PDA

View Full Version : Help with an upload pic script


kona72
12-13-2006, 04:13 AM
Hi All,

I need some one to help me understand exactly what is going on here.... I cannot get my pics to upload!!!

Here is the script i am using to up load my pics....

{ if(is_uploaded_file($_FILES[userfile1][tmp_name]))
{
$dt=date("YmdHis");
$file=$dt.$_FILES[userfile1][name];
copy($_FILES[userfile1][tmp_name],"../home_pics/pics1/$file1");
}}


and here is the insert SQL....


if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "insertform")) {
$insertSQL = sprintf("INSERT INTO real_estate (rec_num, home_id, list, title1, desc1, pic1, ) VALUES (%s, %s, %s, %s, %s, %s, )",
GetSQLValueString($_POST['rec_num'], "int"),
GetSQLValueString($_POST['home_id'], "text"),
GetSQLValueString($_POST['list'], "text"),
GetSQLValueString($_POST['title1'], "text"),
GetSQLValueString($_POST['desc1'], "text"));

I have set the folder permissions to 777 but still cannot get this to upload...


oh yes my form is named appropriately

<form action="<?php echo $editFormAction; ?>" method="POST" name="insertform" id="insertform" ENCTYPE="multipart/form-data" >


here is my file structure as well....

root>
>connections
>control
insert page I am working on
>home_pics
>pics1

Hope this all makes sense.... I am really trying to wrap my head around this.... If some one could explain what that script is exactly doing that would be GREAT... I understand though if that is not possible...

ps this is just one portion.. i am in reality trying to get this to work for 6 different folders....


Thanks in advance!!!!

davidj
12-13-2006, 08:39 AM
inside your form tag do you have...


<input type="hidden" name="MAX_FILE_SIZE" value="50000" />

kona72
12-13-2006, 02:18 PM
Hi DJ,

I do now.. didn't change anything...

I thought I would post the entire page to give you a better idea.... AND for your added enjoyment, i have attached the SQL

As I mentioned in the previous post, I am trying to upload 6 different pics... Not sure if this is the most effective way...



<?php require_once('../Connections/bsmlaw.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
{ if(is_uploaded_file($_FILES[userfile1][tmp_name]))
{
$dt=date("YmdHis");
$file=$dt.$_FILES[userfile1][name];
copy($_FILES[userfile1][tmp_name],"../home_pics/pics1/$file1");
}}
{ if(is_uploaded_file($_FILES[userfile2][tmp_name]))
{
$dt=date("YmdHis");
$file1=$dt.$_FILES[userfile2][name];
copy($_FILES[userfile2][tmp_name],"../home_pics/pics2/$file2");
}}
{ if(is_uploaded_file($_FILES[userfile3][tmp_name]))
{
$dt=date("YmdHis");
$file1=$dt.$_FILES[userfile3][name];
copy($_FILES[userfile2][tmp_name],"../home_pics/pics3/$file3");
}}
{ if(is_uploaded_file($_FILES[userfile4][tmp_name]))
{
$dt=date("YmdHis");
$file1=$dt.$_FILES[userfile4][name];
copy($_FILES[userfile4][tmp_name],"../home_pics/pics4/$file4");
}}
{ if(is_uploaded_file($_FILES[userfile5][tmp_name]))
{
$dt=date("YmdHis");
$file1=$dt.$_FILES[userfile5][name];
copy($_FILES[userfile5][tmp_name],"../home_pics/pics5/$file5");
}}
{ if(is_uploaded_file($_FILES[userfile6][tmp_name]))
{
$dt=date("YmdHis");
$file1=$dt.$_FILES[userfile6][name];
copy($_FILES[userfile6][tmp_name],"../home_pics/pics6/$file6");
}}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "insertform")) {
$insertSQL = sprintf("INSERT INTO real_estate (rec_num, home_id, list, title1, desc1, pic1, title2, desc2, pic2, title3, desc3, pic3, title4, desc4, pic4, title5, desc5, pic5, title6, desc6, pic6) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['rec_num'], "int"),
GetSQLValueString($_POST['home_id'], "text"),
GetSQLValueString($_POST['list'], "text"),
GetSQLValueString($_POST['title1'], "text"),
GetSQLValueString($_POST['desc1'], "text"),
GetSQLValueString($_POST['title2'], "text"),
GetSQLValueString($_POST['desc2'], "text"),
GetSQLValueString($_POST['title3'], "text"),
GetSQLValueString($_POST['desc3'], "text"),
GetSQLValueString($_POST['title4'], "text"),
GetSQLValueString($_POST['desc4'], "text"),
GetSQLValueString($_POST['title5'], "text"),
GetSQLValueString($_POST['desc5'], "text"),
GetSQLValueString($_POST['title6'], "text"),
GetSQLValueString($_POST['desc6'], "text"),
GetSQLValueString($file1, "text"),
GetSQLValueString($file2, "text"),
GetSQLValueString($file3, "text"),
GetSQLValueString($file4, "text"),
GetSQLValueString($file5, "text"),
GetSQLValueString($file6, "text"));

mysql_select_db($database_bsmlaw, $bsmlaw);
$Result1 = mysql_query($insertSQL, $bsmlaw) or die(mysql_error());

$insertGoTo = "../realestatelist.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Kelvington Homes For Sale</title>
<link href="../stylesheet.css" rel="stylesheet" type="text/css" />
</head>

<body>
<table width="780" border="0" align="center" cellpadding="15" cellspacing="0">
<tr>
<td height="150" align="left" valign="middle" bgcolor="#006699" class="BIG_text">Kelvington Homes for Sale </td>
</tr>
</table>
<table width="780" border="0" align="center" cellpadding="10" cellspacing="0">
<tr>
<td width="100%" colspan="2" align="left" valign="top" class="main_text">
<form action="<?php echo $editFormAction; ?>" method="POST" name="insertform" id="insertform" ENCTYPE="multipart/form-data" >
<table width="100%%" border="0" cellspacing="0" cellpadding="10">
<tr>
<td width="20%">House ID# </td>
<td width="80%"><input name="home_id" type="text" id="home_id" />
<input name="rec_num" type="hidden" id="rec_num" />
<input type="hidden" name="MAX_FILE_SIZE" value="50000" /></td>
</tr>
<tr>
<td>List Price# </td>
<td><input name="list" type="text" id="list" /></td>
</tr>
<tr>
<td valign="top">Description Title #1 </td>
<td valign="top"><input name="title1" type="text" id="title1" /></td>
</tr>
<tr>
<td valign="top">Description #1 </td>
<td valign="top"><textarea name="desc1" cols="70" rows="10" id="desc1"></textarea></td>
</tr>
<tr align="left" valign="top">
<td valign="top">Upload Fullsize:</td>
<td valign="top"><input type="file" name="userfile1" /> </td>
</tr>
<tr>
<td valign="top">Description Title #2</td>
<td valign="top"><input name="title2" type="text" id="title2" /></td>
</tr>
<tr>
<td valign="top">Description #2 </td>
<td valign="top"><textarea name="desc2" cols="70" rows="10" id="desc2"></textarea></td>
</tr>
<tr align="left" valign="top">
<td valign="top">Upload Fullsize:</td>
<td valign="top"><input type="file" name="userfile2" /> </td>
</tr>
<tr>
<td valign="top">Description Title #3</td>
<td valign="top"><input name="title3" type="text" id="title3" /></td>
</tr>
<tr>
<td valign="top">Description #3</td>
<td valign="top"><textarea name="desc3" cols="70" rows="10" id="desc3"></textarea></td>
</tr>
<tr align="left" valign="top">
<td valign="top">Upload Fullsize:</td>
<td valign="top"><input type="file" name="userfile3" /> </td>
</tr>
<tr>
<td valign="top">Description Title #4</td>
<td valign="top"><input name="title4" type="text" id="title4" /></td>
</tr>
<tr>
<td valign="top">Description #4</td>
<td valign="top"><textarea name="desc4" cols="70" rows="10" id="desc4"></textarea></td>
</tr>
<tr align="left" valign="top">
<td valign="top">Upload Fullsize:</td>
<td valign="top"><input type="file" name="userfile4" /> </td>
</tr>
<tr>
<td valign="top">Description Title #5</td>
<td valign="top"><input name="title5" type="text" id="title5" /></td>
</tr>
<tr>
<td valign="top">Description #5</td>
<td valign="top"><textarea name="desc5" cols="70" rows="10" id="desc5"></textarea></td>
</tr>
<tr align="left" valign="top">
<td valign="top">Upload Fullsize:</td>
<td valign="top"><input name="userfile5" type="file" id="userfile5" /> </td>
</tr>
<tr>
<td valign="top">Description Title #6</td>
<td valign="top"><input name="title6" type="text" id="title6" /></td>
</tr>
<tr>
<td valign="top">Description #6</td>
<td valign="top"><textarea name="desc6" cols="70" rows="10" id="desc6"></textarea></td>
</tr>
<tr align="left" valign="top">
<td valign="top">Upload Fullsize:</td>
<td valign="top"><input name="userfile6" type="file" id="userfile6" /> </td>
</tr>
<tr align="left" valign="top">
<td valign="top">&nbsp;</td>
<td valign="top"><input type="submit" name="Submit" value="Submit" /></td>
</tr>
</table>
<input type="hidden" name="MM_insert" value="insertform">
</form> <p>&nbsp;</p>
</td>
</tr>
</table>
<p><br />
<br />
</p>
</body>
</html>

davidj
12-13-2006, 02:26 PM
still not working?

have you checked your PHP.ini

there is a upload variable you can set in there

also check the file sizes your trying to upload. I had a client with the same problem which i had to go and troubleshoot from their offices. It turned out she was trying to upload a 100mb file !

kona72
12-13-2006, 02:30 PM
Hey DJ...

it is set to 25MB and file sizes are small... 400- 500 kb mark

I have also just edited my last post to include the sql...

Does the order of the SQL insert play any part in this??


if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "insertform")) {
$insertSQL = sprintf("INSERT INTO real_estate (rec_num, home_id, list, title1, desc1, pic1, title2, desc2, pic2, title3, desc3, pic3, title4, desc4, pic4, title5, desc5, pic5, title6, desc6, pic6) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['rec_num'], "int"),
GetSQLValueString($_POST['home_id'], "text"),
GetSQLValueString($_POST['list'], "text"),
GetSQLValueString($_POST['title1'], "text"),
GetSQLValueString($_POST['desc1'], "text"),
GetSQLValueString($_POST['title2'], "text"),
GetSQLValueString($_POST['desc2'], "text"),
GetSQLValueString($_POST['title3'], "text"),
GetSQLValueString($_POST['desc3'], "text"),
GetSQLValueString($_POST['title4'], "text"),
GetSQLValueString($_POST['desc4'], "text"),
GetSQLValueString($_POST['title5'], "text"),
GetSQLValueString($_POST['desc5'], "text"),
GetSQLValueString($_POST['title6'], "text"),
GetSQLValueString($_POST['desc6'], "text"),
GetSQLValueString($file1, "text"),
GetSQLValueString($file2, "text"),
GetSQLValueString($file3, "text"),
GetSQLValueString($file4, "text"),
GetSQLValueString($file5, "text"),
GetSQLValueString($file6, "text"));

davidj
12-13-2006, 02:36 PM
when doing this stuff i think modular

first get a simple upload script working. as basic as possible. just enough to get a file to another location on your server

then start adding bits like your insert sql

I hate the way DW write those. Very heavy scripts!

kona72
12-13-2006, 02:43 PM
ok.. i get it.

I'll give it a shot....

Might even get brave and try your 'hand coding' ;)

Thanks DJ

davidj
12-13-2006, 02:46 PM
here is a one i have written

it is bespoke so your going to have to mod it

i have commented everything so you should get the idea

I know this works


<?php

$ID = $_SESSION['user_id'];
$max_size = 500000000;

$tmpName = $tmpDir."/".$_FILES['uploadFile']['name']; // get name of file to validate
$csvName = $tmpDir."/CN".date("d").date("m").date("Y").".csv"; // set CSV file naming convention
$arrayPath = explode("/", $tmpName); // explode full path/name.xls into array
$FileName = array_pop($arrayPath); // get the file name from the array
// analyse file name
$ext = explode('.', $FileName);
$part1 = substr($FileName,0,2); //doctype
$part2 = substr($FileName,2,8); //numerics
$part3= substr($FileName,10,3); //nnn
// for use within the dir exists script @ line 137
$dc = strtoupper($part1);
$d = substr($part2,0,2);
$m = substr($part2,2,2);
$y = substr($part2,4,4);
$n = $part3;
// set paths for use later on
$from = $tmpName;
$to = "$Imagepath/$dc/docs/$y/$m/$d/".$part1.$part2.$part3.".xls";
/////////////////////////////////////
// check if file exists
if ($submitter && file_exists($to)){
$error = L21;
$redirect = $_SESSION['pageBack'].".php?w=053";

}

// check that file name conforms (cnddmmyyyynnn.xls)
if ($submitter && (strtoupper($part1) !="CN" || strlen($FileName) != 17 || $ext[1] != 'xls')){
$error = L22;
$redirect = $_SESSION['pageBack'].".php?w=054";
}
/////////////////////////////////////
/// check file name is correct else error
if( $submitter && empty($error)){
if (move_uploaded_file ($_FILES['uploadFile']['tmp_name'], $tmpName)){



///////////////////////////////////////////

/// do stuff here




}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>

<form name="form1" enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="hidden" name="MAX_FILE_SIZE" value="50000000">

<input name="submitter" type="hidden" id="submitter" value="1">
<table width="87%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="19%" align="left">&nbsp;</td>
<td width="55%" align="left"><span class="text-label">Select an Excel Spreadsheet</span></td>
<td align="center">&nbsp;</td>
</tr>
<tr>
<td height="38" colspan="2" align="right"><label for="upload" class="text-label"></label>

<input name="uploadFile" type="file" class="form-field-10" size="30"> </td>
<td height="38" align="center">&nbsp;</td>
</tr>
<tr>
<td height="80" colspan="2" align="right">

<input name="Submit" type="submit" class="form-button-3" style="margin-left:120px;" value="Upload File" onClick="display()"> </td>
<td width="26%" colspan="-1"></td>
</tr>
<tr>
<td height="80" colspan="3" align="center" valign="middle">

<div id="display"></div> </td>
</tr>
</table>

<p>&nbsp;</p>
</form>
</body>
</html>


I used this to upload an xls then read and write the cells to a db with the contents then convert to a csv before deleting the xls

I removed the pixie dust

nanny
12-16-2006, 05:32 AM
Hi I don't know if this helps but this is from a book tutorial:
$editFormAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
$editFormAction .= "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
}

if ((isset($HTTP_POST_VARS["MM_insert"])) && ($HTTP_POST_VARS["MM_insert"] == "frmNews")) {
// grab the contents of the uploaded files and pop the contents in a variable
if(is_uploaded_file($_FILES['news_icon']['tmp_name'])) {
$news_icon = implode ('', file($_FILES['news_icon']['tmp_name']));
$news_icon_type = $_FILES['news_icon']['type'];
$news_icon_meta = implode('',array_slice(getimagesize($_FILES['news_icon']['tmp_name']),3,1));
}
if(is_uploaded_file($_FILES['news_image']['tmp_name'])) {
$news_image = implode ('', file($_FILES['news_image']['tmp_name']));
$news_image_type = $_FILES['news_image']['type'];
$news_image_meta = implode('',array_slice(getimagesize($_FILES['news_image']['tmp_name']),3,1));
}
$insertSQL = sprintf("INSERT INTO news (news_category_fk, news_date, news_headline, news_precis, news_fulltext, news_icon, news_icon_type, news_icon_meta, news_image, news_image_type, news_image_meta) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($HTTP_POST_VARS['news_category_fk'], "int"),
GetSQLValueString(time(), "int"),
GetSQLValueString($HTTP_POST_VARS['news_headline'], "text"),
GetSQLValueString(nl2br($HTTP_POST_VARS['news_precis']), "text"),
GetSQLValueString(nl2br($HTTP_POST_VARS['news_fulltext']), "text"),
GetSQLValueString(addslashes($news_icon), "text"),
GetSQLValueString($news_icon_type,"text"),
GetSQLValueString($news_icon_meta,"text"),
GetSQLValueString(addslashes($news_image), "text"),
GetSQLValueString($news_image_type,"text"),
GetSQLValueString($news_image_meta,"text"));
mysql_select_db($database_tvnews, $tvnews);
$Result1 = mysql_query($insertSQL, $tvnews) or die(mysql_error());
$newsItem = mysql_insert_id();
I am actually trying to allow users to upload but to their own folder but haven't worked that out yet. I don't want them to be able to access others folders or my folders of images.
Any suggestions if you know would be appreciated.