0

Hi

I have three pages to upload an image or another type of work for particular client. One of these pages are to show the uploaded files if i uploaded before and it called clientwork.php, the second page is called nework.php, this is a form page to choose the new work for the choosed client and the third page is used to upload the specific file for the specific client in the database and folder and it called addworkprocess.php. My problem is on the third page, i mean on addworkprocess.php because when I click on add button to upload the file from nework.php, the file didn't upload on the database and didn't transfer on the specific file. can anyone help me to find the problem please? hereunder i paste the code of these pages.

Thanks for your help.
Marifard

clientwork.php

<?php 
    require("headerloggedin.php"); 
?>
  <div id="content">
    <div id="clientcontent">
      <?php
                    $clientid = $_GET["clientid"];
                    $userid = $_GET["userid"];

                    $query = "SELECT * FROM clients WHERE clients.clientid = $clientid AND clients.userid = $userid";
                    $resultset = $db->query($query);
                    while($row = mysql_fetch_array($resultset))
                    {
                        echo "<p id='titles'>".$row["clientname"]."</p>";

                        $query = "SELECT * FROM gallery WHERE gallery.clientid = $clientid ORDER BY month, year";
                        $resultset = $db->query($query);
                        while($row = mysql_fetch_array($resultset))
                        {
                ?>
      <div>
        <section>
          <div id="gallery">
            <ul>
              <li>
                <?php
                    if($row["filext"] == ".swf")
                    {

                ?>
                <a class="fancybox" rel="group" title="<?php echo $row["description"]?>" href="<?php echo "../".$row["folder"], $row["file"];?>"><img src="../images/icons/flashicon.png" width="100px" height="100px" /></a><a id="newclient" href="deleteimage.php?id=<?php echo $row["imgid"]; ?>">Delete</a></li>
                <?php
                    }
                    else
                    {
                ?>
              <li><a class="fancybox" rel="group" title="<?php echo $row["description"]?>" href="<?php echo "../".$row["folder"], $row["file"];?>"><img src="<?php echo "../".$row["folder"], $row["file"];?>" width="100px" height="100px" /></a><a id="newclient" href="deleteimage.php?id=<?php echo $row["imgid"]; ?>">Delete</a></li>

                <?php
                    }
                ?>
            </ul>
          </div>
        </section>
      </div>
      <!-- Add jQuery library --> 
      <script type="text/javascript" src="http://code.jquery.com/jquery-latest.min.js"></script> 
      <!-- Add fancyBox -->
      <link rel="stylesheet" href="../jquery/source/jquery.fancybox.css" type="text/css" media="screen" />
      <script type="text/javascript" src="../jquery/source/jquery.fancybox.pack.js"></script> 
      <script type="text/javascript">
    $(document).ready(function() {
        $(".fancybox").fancybox();
    });
</script>
      <?php
                        }
                    }
                ?>
      <br />
      <br />
      <br />

    </div>
    <div id="btmcontent">
    <table>
        <tr>
          <td><a id="newclient" href="nework.php?clientid=<?php echo $clientid;?>&userid=<?php echo $userid;?>">Add Work</a></td>
          <td><a id="backbtn" href="galleryloggedin.php">Back</a></td>
        </tr>
      </table>
    </div>
  </div>
  <?php require("footerloggedin.php"); ?>

nework.php

<?php
    require("headerloggedin.php");
?>
<?php
    $clientid = $_GET["clientid"];
    $query = "SELECT * FROM clients WHERE clientid = $clientid";
    $resultset = $db->query($query);
    while($row = mysql_fetch_array($resultset))
    {
?>
            <div id="content">
                <table>
                    <tr>
                        <td colspan="3"><p id='clientname' align="center"><?php echo $row["clientname"];?></p></td>
                    </tr>
                    <tr>
                        <form enctype="multipart/form-data" method="post" action="addworkprocess.php">
                            <input type="hidden" name="idofclient" value="<?php echo $clientid;?>"/>
                            <td>
                                <p id="text">Add Work:</p>
                                <input type="file" name="0" id="box">
                            </td>
                            <td>
                                <p id="text">Month Completion:</p>
                                <select name="month" id="box">
                                    <option value="">-Select Month-</option>
                                    <?php
                                        $months = array("January","February","March","April","May","June","July","August","September","October","November","December");
                                        foreach ($months as $month): 
                                    ?>
                                    <option value="<?php echo $month; ?>"<?php if ($row['status'] == $month): ?> selected="selected"<?php endif; ?>><?php echo $month; ?></option>
                                    <?php endforeach; ?>
                                </select>
                            </td>
                            <td> 
                                <p id="text">Year of Completion:</p>
                                <?php
                                    // lowest year wanted
                                    $cutoff = 2010;

                                    // current year
                                    $now = date('Y');

                                    // build years menu
                                    echo '<select name="year" id="box">' . PHP_EOL;
                                    for ($y=$now; $y>=$cutoff; $y--) 
                                    {
                                        echo '<option value="' . $y . '">' . $y . '</option>' . PHP_EOL;
                                    }   
                                        echo '</select>' . PHP_EOL;
                                ?>
                            </td>
                        </tr>
                        <tr>
                            <td><input id="formbtn" type="submit" value="Add" /></td>
                        </tr>
                    </form>
                </table>
                <div id="smallbtn">
                    <ul>
                        <li><a href="portfoliologgedin.php">Back</a></li>
                    </ul>
                </div>
            </div>
<?php 
    }
?>
<?php
    require("footerloggedin.php");
?>

addworkprocess.php

<?php 
    require("headerloggedin.php"); 
?>
<div id="content">
    <?php 
        if (!empty($_POST["idofclient"]))
        {
            $clientid = $_POST["idofclient"];
            $userid = $_POST["idofuser"];
            $month = $_POST["month"]; 
            $year = $_POST["year"];

            $currdatetime = date("Y/m/d H:i:s");

            $filecount=count($_FILES);

            for($j=0;$j<$filecount;$j++)
            {   
                if($_FILES[$j]['size']<=0 ) 
                continue;
                $fileno=$j+1;
                $filetitle = $_FILES[$j]['name'];
                if($filetitle!="")
                {       
                    $fileext = substr($_FILES[$j]['name'], strrpos($_FILES[$j]['name'], '.'));
                    $uploaddir = "../images/work/";
                    $max_size = "40194304";//"2621440";//"8388608";//""6291456";//"5242880";//"1048576";//"512000";//8388608

                    if ($_FILES[$j]['type'] == "text/html")
                    {
                        $var_msg.= "Incorrect File Extension for file {$fileno}!<br>";
                        $insert=false;
                        break;
                    }
                    else
                    {
                        if($_FILES[$j]['size'] > $max_size)
                        {
                            $var_msg.= "File Size Is Too Big for file {$fileno}! Max size is 4 MB<br>!";
                            $insert=false;
                            break;
                        }
                        else
                        {
                            /*move_uploaded_file($_FILES[$j]['tmp_name'],$uploaddir.$file_name); */ 
                            move_uploaded_file($_FILES[$j]['tmp_name'], $uploaddir.$filetitle);

                            $query = "INSERT INTO gallery (clientid, folder, file, filext, month, year, dateuploaded) VALUES ('$clientid', '$uploaddir', '$filetitle', '$fileext', '$month', '$year', '$currdatetime')";

                            $db->query($query);
                            echo "<p id='text'>file uploaded</p>";
                        }
                    }   
                }   
            }
        }//end file array
    ?>
    <div id="smallbtn">
        <ul>
            <li><a id="backbtn" href="portfoliologgedin.php">Back</a></li>
        </ul>
    </div>
</div>
<?php require("footerloggedin.php"); ?>
2
Contributors
2
Replies
15
Views
2 Years
Discussion Span
Last Post by marifard
0

Before I go further, your script is vulnerable to SQL injection... You should ALWAYS sanitize any input from user if you are going to use it inside your query (i.e. $userid is the problem in your clientwork.php script). If you don't know what SQL injection is, you should google it.

Now, a simple debugging is to put some echo statement in your script. First, check with your addworkprocess.php. Right below line 15, add an echo statement to display what the value of filecount is. Then right before line 19, echo if the file data in the loop is correct. Also, line 26 has a problem if the file contain more than 1 dot (i.e. myfile.name.ext). You should look for the "last" dot in the string.

Edited by Taywin

0

Hi,

I found the error. Line 20 (continue;) of addworkprocess.php is the error. Apart from that I removed line 8 and clients.userid = $userid in line 10 from clientwork.php

Thannks for your help.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.