form file field check

[metazai]

Ok, I am stumped yet again. I'm writing a backend where users can upload images and information for an online store. I wrote an "upload new categories" script that works fine and writes the files perfectly. I then took the exact same script and added a few lines to create an "update category" script, which allows you to change information about the category. The trouble is that it seems to be running the upload file part of my script no matter what. In other words, if there is already a picture there and the user is just correcting a spelling in the description, when it uploads it uploads the empty data of the file form field and attempts (and fails) to write a blank file, then overwrites the correct URL stored in the MySQL database with the incomplete URL of the non-existent image it shouldn't be trying to process but is. Here's the form:

PHP Code:

<form method="post" action="<?php 
echo $_SERVER['/admin/PHP_SELF']; ?>" enctype="multipart/form-data">
    <span class="verd12">
<input type="hidden" name="action" value="update">
 Category <br />
    <input name="catg" type="text" id="catg" size="40" value="<?php echo($row2['name']); ?>" />
    </span>
<p class="verd12">Current Image:<br /><img src="<?php echo($row2['image']); ?>"></p>
<p class="verd12">Change Image:<br />
        <input name="userfile" type="file" id="userfile" />
    </p>
    <p class="verd12">New Description<br />
    <textarea name="new_desc" cols="40" rows="5" id="new_desc"><?php echo($row2['description']); ?></textarea>
</p>
</form>

And here's the relevant part of what it feeds into, after checking the "action" form variable and getting "update".

PHP Code:

if  ($_FILES['userfile'])  {
$uploaddir = '/var/www/html/newsite/productimages/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
$image_url = 'http://www.thissite.com/newsite/productimages/'.basename($_FILES['userfile']['name']);
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
   echo "<span class=\"verd12\">File is valid, and was successfully uploaded.</span>\n";
} else {
   echo "<span class=\"verd12\">ERROR! File was not uploaded  . . .</span>\n";
}
$newfilestring=" image='$image_url', ";}
else {$newfilestring=" ";} 
$updquery = "UPDATE categories SET name='$catg',".$newfilestring."description='$new_desc' WHERE id=$id"; 


Any ideas? Banging my head into the wall on this one. Again, this script works without the test for the file form field when used on a "new category" page, and it updates everything else correctly too.

[sde]

just by looking real quick, maybe you should be chkecking for $_POST['userfile'] instead of the actual file in the $_FILE array first. not sure though.

[teknomage1]

This is my least favorite part of php (not any other language would make it easier). Here's a class method of mine that delt with image uploading

PHP Code:

$picture = new image;
$picture->insert($_POST['author'], $_POST['image_title'], $_POST['description'], $_POST['width'], $_POST['height'], $_POST['date'], basename($_FILES['image_file']['name']));
#snip----------------------------------------------------
     function insert($author, $image_title, $description, $width, $height, $date, $image_file) {
      $width = $width + 0;
      $height = $height + 0;
      
      $this->admin_connect();
      
      $image_title = $this->clean_input($image_title);
      $description = $this->clean_input($description);
      $date = $this->date_conv($date);
      
      $url_dest = "$this->docroot/images/content/" . stripslashes($image_file);
      $url =  mysql_real_escape_string('/images/content/' . (stripslashes($image_file)));
      
      if (!is_int($height)) {
           echo("<P>height must be a number</P>\n");
           return false;
      }
      if (!is_int($width)) {
           echo("<P>width must be a number</P>\n");
           return false;
      }

      if (!($description && $image_title && $date)) {
           echo("<P>Something's missing...</P>\n");
           return false;
      }

      $SQLCheck = "SELECT ID FROM Picture WHERE  title = '%s' AND Person_ID = %s";
      if ($this->query_oneshot($SQLCheck, array($image_title, $author))) {
           echo("<P>Picture already in database with this Title and Author</P>\n");
           return false;
      }
      
      $SQLsubmit = "INSERT INTO Picture VALUES(NULL, %s, '%s', '%s', '%s', '%s', '%s', '%s')";
      $SQLargs = array($author, $url, $image_title, $description, $height, $width, $date);
      echo("<P>$sthPicture</P>");
      if (! move_uploaded_file($_FILES['image_file']['tmp_name'], $url_dest)) {
           print_r($_FILES);
           echo("<P>Image failed to transfer :-(</p>\n");
      }
      $results = $this->submit($SQLsubmit, $SQLargs);
      echo("<P>Image $image_title successfully uploaded</P>\n");
      return true; 


[metazai]

Quote:

Originally Posted by sde

just by looking real quick, maybe you should be chkecking for $_POST['userfile'] instead of the actual file in the $_FILE array first. not sure though.

No, that does the opposite . . . instead of always uploading the contents (or lack thereof) of the file form field, it refuses to upload the contents even if there's something there.

[metazai]

teknomage1, thanks for your post. I'm struggling with it for two reasons: a) I'm still struggling with PHP and OOP (can anyone recommend a good book on the subject?), and b) I'm not having problems uploading images, I'm having problems because the form field is optional and when it's left blank it's being accessed anyway. I'm not copacetic enough with OOP to be able to tell if your script addresses this, but it looks like it doesn't.

Not sure what the problem is with me with OOP, btw. Most other things I have taught myself have some sort of foothold I can get my brain around, but I'm still looking for one here.

[sde]

i have code that does this, but i don't have access to it right now. another way to approach this is a checkbox to indicate that the user wants to also upload a file.

then, you can just check for the checkbox value. it's more work, but it might turn out feeling a little slicker of an interface. here is some non tested code.

PHP Code:

<?php
if($_POST['upload_enabled'] == 1){
  // do upload logic here
}
?>
<script language="javascript" type="text/javascript">
function toggleUploadField(){

  var upload_enabled = document.getElementById('upload_enabled');
  var upload_file = document.getElementById('upload_file');
  var is_enabled = ( upload_enabled.checked ) ? true : false;

  // set disable or enable file field based on enable checkbox.
  upload_file.disabled = is_enabled ? false : true;
}
</script>

  
<form ...>
<input type="checkbox" id="upload_enabled" name="upload_enabled" value="1" /> Update Image <br />
<input type="file" id="upload_file" name="upload_file" onclick="toggleUpdateField();" /> <br />
<input type="submit" />
</form>

hmmm .. on second thought, .. why don't you just try to test for $_FILES['upload_file']['tmp_name'] ... i just remembered .. i think that is how i did it before.

[metazai]

Stan- oops, I mean Sde comes through for me again! I do not know what I would do without these forums. Seriously. The best, friendliest, most helpful responses on the web, man.

$_FILES['upload_file']['tmp_name'] is what worked . . . and as with all good solutions, I looked at it and wondered "how come I didn't think of that?"

Thanks all.

[teknomage1]

Glad you got it working man! I guess I kind of had it buried in the code. but this was the bit I thought you'd be interested in

PHP Code:

      if (! move_uploaded_file($_FILES['image_file']['tmp_name'], $url_dest)) {
           print_r($_FILES);
           echo("<P>Image failed to transfer :-(</p>\n");
      }