I have this code. I put everything within <?php ?>. Because I thought that would help.
I have the code commented for easier read.

Can someone please show me where I went wrong, or what I forgot?

<?php
?>
<html>
<head>

<style>
body {
	background-color:#000000;
	color:#E27907;
	font-family:Verdana,Arial;
	font-size:10pt;
	letter-spacing:2;
	}
.thumbNormal {
	border:4px solid #000000;
	}
.thumbSelected {
	border:4px solid #ff0000;
	}
.prevImage {
        border: 8px solid #ccc;
        width: 200px;
        height: 100px;
    }
</style>
<script language=javascript>
	var lastID = 0;
	function SelectImg(id) {
		if (lastID > 0) {
		document.getElementById(lastID).className = "thumbNormal";
		}
		document.getElementById(id).className = "thumbSelected";
		document.getElementById(0).src = document.getElementById(id).src;
		lastID = id;
		}
	function LoadTrigger() {
		SelectImg(1);
		}
	window.onload = LoadTrigger;
</script>
</head>
<body>
<?php
echo "<table border=0 width='1000'>";
	echo "<tr>";
// *** This section supplies the ID and Image Name
		echo "<td valign='top' width='45%' height='200'>Select Directory and Image Name<p>";
	
			include("dd.php");

		echo "<td valign='top' width='5%' height='200'>&nbsp;</td>";

// *** This section gets the Current Directory and Displays a Preview Image
// This Part WORKS
		echo "<td valign='top' width='55%' height='200'>Current Image to Replace.<p>";

			$id=$_POST['cat'];
			$name=$_POST['subcat'];

			$sql = "SELECT directory FROM directory WHERE DID = '$id'";
			$result = mysql_query($sql) or die('A error occured: ' . mysql_error());

			while ($row = mysql_fetch_assoc($result)) {
    			$path = $row['directory'];

    			print "<img class='thumbNormal' src='http://mysite.com/images/$path/$name' width=200 onclick='SelectImg($id)'>";
			print "<br>";
			print $path."/".$name;
			}

// *** This section selects a New Image from PC and displays a Preview Image
// This Part WORKS
		echo "<td width=15> </td>";
		echo "<td valign=top>";
		echo "</td>";
		echo "</tr>";

		echo "<tr>";
		echo "<td valign=top></td>";
		echo "</tr>";
		echo "<tr>";
		echo "<td valign='top' width='45%' height='200'>Preview New Image.<p>";
		 
			include('part1.php');

		echo "</td>";
		echo "<td valign='top' width='5%' height='200'>&nbsp;</td>";
		echo "<td valign='top' width='45%' height='200'>Upload New Image.<p>";

// *** This Section Uploads and Renames the New Image
//define a maxim size for the uploaded images in Kb
 			define ("MAX_SIZE","100"); 

//This function reads the extension of the file. It is used to determine if the file  is an image by checking the extension.
 			function getExtension($str) {
         			$i = strrpos($str,".");
         			if (!$i) { return ""; }
         			$l = strlen($str) - $i;
         			$ext = substr($str,$i+1,$l);
         			return $ext;
 				}

//This variable is used as a flag. The value is initialized with 0 (meaning no error  found)  
//and it will be changed to 1 if an errro occures.  
//If the error occures the file will not be uploaded.
 			$errors=0;

//checks if the form has been submitted
 			if(isset($_POST['Submit'])) 
 		{
//reads the name of the file the user submitted for uploading
 			$image=$_FILES['image']['name'];
//if it is not empty
 			if ($image) 
 			{
//get the original name of the file from the clients machine
 			$filename = stripslashes($_FILES['image']['name']);
//get the extension of the file in a lower case format
  			$extension = getExtension($filename);
 			$extension = strtolower($extension);
//if it is not a known extension, we will suppose it is an error and will not  upload the file,  
//otherwise we will do more tests
 		if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) 
 			{
//print error message
 			echo '<h1>Unknown extension!</h1>';
 			$errors=1;
 			}
 			else
 			{
//get the size of the image in bytes
//$_FILES['image']['tmp_name'] is the temporary filename of the file
//in which the uploaded file was stored on the server
 			$size=filesize($_FILES['image']['tmp_name']);

//compare the size with the maxim size we defined and print error if bigger
			if ($size > MAX_SIZE*1024)
			{
				echo '<h1>You have exceeded the size limit!</h1>';
				$errors=1;
			}

// ***  THIS STARTS MY PROBLEM AREA **
// *** THE $path and $name SHOULD BE PASSED TO HERE, NUT THEY DO NOT HAPPEN
// *** Can Someone let me know What is wrong?		
			
			$upload="http://mysite.com/images/".$path;
			
//we will give it the same name as the old file
			$image_name=$name;
			
//the new name will be containing the full path where will be stored (images folder)
			$newname=$upload . "/" . $image_name;

//we verify if the image has been uploaded, and print error instead
			$copied = copy($_FILES['image']['tmp_name'], $newname);
			if (!$copied) 
				{
				echo '<h1>Copy unsuccessfull!</h1>';
				echo $copied;
				$errors=1;
		}}}}

//If no errors registred, print the success message
 			if(isset($_POST['Submit']) && !$errors) 
 			{
 			echo "<h1>File Uploaded Successfully! Try again!</h1>";
			echo "File uploaded as: $newname";
 			}

// next comes the form, you must set the enctype to "multipart/frm-data" and use an input type "file"
 	echo "<form name='newad' method='post' enctype='multipart/form-data'  action=''>";
 		echo "<table>";
 			echo "<tr><td><input type='file' name='image'></td></tr>";
 			echo '<tr><td><input name="Submit" type="submit" value="Upload image"></td></tr>';
 		echo "</table>";	
 	echo "</form>";
echo "</table>";

?>

</body>
</html>

#1.) use a remote style sheet.. (/css/style.css)
#2.) Don't put everything in php as it makes load time slower... even if it a mili second

I hope you will make a separate file named: style.css and insert the following code there

body {
	background-color:#000000;
	color:#E27907;
	font-family:Verdana,Arial;
	font-size:10pt;
	letter-spacing:2;
	}
.thumbNormal {
	border:4px solid #000000;
	}
.thumbSelected {
	border:4px solid #ff0000;
	}
.prevImage {
        border: 8px solid #ccc;
        width: 200px;
        height: 100px;
    }

And also make separate files where you will put all the functions.
In the main file, load necessary functions and also the external cascading style sheet(css).

The upload path (line 147) is not the website url but the DOCUMENT_ROOT, use this command to get the path:

echo $_SERVER['DOCUMENT_ROOT']

it will give you something like /var/www/yourwebiste.tld/ so an example is this:

$upload = $_SERVER['DOCUMENT_ROOT'] . 'images/' . $path;

I see you set $path from the database, it should be a sub-directory inside images/ right? If yes then this example it should work fine :)

Thanks guys.

I have the style sheet, just wanted to let you know what I have.

I'll try suggestions and let you know what happens

OK,

I added this as suggested.

$upload = $_SERVER['DOCUMENT_ROOT'] . '/images/' . $path;

The response is this.

Warning: copy(/home/mine/public_html/mydir/images//) [function.copy]: failed to open stream: Is a directory in /home/mine/public_html/mydir/Admin/Edit/image.php on line 139

OK,

I added this as suggested.

$upload = $_SERVER['DOCUMENT_ROOT'] . '/images/' . $path;

The response is this.

Warning: copy(/home/mine/public_html/mydir/images//) [function.copy]: failed to open stream: Is a directory in /home/mine/public_html/mydir/Admin/Edit/image.php on line 139

No $path or $name.

Thanks

Exactly, but looking at your code $name seems to be $_POST
I don't see that in the form, so where you get the old filename?

Exactly, but looking at your code $name seems to be $_POST
I don't see that in the form, so where you get the old filename?

From dd.php

<!doctype html public "-//w3c//dtd html 3.2//en">

<html>

<head>
<title>Multiple drop down list box from plus2net</title>
<SCRIPT language=JavaScript>
function reload(form)
{
var val=form.cat.options[form.cat.options.selectedIndex].value;
self.location='image.php?cat=' + val ;
}

</script>
</head>

<body>
<?

/*
If register_global is off in your server then after reloading of the page to get the value of cat from query string we have to take special care.
To read more on register_global visit.
  http://www.plus2net.com/php_tutorial/register-globals.php
*/
@$cat=$_GET['cat']; // Use this line or below line if register_global is off
if(strlen($cat) > 0 and !is_numeric($cat)){ // to check if $cat is numeric data or not. 
echo "Data Error";
exit;
}


//@$cat=$HTTP_GET_VARS['cat']; // Use this line or above line if register_global is off

///////// Getting the data from Mysql table for first list box//////////
$quer2=mysql_query("SELECT DISTINCT directory,DID FROM directory order by directory"); 
///////////// End of query for first list box////////////

/////// for second drop down list we will check if category is selected else we will display all the subcategory///// 
if(isset($cat) and strlen($cat) > 0){
$quer=mysql_query("SELECT DISTINCT name FROM images where DID=$cat order by name"); 
}else{$quer=mysql_query("SELECT DISTINCT name FROM images order by name"); } 
////////// end of query for second subcategory drop down list box ///////////////////////////

echo "<form method=post name=f1 action='image.php'>";
/// Add your form processing page address to action in above line. Example  action=dd-check.php////
//////////        Starting of first drop downlist /////////
echo "<select name='cat' onchange=\"reload(this.form)\"><option value=''>Select one</option>";
while($noticia2 = mysql_fetch_array($quer2)) { 
if($noticia2['DID']==@$cat){echo "<option selected value='$noticia2[DID]'>$noticia2[directory]</option>"."<BR>";}
else{echo  "<option value='$noticia2[DID]'>$noticia2[directory]</option>";}
}
echo "</select>";
//////////////////  This will end the first drop down list ///////////

//////////        Starting of second drop downlist /////////
echo "<select name='subcat'><option value=''>Select one</option>";
while($noticia = mysql_fetch_array($quer)) { 
echo  "<option value='$noticia[name]'>$noticia[name]</option>";
}
echo "</select>";
//////////////////  This will end the second drop down list ///////////
//// Add your other form fields as needed here/////
echo "<input type=submit value=Submit>";
echo "</form>";
?>

</body>

</html>

So subcat is set by $noticia[name] and this could be a problem because you need a filename without spaces or at least you need to escape them:

/var/www/yourwebsite.tld/images/file name.jpg #bad, will return an error
/var/www/yourwebsite.tld/images/file\ name.jpg #good
/var/www/yourwebsite.tld/images/file_name.jpg #good
"/var/www/yourwebsite.tld/images/file name.jpg" #good

If you don't explain better, I can't help you more than this. Bye :)

OK, starting from the beginning.

dd.php
Generates the vars (cat and subcat).

they get brought into image.php via;

$id=$_POST['cat'];
$name=$_POST['subcat'];

$id is used to generate the var $path via;

$sql = "SELECT directory FROM directory WHERE DID = '$id'";
	$result = mysql_query($sql) or die('A error occured: ' . mysql_error());

	while ($row = mysql_fetch_assoc($result)) {
    	$path = $row['directory'];

This generates a preview image with the correct subdirectory and image name;

print "<img class='thumbNormal' src='http://mysite.com/images/$path/$name' width=200 onclick='SelectImg($id)'>";
	print "<br>";
	print $path."/".$name;
	}

Now we come to the tricky part. I want to use $path and $name later in the code. I want to use it like this;

$upload = $_SERVER['DOCUMENT_ROOT'] . '/images/' . $path;

Just like I did with the preview image section.

I also want to use $name as the new image name so that I do not have to edit 3 XML files later, like this;

$image_name=$name;
$newname=$upload . "/" . $image_name;

$copied = copy($_FILES['image']['tmp_name'], $newname);

When I do this I get;

Warning: copy(/home/mine/public_html/mydir/images//) 
[function.copy]: failed to open stream: Is a directory in /home/mine/public_html/mydir/Admin/Edit/image.php on line 139

That's because I am not using the $path and $name to here. $name nor $path contain no spaces between names I use "_".

$path and $name should contain the same content as in the preview image area.

I hope this clears up my problem.

Thank you for your help this far.

OK, thank you! But there are some errors you should fix.

If I'm understanding the script, your intention is:

1) to upload an image, save it into a the directory you get from the query $result
2) the destination directory is a sub-directory of /images/
3) the new name ($newname) of the file will be the subcat you get from the first form

But there's no connection between the first form and the second.

When you send the first form you select subcat and cat: you set $_POST and $_POST.
Right after you submit the second form so you can upload the file, with this action PHP will delete $_POST and $_POST that you previously set.
If you want to save them you have to use a session: http://php.net/manual/en/book.session.php
Otherwise you can only echo them to hidden input fields in the second form:

<form name='newad' method='post' enctype='multipart/form-data'  action=''>
    <table>
        <tr><td><input type='file' name='image'></td></tr>
        <tr><td><input name="Submit" type="submit" value="Upload image"></td></tr>
    </table>
    <input type="hidden" name="subcat" value="<?php echo $_POST['subcat']; ?>" />
    <input type="hidden" name="cat" value="<?php echo $_POST['cat']; ?>" />
</form>

About the errors:

You have two different forms on the same page, the first is included through dd.php which it should be a simple php script, not an HTML page with PHP script.

Currently you're going to output a page with two doctypes, two html sections, two head sections and two body sections. This is wrong. You may want to fix this problem.

Check if parts1.php has the same problems of dd.php

If you look at your code, you're hiding some errors like @$cat on lines 25, 49 of dd.php, so if there's a problem you won't get the error, in development stage you need them. Remove @ and check it better.

Another problem, the page is supposed to be open with cat on his url, example:

http://my.website/image.php?cat=1

when you run the first form the browser will reload without cat=1, you should remove image.php from the action parameter of the form.


Few suggestions:

Don't trust is_numeric() because it will accept also hexadecimal values like 0x12 or 0xf5, instead of that use ctype_digit().

If you're using PHP 5.3 or above you should also use finfo() or an alternative to get the mime-type of the file you're uploading because a script can be submitted with jpg extension and then get executed.

I hope this will help you, bye :)

Thanks I'll give all a try

OK.

Made all the changes, thanks for the heads up on HTML sections, totally bypassed that.

Everything works as I wanted. The only reason I needed to do this is because the client did not want to pay me a maintenance fee for uploading new images.

Without this I needed to supply them with access to the server so they could edit XML and TXT files.

Again, Thank you so much for helping an amature PHP developer. For the last 30 years I've had developers do this kind of thing for me, I'm a (Project Manager). LOL

* If you want to see what I put together minus the admin section look here, http://tegojewelers.com

Great! You're welcome and great website :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.