Member Avatar for alla87

Hi People,

I have this problem, i have created an upload form which includes some text fields and also an image upload which then gets sent to a server. I haven't yet got any validation or sanitisation on there at the moment. Im abit new to PHP and can code beginners stuff really, could someone give us some help with this please!

addproduct.php - This is my form

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">

<tr>

<td><form enctype="multipart/form-data" name="form1" method="post" action="insert_add.php">

<table width="100%" border="0" cellspacing="1" cellpadding="3">

<tr>

<td width="200"><b>Model</b></td>

<td width="10">:</td>

<td width="400"><input name="model" type="text" id="model" size="28"></td>

</tr>

<tr>

<td><b>Product</b></td>

<td>:</td>

<td><input name="product" type="text" id="product" size="28"></td>

</tr>

<tr>

<td><b>Description</b></td>

<td>:</td>

<td><textarea rows="5" cols="21" type="text" name="description" id="description"></textarea></td>

</tr>

<tr>

<td><b>Price</b></td>

<td>:</td>

<td><input name="price" type="text" id="price" size="28"></td>

</tr>

<tr>

<td><b>Image:</b></td>

<td>:</td>

<td><input type="file" name="photo"></td>

</tr>

<tr>

<tr>

<td colspan="3" align="center"><input type="submit" name="Submit" value="Submit"></td>

</tr>

</table>

</form>

</td>

</tr>

</table>

insert_add.php - This is a page which uploads contents to server

<?php

$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

//This is the directory where images will be saved 
$target = "images/"; 
$target = $target . basename( $_FILES['photo']['name']); 

// Get values from form
$model=$_POST['model'];
$product=$_POST['product'];
$description=$_POST['description'];
$price=$_POST['price'];
$pic=($_FILES['photo']['name']); 

// Insert data into mysql
$sql="INSERT INTO $tbl_name(model, product, description, price, photo)VALUES('$model', '$product', '$description', '$price', '$pic')";
$result=mysql_query($sql);

if(move_uploaded_file($_FILES['photo']['tmp_name'], $target)) 
 { 
 //Tells you if its all ok 
 echo "<center>The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory</center>"; 
 } 

 else { 
 //Gives and error if its not 
 echo "Sorry, there was a problem uploading your file."; 
 } 

// close connection
mysql_close();
?>

ANY HELP WOULD BE GREAT.

Edited by alla87 because: n/a
  • 3 Contributors
  • 4 Replies
  • 83 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by tr4ssj2
Member Avatar for theonly

Depending on how much validation you want on your form there are a few ways to do it. For regular text input you can just check if a user really did input something via

isset($_POST['variable'])

Thats just one of the way you can validate other ways can be lookup online. As for picture you want to validate that a valid picture extension exists so

//validating the image type
$allowed = array('image/gif', 'image/jpeg', 'image/jpg', 'image/png');
if(in_array($_FILES['img']['type'], $allowed)){....whatever code to move photos....}

And a suggestion do not put your database login information in a script that is public.

Member Avatar for alla87

Hi,

Im abit of a noobie to this, how exactly would you incorporate this into my code say?

Member Avatar for alla87

Any help people?

Member Avatar for tr4ssj2

as in if(!isset($_POST))
{
echo "sorry you didnt fill out password";
}else
{

//as normal

}


you can use many ifs to check that they filled out the form.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.