filetitle);

                            $query = "INSERT INTO gallery (clientid, folder, file, filext, month, year) VALUES ('$clientid', '$uploaddir', '$filetitle', '$fileext', '$month', '$year')";

                            $db->query($query);
                            echo "<p id='text'>"."The file with the name of ".$filetitle." is uploaded."."</p>";             
                        }
                    }  
                }   
            }
        }//end file array
?>
    <div id="smallbtn">
        <ul>
            <li><a href="portfoliologgedin.php">Back</a></li>
        </ul>
    </div>
</div>
<?php 
    require("footerloggedin.php");
?>

my problem is when I click on the add button, the code didn't upload the information. can anyone help me to find the problem?

Thanks.
marifard

3
Contributors
3
Replies
29
Views
2 Years
Discussion Span
Last Post by marifard
0

I see a few things wrong with your form page..

  1. $clientid = $_GET['clientid'] This could lead to sql injection. you need to sanitize your code and put some safty checks.
  2. $db->query() is object oriented and mysql_fetch_assoch() is procedurial. you should use one and stick with it.
  3. Your html is mixed up.. you have a form tag inside a table tr but not insize a table cell. This is back form.
  4. you are using id's with the same value, you should change these to class's
  5. Mixing php and html directly is hard to read and debug. Its always best to seperated them as much as possible.

Here is what I did with your code. I have not tested, but you can see how I structured the html and seperated the php as much as possible.

<?php

    require('headerloggedin.php');

    if(isset($_GET['clientid'])){
        $clientid = $_GET['clientid'];
    }


    $sql = "SELECT * FROM clients WHERE clientid = $clientid";

    $query = mysqli_query($sql);

    $results = mysql_fetch_assoc($query);

?>

<div id="content">
    <form enctype="multipart/form-data" method="POST" action="addworkprocess.php">
        <input type="hidden" name="idofclient" value="<?php echo $cliendid; ?>" />
        <table>
            <tbody>
                <?php foreach($results as $result): ?>
                    <tr>
                        <td colspan="3" align="center"><p id="clientname"><?php echo $result['clientname']; ?></p></td> 
                    </tr>
                    <tr>
                        <td>
                            <label>Add Work:</label>
                            <input class="" type="file" name="file" id="box">
                        </td>
                        <td>
                            <label>Month Completion:</label>
                            <select name="month">
                                <option>-Select Month-</option>
                                <?php $months = array("January","February","March","April","May","June","July","August","September","October","November","December"); ?>
                                <?php foreach($months as $month): ?>
                                <option value="<?php echo $month; ?>" <?php if($month == $result['status']){echo 'selected="selected"';} ?>><?php echo $month; ?></option>
                                <?php endforeach; ?>
                            </select>
                        </td>
                        <td>
                            <label>Year of Completion:</label>
                            <?php $cutoff = 2010; $now = date("Y"); ?>
                            <select name="year">
                                <?php for($y = $now; $y >= $cutoff; $y--): ?>
                                <option value="<?php echo $y; ?>"><?php echo $y; ?></option>
                                <?php endfor; ?>
                            </select>
                        </td>
                    </tr>
                    <tr>
                        <td colspan="3" align="center">
                            <input id="formbtn" type="submit" name="submit" value="Add" />
                        </td>
                    </tr>
                <?php endforeach; ?>
            </tbody>
        </table>
    </form>
    <div id="smallbtn">
        <p><a href="portfoliologgedin.php" title="Back to Portfolio">Back</a></p>
    </div>
</div><!-- end content -->
<?php require("footerloggedin.php");?>

Edited by gabrielcastillo

0

There is nothing wrong, but why?

<input type="file" name="0" id="box">

I hope you are aware that it can be viewed as an integer and maybe bolean if not careful.

$x = 5 + "0 cups of coffee";

$y = 5 + "5 cups of coffee";

will give $x = 5 cups of coffee and $y = 10 cups of coffee. What I am saying here is that both $x and $y are integer at this point. While

$x = "0"; 

is a string. If we check (isset($_POST['0'])), gues what we are going to get?

Be careful with your data types..

0

Hi,

Sorry for posting again but I'm feeling lost. I made the same code of another page because it is similar to this but when I change some code such as the query to insert in DB, this page is not working. :(

This is the latest code:

<?php 
    require("headerloggedin.php"); 
?>
<div id="content">
    <?php 
        if (!empty($_POST["idofclient"]))
        {
            $clientid = $_POST["idofclient"];
            $userid = $_POST["idofuser"];
            $month = $_POST["month"]; 
            $year = $_POST["year"];

            $currdatetime = date("Y/m/d H:i:s");

            $filecount=count($_FILES);

            for($j=0;$j<$filecount;$j++)
            {   
                if($_FILES[$j]['size']<=0 ) 
                continue;
                $fileno=$j+1;
                $filetitle = $_FILES[$j]['name'];
                if($filetitle!="")
                {       
                    $fileext = substr($_FILES[$j]['name'], strrpos($_FILES[$j]['name'], '.'));
                    $uploaddir = "../../images/work/";
                    $max_size = "40194304";//"2621440";//"8388608";//""6291456";//"5242880";//"1048576";//"512000";//8388608

                    if ($_FILES[$j]['type'] == "text/html")
                    {
                        $var_msg.= "Incorrect File Extension for file {$fileno}!<br>";
                        $insert=false;
                        break;
                    }
                    else
                    {
                        if($_FILES[$j]['size'] > $max_size)
                        {
                            $var_msg.= "File Size Is Too Big for file {$fileno}! Max size is 4 MB<br>!";
                            $insert=false;
                            break;
                        }
                        else
                        {
                            /*move_uploaded_file($_FILES[$j]['tmp_name'],$uploaddir.$file_name); */ 
                            move_uploaded_file($_FILES[$j]['tmp_name'], $uploaddir.$filetitle);

                            $query = "INSERT INTO gallery (userid, clientid, folder, file, filext, month, year, dateuploaded) VALUES ('$clientid', '$userid', '$uploaddir', '$filetitle', '$fileext', '$month', '$year', '$currdatetime')";

                            $db->query($query);
                            echo "<p id='text'>file uploaded</p>";
                        }
                    }   
                }   
            }
        }//end file array
    ?>
    <div id="smallbtn">
        <ul>
            <li><a id="backbtn" href="portfoliologgedin.php">Back</a></li>
        </ul>
    </div>
</div>
<?php require("footerloggedin.php"); ?>
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.