Image upload question

Since you're checking the $_POST field and not the $_FILE array direct you can just split your code there itself.
Meaning, if $_POST is not set you want the script to fill in with NoPicture.jpg (am I correct?)
If so, this should fix your conundrum.

define("DEFAULT_IMAGE", "NoPicture.jpg");
define("DEFAULT_IMAGE_PATH", "/some/path/to/file/");

if(isset($_POST['upload'])) {
	//The normal file handling code that you have
} else {
	$fileName = DEFAULT_IMAGE;
	$fileSize = 0;
	$fileType = "";
	$fileName2 = DEFAULT_IMAGE;
	$fileSize2 = 0;
	$fileType2 = "";

	$filePath = DEFAULT_IMAGE_PATH. DEFAULT_IMAGE;
	$filePath2 = DEFAULT_IMAGE_PATH. DEFAULT_IMAGE;
	
}

You can change the filetype and filesize values to whatever you want.

Is this what you're looking for?

Yes! That is exactly what I am looking for.

I just ordered the PHP 5 and MySQL Bible to learn all this..but my client won't be patient enough for me to figure that out. So I REALLY appreciate your assistance with this! :) Thanks!

Seth

Glad to help :]

Please mark the thread as solved.

I would, but I am thinking I am implementing the code wrong or something. I can't get it to function correctly.

Here is how I have it.

<?php
$uploadDir = '/home/website/www/conditions/uploads/';

define("DEFAULT_IMAGE", "NoPicture.jpg");
define("DEFAULT_IMAGE_PATH", "/home/website/www/conditions/uploads/");

if(isset($_POST['upload']))
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$fileName2 = $_FILES['userfile2']['name'];
$tmpName2 = $_FILES['userfile2']['tmp_name'];
$fileSize2 = $_FILES['userfile2']['size'];
$fileType2 = $_FILES['userfile2']['type'];

$filePath = $uploadDir . $fileName;
$filePath2 = $uploadDir . $fileName2;

$result = move_uploaded_file($tmpName, $filePath);
$result = move_uploaded_file($tmpName2, $filePath2);
} else {
	$fileName = DEFAULT_IMAGE;
	$fileSize = 0;
	$fileType = "";
	$fileName2 = DEFAULT_IMAGE;
	$fileSize2 = 0;
	$fileType2 = "";

	$filePath = DEFAULT_IMAGE_PATH. DEFAULT_IMAGE;
	$filePath2 = DEFAULT_IMAGE_PATH. DEFAULT_IMAGE;
}
if (!$result) {
echo "Error uploading file";
exit;
}
include ("connection.inc");

$nwcomments = htmlspecialchars ($_POST[comments], ENT_QUOTES);
$nwpastwrain = htmlspecialchars ($_POST[pastwrain], ENT_QUOTES);
$nwtemp = htmlspecialchars ($_POST[temp], ENT_QUOTES);
$nwcp = htmlspecialchars ($_POST[cp], ENT_QUOTES);
$nwccs = htmlspecialchars ($_POST[ccs], ENT_QUOTES);
$nwccyp = htmlspecialchars ($_POST[ccyp], ENT_QUOTES);
$nwccp = htmlspecialchars ($_POST[ccp], ENT_QUOTES);
$nwcfp = htmlspecialchars ($_POST[cfp], ENT_QUOTES);
$nwcpwt = htmlspecialchars ($_POST[cpwt], ENT_QUOTES);
$nwsbcs = htmlspecialchars ($_POST[sbcs], ENT_QUOTES);
$nwsbcyp = htmlspecialchars ($_POST[sbcyp], ENT_QUOTES);
$nwsbcp = htmlspecialchars ($_POST[sbcp], ENT_QUOTES);
$nwsbfp = htmlspecialchars ($_POST[sbfp], ENT_QUOTES);
$nwsbpwt = htmlspecialchars ($_POST[sbpwt], ENT_QUOTES);
$nwsoilmoist = htmlspecialchars ($_POST[soilmoist], ENT_QUOTES);

if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
$fileName2 = addslashes($fileName2);
$filePath2 = addslashes($filePath2);
}

$query = "INSERT INTO northeast_conditions (cpicname, cpicsize, cpictype, cpicpath, sbpicname, sbpicsize, sbpictype, sbpicpath, date, pastwrain, soilmoist, temp, cp, ccs, ccyp, ccp, cfp, cpwt, sbcs, sbcyp, sbcp, sbfp, sbpwt, comments ) ".
"VALUES ('$fileName', '$fileSize', '$fileType', '$filePath', '$fileName2', '$fileSize2', '$fileType2', '$filePath2', '$_POST[date]', '$nwpastwrain', '$nwsoilmoist', '$nwtemp', '$nwcp', '$nwccs', '$nwccyp', '$nwccp', '$nwcfp', '$nwcpwt', '$nwsbcs', '$nwsbcyp', '$nwsbcp', '$nwsbfp', '$nwsbpwt', '$nwcomments')";

mysql_query($query) or die('Error, query failed : ' . mysql_error());

echo "<br><a href='northeast_conditions.php'>View Updated Page</a><br>";
}
?>

Keep getting an error. First it was in regards to line 70 the closing curly brace...then I took that off and it just let me know that there is an error uploading file...
The way you put it logically makes sense, so maybe I am just missing something when I'm implementing it?
Thanks!

Your IF clause should actually be like this (if you want to avoid PHP warnings about undeclared variables

if(isset($_POST['upload'])) {
	$fileName = $_FILES['userfile']['name'];
	$tmpName = $_FILES['userfile']['tmp_name'];
	$fileSize = $_FILES['userfile']['size'];
	$fileType = $_FILES['userfile']['type'];
	$fileName2 = $_FILES['userfile2']['name'];
	$tmpName2 = $_FILES['userfile2']['tmp_name'];
	$fileSize2 = $_FILES['userfile2']['size'];
	$fileType2 = $_FILES['userfile2']['type'];

	$filePath = $uploadDir . $fileName;
	$filePath2 = $uploadDir . $fileName2;

	$result = move_uploaded_file($tmpName, $filePath);
	$result2 = move_uploaded_file($tmpName2, $filePath2);	

	if (!($result && $result2)) { //In case, only one file got uploaded. 
		echo "Error uploading file";
		exit;
	}
} else {
	$fileName = DEFAULT_IMAGE;
	$fileSize = 0;
	$fileType = "";
	$fileName2 = DEFAULT_IMAGE;
	$fileSize2 = 0;
	$fileType2 = "";

	$filePath = DEFAULT_IMAGE_PATH. DEFAULT_IMAGE;
	$filePath2 = DEFAULT_IMAGE_PATH. DEFAULT_IMAGE;
}

If it gives you errors, try removing my ELSE block and work from there.

You might have been getting the error because the $result variable is not set to true if you don't upload a file. So if the ELSE block is executed, the script will always die complaining of file upload failure.

Thanks! You are a life saver. I will try to figure out my next issue for a while before I post a new one, but this one is SOLVED! Thanks soo much! = )

Seth

Hey.

There are a couple of things in that code that I would like to point out.

First, the variables you use the htmlspecialchars function on.
What that function does is prepare the fields for being printed into a HTML page, but you aren't actually doing that. You are preparing to insert them into your database, and that is what the mysql_real_escape_query function is for. You should be using the htmlspecialchars on things on the way out, not the way in ;-]

Second, you use the get_magic_quotes_gpc function there to check if you need to addslashes .
A better method is to use the function to check if you need to stripslashes and then run the variables through mysql_real_escape_query . It takes care of adding slashes where they are needed, as well as a lot of other things.

Consider this alternative version to your code:
(Which also solves your original question, by the way)

<?php
// Include the DB connection.
// Best to get that out of the way before anything else.
include ("db_connect.inc");

// Remove slashes from ALL post data if Magic Quotes are on.
// Magic Quotes are useless today, so if it is actually on, you should turn it off!
// But, you can nullify it like this:
if(get_magic_quotes_gpc()) {
    foreach($_POST as &$__field) {
        $__field = stripslashes($__field);
    }
}

// Set the upload dir, and the default image data.
$uploadDir = '/server/location/uploads';
$defaultImagePath = "/path/to/image/NoPicture.jpg";
$defaultImageType = "image/jpeg";
$defaultImageName = basename($defaultImagePath);
$defaultImageSize = filesize($defaultImagePath);

if(isset($_POST['upload']))
{
    // Try to use the uploaded file only if the file was
    // actually uploaded, and there was no error.
    if(isset($_FILES['userfile'], $_FILES['userfile2'])
    && $_FILES['userfile']['error'] == 0
    && $_FILES['userfile2']['error'] == 0)
    {
        $fileName = $_FILES['userfile']['name'];
        $tmpName = $_FILES['userfile']['tmp_name'];
        $fileSize = $_FILES['userfile']['size'];
        $fileType = $_FILES['userfile']['type'];
        $fileName2 = $_FILES['userfile2']['name'];
        $tmpName2 = $_FILES['userfile2']['tmp_name'];
        $fileSize2 = $_FILES['userfile2']['size'];
        $fileType2 = $_FILES['userfile2']['type'];

        $filePath = $uploadDir . $fileName;
        $filePath2 = $uploadDir . $fileName2;

        if(!move_uploaded_file($tmpName, $filePath) 
        || !move_uploaded_file($tmpName2, $filePath2))
        {
            echo "Failed to move the uploaded files. Make sure you have write permission in '{$uploadDir}'.";
            exit;
        }
    }
    else
    {
        // Use the default image.
        $fileName = $defaultImageName;
        $tmpName = $defaultImagePath;
        $fileSize = $defaultImageSize;
        $fileType = $defaultImageType;
        $fileName2 = $defaultImageName;
        $tmpName2 = $defaultImagePath;
        $fileSize2 = $defaultImageSize;
        $fileType2 = $defaultImageType;

        $filePath = $defaultImagePath;
        $filePath2 = $defaultImagePath;
    }

    // Get the data ready for being inserted into the SQL query
    $nwcomments = mysql_real_escape_string ($_POST['comments']);
    $nwpastwrain = mysql_real_escape_string ($_POST['pastwrain']);
    $nwtemp = mysql_real_escape_string ($_POST['temp']);
    $nwcp = mysql_real_escape_string ($_POST['cp']);
    $nwccs = mysql_real_escape_string ($_POST['ccs']);
    $nwccyp = mysql_real_escape_string ($_POST['ccyp']);
    $nwccp = mysql_real_escape_string ($_POST['ccp']);
    $nwcfp = mysql_real_escape_string ($_POST['cfp']);
    $nwcpwt = mysql_real_escape_string ($_POST['cpwt']);
    $nwsbcs = mysql_real_escape_string ($_POST['sbcs']);
    $nwsbcyp = mysql_real_escape_string ($_POST['sbcyp']);
    $nwsbcp = mysql_real_escape_string ($_POST['sbcp']);
    $nwsbfp = mysql_real_escape_string ($_POST['sbfp']);
    $nwsbpwt = mysql_real_escape_string ($_POST['sbpwt']);
    $nwsoilmoist = mysql_real_escape_string ($_POST['soilmoist']);
    $date = mysql_real_escape_string ($_POST['date']);

    $query = "
INSERT INTO northeast_conditions (
    cpicname, cpicsize, cpictype, cpicpath, sbpicname, sbpicsize, sbpictype, sbpicpath, date, pastwrain, soilmoist, temp, cp, ccs, ccyp, ccp, cfp, cpwt, sbcs, sbcyp, sbcp, sbfp, sbpwt, comments )
VALUES (
    '$fileName', '$fileSize', '$fileType', '$filePath', '$fileName2', '$fileSize2', '$fileType2', '$filePath2', '$date', '$nwpastwrain', '$nwsoilmoist', '$nwtemp', '$nwcp', '$nwccs', '$nwccyp', '$nwccp', '$nwcfp', '$nwcpwt', '$nwsbcs', '$nwsbcyp', '$nwsbcp', '$nwsbfp', '$nwsbpwt', '$nwcomments')";

    mysql_query($query) or die('Error, query failed : ' . mysql_error());

    echo "<br><a href='northeast_conditions.php'>View Updated Page</a><br>";

}
else {
    echo "<pre>No data was submitted.</pre>";
}
?>

And then you would use the htmlspecialchars function when you fetch the data and print it.

Hope that helps.

Wow! That was exactly what I was needing! I'm impressed! The other I was still struggling with a few minor issues in my coding, and you took all those and got rid of them.

Thanks!!! I can't wait to learn more about PHP so I can be in your shoes helping someone someday!
Seth

Maybe I jumped the gun on this one too. I can't get it to upload a picture with the script you set up up there. It keeps coming up with the error about checking permissions, after I changed my permissions to 777 on that uploads folder it is still coming up with the error.

I had to add

move_uploaded_file($tmpName, $filePath);
		move_uploaded_file($tmpName2, $filePath2);

right under line 41 just to get the error - because I was getting absolutely nothing to upload to my server. It was storing the path at least, but I didn't have my photo uploaded onto the server like it was doing.

Uh. I wish I understood the logistics of this whole PHP coding thing a lot better!
Seth

Are you absolutely sure you have the right paths set up?
I've tested the code, using different file paths, on my test server and it seems to work fine there.

The move_uploaded_file function, as it is there, should only fail if you pass it a destination that is either invalid or inaccessible.

One thing that could be the issue.
Line #19: $uploadDir = '/server/location/uploads'; .
Try adding a / at the end there. Without it the file names would just be appended to the folder name, rather then being added as a file name.
Like: $uploadDir = '/server/location/uploads/';

I had tried that as well, and didn't seem to do anything. I will close all my browsers and retry the code - maybe it just didn't refresh? I'll get back to you - thanks for trying it out.

That was my issue. The cookies had stored the old code or something on my computer so it kept loading the same code over and over. Now when I refreshed it and removed that extra code that I added it worked fine..first try.

Thanks a lot!
Seth

Ok, not to sound like a broken record, but assume for a second I want only one of my images to upload and don't currently have a second image. Is there a way to change that to upload just one instead of always having to be both or none?

I can't wait for the next step of this project after going through all this to get this far on this one. PHP is soo much more complex than ASP...that's for sure.

I don't really want to have someone write this out for me, I would LOVE to figure it out on my own, but I just don't have time to do that at the moment, or the understanding of PHP enough to figure a lot of the logistics of it. (I did order my book at least! So I will start learning...soon!).
Seth

I figured it out!!!!!!!!!

Here are my final results : )

<?php
// Include the DB connection.
// Best to get that out of the way before anything else.
include ("db_connect.inc");

// Remove slashes from ALL post data if Magic Quotes are on.
// Magic Quotes are useless today, so if it is actually on, you should turn it off!
// But, you can nullify it like this:
if(get_magic_quotes_gpc()) {
    foreach($_POST as &$__field) {
        $__field = stripslashes($__field);
    }
}

// Set the upload dir, and the default image data.
$uploadDir = '/home/website/location/uploads/';
$defaultImagePath = "/home/website/location/uploads/NoPicture.jpg";
$defaultImageType = "image/jpeg";
$defaultImageName = basename($defaultImagePath);
$defaultImageSize = filesize($defaultImagePath);

if(isset($_POST['upload']))
{
    // Try to use the uploaded file only if the file was
    // actually uploaded, and there was no error.
    if(isset($_FILES['userfile'], $_FILES['userfile2'])
    && $_FILES['userfile']['error'] == 0
    && $_FILES['userfile2']['error'] == 0)
    {
        $fileName = $_FILES['userfile']['name'];
        $tmpName = $_FILES['userfile']['tmp_name'];
        $fileSize = $_FILES['userfile']['size'];
        $fileType = $_FILES['userfile']['type'];
        $fileName2 = $_FILES['userfile2']['name'];
        $tmpName2 = $_FILES['userfile2']['tmp_name'];
        $fileSize2 = $_FILES['userfile2']['size'];
        $fileType2 = $_FILES['userfile2']['type'];

        $filePath = $uploadDir . $fileName;
        $filePath2 = $uploadDir . $fileName2;

        if(!move_uploaded_file($tmpName, $filePath) || !move_uploaded_file($tmpName2, $filePath2))
        {
            echo "Failed to move the uploaded files. Make sure you have write permission in '{$uploadDir}'.";
            exit;
        }
    }
	elseif (isset($_FILES['userfile'])
    && $_FILES['userfile']['error'] == 0)
    {
        $fileName = $_FILES['userfile']['name'];
        $tmpName = $_FILES['userfile']['tmp_name'];
        $fileSize = $_FILES['userfile']['size'];
        $fileType = $_FILES['userfile']['type'];
		$fileName2 = $defaultImageName;
        $tmpName2 = $defaultImagePath;
        $fileSize2 = $defaultImageSize;
        $fileType2 = $defaultImageType;

        $filePath = $uploadDir . $fileName;

        if(!move_uploaded_file($tmpName, $filePath))
        {
            echo "Failed to move the uploaded files. Make sure you have write permission in '{$uploadDir}'.";
            exit;
        }
    }
	elseif(isset($_FILES['userfile2']) && $_FILES['userfile2']['error'] == 0)
    {
        $fileName = $defaultImageName;
        $tmpName = $defaultImagePath;
        $fileSize = $defaultImageSize;
        $fileType = $defaultImageType;
        $fileName2 = $_FILES['userfile2']['name'];
        $tmpName2 = $_FILES['userfile2']['tmp_name'];
        $fileSize2 = $_FILES['userfile2']['size'];
        $fileType2 = $_FILES['userfile2']['type'];

        $filePath = $uploadDir . $fileName;
        $filePath2 = $uploadDir . $fileName2;

        if(!move_uploaded_file($tmpName, $filePath) || !move_uploaded_file($tmpName2, $filePath2))
        {
            echo "Failed to move the uploaded files. Make sure you have write permission in '{$uploadDir}'.";
            exit;
        }
    }
    else
    {
        // Use the default image.
        $fileName = $defaultImageName;
        $tmpName = $defaultImagePath;
        $fileSize = $defaultImageSize;
        $fileType = $defaultImageType;
        $fileName2 = $defaultImageName;
        $tmpName2 = $defaultImagePath;
        $fileSize2 = $defaultImageSize;
        $fileType2 = $defaultImageType;

        $filePath = $defaultImagePath;
        $filePath2 = $defaultImagePath;
    }

    // Get the data ready for being inserted into the SQL query
    $necomments = mysql_real_escape_string ($_POST['comments']);
    $nepastwrain = mysql_real_escape_string ($_POST['pastwrain']);
    $netemp = mysql_real_escape_string ($_POST['temp']);
    $necp = mysql_real_escape_string ($_POST['cp']);
    $neccs = mysql_real_escape_string ($_POST['ccs']);
    $neccyp = mysql_real_escape_string ($_POST['ccyp']);
    $neccp = mysql_real_escape_string ($_POST['ccp']);
    $necfp = mysql_real_escape_string ($_POST['cfp']);
    $necpwt = mysql_real_escape_string ($_POST['cpwt']);
    $nesbcs = mysql_real_escape_string ($_POST['sbcs']);
    $nesbcyp = mysql_real_escape_string ($_POST['sbcyp']);
    $nesbcp = mysql_real_escape_string ($_POST['sbcp']);
    $nesbfp = mysql_real_escape_string ($_POST['sbfp']);
    $nesbpwt = mysql_real_escape_string ($_POST['sbpwt']);
    $nesoilmoist = mysql_real_escape_string ($_POST['soilmoist']);
    $date = mysql_real_escape_string ($_POST['date']);

    $query = "
INSERT INTO northeast_conditions (
    cpicname, cpicsize, cpictype, cpicpath, sbpicname, sbpicsize, sbpictype, sbpicpath, date, pastwrain, soilmoist, temp, cp, ccs, ccyp, ccp, cfp, cpwt, sbcs, sbcyp, sbcp, sbfp, sbpwt, comments )
VALUES (
    '$fileName', '$fileSize', '$fileType', '$filePath', '$fileName2', '$fileSize2', '$fileType2', '$filePath2', '$date', '$nepastwrain', '$nesoilmoist', '$netemp', '$necp', '$neccs', '$neccyp', '$neccp', '$necfp', '$necpwt', '$nesbcs', '$nesbcyp', '$nesbcp', '$nesbfp', '$nesbpwt', '$necomments')";

    mysql_query($query) or die('Error, query failed : ' . mysql_error());

    echo "<br><a href='northeast_conditions.php'>View Updated Page</a><br>";

}
else {
    echo "<pre>No data was submitted.</pre>";
}
?>

Thanks to your coding, it made a lot more sense trying to figure this out : )

Thanks a lot for all the help - hope maybe this will help someone else sometime! ...maybe
Seth

Maybe I jumped the gun on this one too. I can't get it to upload a picture with the script you set up up there. It keeps coming up with the error about checking permissions, after I changed my permissions to 777 on that uploads folder it is still coming up with the error.

I had to add

move_uploaded_file($tmpName, $filePath);
		move_uploaded_file($tmpName2, $filePath2);

right under line 41 just to get the error - because I was getting absolutely nothing to upload to my server. It was storing the path at least, but I didn't have my photo uploaded onto the server like it was doing.

Uh. I wish I understood the logistics of this whole PHP coding thing a lot better!
Seth

I'm still working on PHP myself but a good starting place is www.w3schools.com
really good learning site for basically any programming language.

I figured it out!!!!!!!!!

Awesome. Always most fun to figure things out yourself :-]

Even tho your code works perfectly, I though I'd post how I would have done the same. Just as an example of the alternative technique.

It works pretty much the same, but eliminates some of the repetitive code, and allows you to add more images without adding more code. (You would just have to add an element to the $images array)

Though you might find it interesting :-)

<?php
// Include the DB connection.
include ("db_connect.inc");

// Remove slashes from ALL post data if Magic Quotes are on.
if(get_magic_quotes_gpc()) {
    foreach($_POST as &$__field) {
        $__field = stripslashes($__field);
    }
}

// Set the upload dir, and the default image data.
$uploadDir = 'fupload/';
$defaultImage = array(
    'path'  => "fupload/default.jpg",
    'name'  => "default.jpg",
    'type'  => "image/jpeg",
    'size'  => filesize('fupload/default.jpg')
);

if(isset($_POST['upload']))
{
    // Create a list of possible image uploads
    $images = array('userfile', 'userfile2');
    
    // Create containers for data used in the SQL query
    $imgData = array();
    $postData = array();
    
    // Loop through the images and see if they exists.
    // If not, use the default.
    foreach($images as $_index => $_image) 
    {
        if(isset($_FILES[$_image]) && $_FILES[$_image]['error'] == 0) 
        {
            // Add the uploaded image to the imgData array and construct the
            // path that it shoulb be moved to.
            $imgData[$_index] = $_FILES[$_image];
            $imgData[$_index]['path'] = $uploadDir . $imgData[$_index]['name'];

            // Try to move the uploaded image.
            // If it fails, use the default image instead.
            if(!move_uploaded_file($imgData[$_index]['tmp_name'], $imgData[$_index]['path']))
            {
                trigger_error("Failed to upload image '{$_image}', falling back on default. Image path '{$imgData[$_index]['path']}' is not accessible.", E_USER_WARNING);
                $imgData[$_index] = $defaultImage;
            }
        }
        else 
        {
            // Add the default image to the imgData array, replacing the current
            // image, which is apparently missing or didn't upload properly.
            $imgData[$_index] = $defaultImage;
        }
    }

    // Get the data ready for being inserted into the SQL query.
    // This simply fetches and prepares every POST field sent to the page.
    foreach($_POST as $_key => $_value)
    {
        $postData[$_key] = mysql_real_escape_string($_value);
    }

    // Construct the query using the imgData and postData arrays, and execute it.
    $query =<<<SQL
INSERT INTO northeast_conditions (
    cpicname, cpicsize, cpictype, cpicpath, sbpicname, sbpicsize, sbpictype, sbpicpath, 
    date, pastwrain, soilmoist, temp, cp, ccs, ccyp, ccp, cfp, cpwt, sbcs, sbcyp, sbcp, sbfp, sbpwt, comments
) VALUES (
    '{$imgData[0]['name']}', '{$imgData[0]['size']}', '{$imgData[0]['type']}', '{$imgData[0]['path']}', 
    '{$imgData[1]['name']}', '{$imgData[1]['size']}', '{$imgData[1]['type']}', '{$imgData[1]['path']}',
    '{$postData['date']}', '{$postData['pastwrain']}', '{$postData['soilmoist']}', '{$postData['temp']}',
    '{$postData['cp']}', '{$postData['ccs']}', '{$postData['ccyp']}', '{$postData['ccp']}', '{$postData['cfp']}',
    '{$postData['cpwt']}', '{$postData['sbcs']}', '{$postData['sbcyp']}', '{$postData['sbcp']}', '{$postData['sbfp']}',
    '{$postData['sbpwt']}', '{$postData['comments']}'
)
SQL;
    mysql_query($query) or die('Error, query failed : ' . mysql_error());
    
    echo "<br><a href='northeast_conditions.php'>View Updated Page</a><br>";

}
else
{
    echo "<pre>No data was submitted.</pre>";
}
?>

Seth,
I just want to make a comment since your writing this for a customer. Your script isn't safe. You didn't use is_uploaded_file to test the legitimacy of the file. You also didn't use a preg_match to make sure the file isn't actually an attack on your server by a hacker.

I just want to make a comment since your writing this for a customer. Your script isn't safe. You didn't use is_uploaded_file to test the legitimacy of the file.

Using the is_uploaded_file function is only necessary if you plan on using the file directly from the temporary location. The move_uploaded_file function also validates that the file was in fact uploaded, so it is just as safe. Using both functions is redundant.

You also didn't use a preg_match to make sure the file isn't actually an attack on your server by a hacker.

I agree that the code should verify the validity of the images, but in reality, verifying the name of the file (via a regular-expression or otherwise) doesn't exactly make your file uploads safe . It only really prevents people from directly uploading executable files.

To truly validate an image, you should use the getimagesize function, as it verifies that the image is in fact an image, returning the true type of the image without relying on the file name or any client-passed data. That, coupled with verifying the file extension, will make your files fairly safe.

For other file types, the Fileinfo extension can be used.