Stumped - File Upload

[Freakish_05]

Morning all.

I'm trying to finish off the last bit of a website and it requires a file upload. I've tried numerous ways of getting this to work but its not having any of it.
Would appreciate it if someone could give the code a once over and tell me if there's anything wrong or at least some new ideas to try and get this working.

The offending code:

<?php
require_once("../includes/dba.php");
mysql_select_db($db_name, $db_connect);
$submitted = $_GET['submitted'];
$self = $_SERVER['PHP_SELF'];
$sid = $_GET['sid'];
$store = mysql_query("SELECT * FROM links WHERE sid = $sid", $db_connect);
$store_row = mysql_fetch_assoc($store);
if(isset($submitted))
	{
	$title = $_GET['title'];
	$description = $_GET['description'];
	$paypal = $_GET['paypal'];
	if(isset($_FILES["image"]))
		{
		$image = basename($_FILES['image']['name']);
		move_uploaded_file($_FILES['image']['tmp_name'], "../images/store/" . basename($_FILES['image']['name']));
		}
	else
		{
		$image = "";
		}
	mysql_query("INSERT INTO `store` (`uid` , `sid` , `title` , `description` , `image` , `paypal_link`) VALUES (NULL, '$sid' , '$title' , '$description' , '$image' , '$paypal')", $db_connect) or die(mysql_error());
	echo "<script type=\"text/javascript\" src=\"../includes/refreshparent.js\"></script>";
	}
else
	{
	echo "
<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\">
<html>
<head>
<title>Add Store Item</title>
<link href=\"../includes/style.css\" rel=\"stylesheet\" type=\"text/css\">
</head>
<body>
<div style=\"text-align: center\">Add item to <strong>$store_row[title]</strong> store</div><br>
<form action=\"$self\" method=\"get\">
<table width=\"490\" height=\"290\">
<tr>
<td>Product Name:</td>
<td><input type=\"text\" name=\"title\"></td>
</tr>
<tr>
<td>Product Description</td>
<td><textarea name=\"description\" rows=\"3\" cols=\"40\"></textarea></td>
</tr>
<tr>
<td>Paste Paypal Button Code:</td>
<td><textarea name=\"paypal\" rows=\"3\" cols=\"40\"></textarea></td>
</tr>
<tr>
<td>Image Upload:</td>
<td><input type=\"file\" name=\"image\"></td>
</tr>
<tr>
<td colspan=\"2\"><input type=\"hidden\" name=\"submitted\" value=\"true\"><input type=\"submit\" value=\"Submit\"><input type=\"button\" value=\"Cancel\" onclick=window.close()><input type=\"hidden\" name=\"sid\" value=\"$sid\"></td>
</table>
</form>
</body>
</html>
	";
	}
?>

Very many thanks

 

[blighter]

im a n00b at php but i didnt think you could echo HTML? try PHP_Includes instead


http://www.php.net/include/

 

[Freakish_05]

Blighter: You can echo HTML, I use it all over my sites (all valid 4.01 of course ). Admittedly I was unsure at first, but as long as you put a \ before every " it works sweet

Its just the file upload bit thats giving me the trouble. I think it might be something to do with the actual uploading of the files from the client to the server because when I replace the javascript with echo ($_FILES) I get "Array" and then nothing which means that no file has been transferred to the server which is probably whats causing the problem

Any ideas as to how this might be caused/solved.

Cheers

 

[ClearChaos]

need to add enctype="multipart/form-data" for form uploads from what i remember

http://www.w3schools.com/php/php_file_upload.asp

 

[Dano]

What ClearChaos said

Also, maybe there is a reason for doing so that I am unaware of but rather than echoing all that HTML with escapes for the quotes you know you can just end the php section, write clean HTML then restart the php again right?

 

[Freakish_05]

Thanks for the input guys.

I've added that enctype bit to the form tag and set everything to POST and still nothing.

@Dano: Yes, I am aware that you can close and restart php around HTML but its a habit I've gotten into as most of my pages contain lots of php elements.

Any more ideas as to what could be going wrong?

 

[Freakish_05]

bump! anyone?

Here is the latest iteration of code that I've now been working on for the last 2 days lol

<?php
require_once("../includes/dba.php");
mysql_select_db($db_name, $db_connect);
$submitted = $_POST['submitted'];
$self = $_SERVER['PHP_SELF'];
if(isset($_GET['sid']))
	{
	$sid = $_GET['sid'];
	}
else
	{
	$sid = $_POST['sid'];
	}
$store = mysql_query("SELECT * FROM links WHERE sid = $sid", $db_connect);
$store_row = mysql_fetch_assoc($store);
if(isset($submitted))
	{
	$title = $_POST['title'];
	$description = $_POST['description'];
	$paypal = $_POST['paypal'];
	if($_FILES['image']['name'] > 0)
		{
		$image = basename($_FILES['image']['name']);
		move_uploaded_file($_FILES['image']['tmp_name'], "../images/store/" . basename($_FILES['image']['name']));
		}
	else
		{
		$image = "";
		}
	mysql_query("INSERT INTO `store` (`uid` , `sid` , `title` , `description` , `image` , `paypal_link`) VALUES (NULL, '$sid' , '$title' , '$description' , '$image' , '$paypal')", $db_connect) or die(mysql_error());
	echo ($_FILES);
	}
else
	{
	echo "
<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\">
<html>
<head>
<title>Add Store Item</title>
<link href=\"../includes/style.css\" rel=\"stylesheet\" type=\"text/css\">
</head>
<body>
<div style=\"text-align: center\">Add item to <strong>$store_row[title]</strong> store</div><br>
<form enctype=\"multipart/form-data\" action=\"$self\" method=\"post\">
<table width=\"490\" height=\"290\">
<tr>
<td>Product Name:</td>
<td><input type=\"text\" name=\"title\"></td>
</tr>
<tr>
<td>Product Description</td>
<td><textarea name=\"description\" rows=\"3\" cols=\"40\"></textarea></td>
</tr>
<tr>
<td>Paste Paypal Button Code:</td>
<td><textarea name=\"paypal\" rows=\"3\" cols=\"40\"></textarea></td>
</tr>
<tr>
<td>Image Upload:</td>
<td><input type=\"file\" name=\"image\"></td>
</tr>
<tr>
<td colspan=\"2\"><input type=\"hidden\" name=\"submitted\" value=\"true\"><input type=\"submit\" value=\"Submit\"><input type=\"button\" value=\"Cancel\" onclick=window.close()><input type=\"hidden\" name=\"sid\" value=\"$sid\"></td>
</table>
</form>
</body>
</html>
	";
	}
?>

Cheers in advance.

 

[paulsheffII]

I would get out of the habit of echoing loads of html like that, it must be an editing nightmare.

Have you actually checked the file is being uploaded correctly?

if(is_uploaded_file($_FILES['image']['tmp_name']))
{

echo "Yep the package was delivered";

}

And why are you passing a hidden value to detect the form has been submitted? Just change the submit button to

<input name="submit" type="submit" id="submit" value="Submit">

And

if(isset($submitted))

to

if(isset($_POST["submit"]))

 

[marc2003]

I would get out of the habit of echoing loads of html like that, it must be an editing nightmare.

agreed. i'm new to php but even i can see that is some crazy stuff you got going on there. howabout setting the php script to die if the condtions are met? that way, the html will not displayed.

<?php

if (something) {
     do stuff;
     die();
} elseif (something2) {
     do different stuff;
     die();
}
?>

<html>
blah
<input type="hidden" name="sid" value="<?=$sid?>" />
blah
</html>

notice you can still use your php variables in your html.

as for the main problem, sorry no idea.

 

[Freakish_05]

Its amazing how one line of code can change everything!
Replaced:

if($_FILES['image']['name'] > 0)

With:

if(is_uploaded_file($_FILES['image']['tmp_name']))

Now everything works fine! Bloody tempermental or what aye? lol

As for echo'ing HTML, I used to do things exactly like the way you described marc, I just find this way to be neater. Call it personal preferance lol

Very Many Thanks to all who contributed!

 

[toString]

I heard that it was 'faster' to output html in that way, rather than switching between php and html output like is being suggested. I would imagine the performance increase isn't that great though.

 

[marc2003]

As for echo'ing HTML, I used to do things exactly like the way you described marc, I just find this way to be neater. Call it personal preferance lol

escaping all those double quotes? looks like a nightmare to me.