[Resolved] Upload & DB insert works, but what about form validation?

tomandhannah

I have a script below that currently works. Very simply, you can submit information to a MySQL DB via this form, as well as upload a file. The name of the file is stored in the DB, along with the other information input. Addtionally, the file is uploaded to the specified directory.

To check for form validation, I have an error array set up. If you leave the title field blank, you are returned to the form and asked to fill in the title... but the audience field 'keeps' the information you submitted previously. The same validation happens for the audience field.

My predicament: what if a user has elected to upload a file, but leaves one of the required fields blank? What happens to the uploaded file? In other words, I want to keep the uploaded file in temp until the form is validated and all the information is submitted. I can pass the audience and title information to the next form via POST, but how do I pass the uploaded file information?

In short: how can I 'keep' the uploaded file while the form is still validating? I would need to show the user that the file is still there. I would also need to give them the option of changing the file they uploaded.

Any thoughts?

<?

$host = "xxxxxx";
$user = "xxxxxx";
$pass = "xxxxxx";
$db = "xxxxxx";

$PHP_SELF = $_SERVER['PHP_SELF'];
$action = @$_GET['action'];

if ($action) { $action = $action; }
else {
header("Location: $PHP_SELF?action=new");
exit;
}

/************ NEW LESSON *************/

 if ($action=="new")
    {
?>
<form enctype="multipart/form-data" action="<? echo $PHP_SELF ?>?action=add" method="post" name="newlesson">


Title:<br>
<input name="title" type="text" size="40" maxlength="75"><br><br>

Audience:<br>
<input name="audience" type="text" size="40" maxlength="50">

<br><br>Image:<br><input name="userfile" type="file"><br><br>

<input type="submit" name="Submit" value="Submit"></form>

<?
include("footer.php");

exit;
}

//**********************************//

function handleupload() { 
if  (is_uploaded_file($_FILES['userfile']['tmp_name'])) { 

	$file = $_FILES['userfile']['name'];
	$realname = str_replace(" ", "_", $file); //replace spaces with underscore

	copy($_FILES['userfile']['tmp_name'], "../images/lessons/".$realname); 
	unset($_FILES['userfile']['tmp_name']);
	return $realname; 

} else { 
unset($_FILES['userfile']['tmp_name']);
return false;
} 
}

/************ ADD LESSON *************/

if ($action=="add")
{
// set up error list array
	$errorList = array();
	$count = 0;

// validate text input fields
if ((!$_POST['title'] || !$_POST['audience'])) { $missingfields = "Error: The fields marked in red below cannot be left blank."; }

if (!$_POST['title']) { $errorList[$count] = "Title"; $titleerror = "<img src=\"invalidfield.gif\"> "; $count++; }

if (!$_POST['audience']) { $errorList[$count] = "Audience"; $audienceerror = "<img src=\"invalidfield.gif\"> "; $count++; }

// check for errors
if (sizeof($errorList) == 0)
{

MYSQL_CONNECT($host,$user,$pass) OR DIE("Unable to connect to database");

@mysql_select_db("$db") or die("Unable to select database");

$title = strip_tags(@$_POST['title']);
$audience = strip_tags(@$_POST['audience']);
$image = handleupload();

$query = "INSERT INTO lessons(title,audience,image) VALUES('$title','$audience','$image')";

$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());

MYSQL_CLOSE();
header("Location: $PHP_SELF?action=new");
} 
	else
	{
		// errors occurred
echo "$missingfields";

$title = @$_POST['title'];
$audience = @$_POST['audience']; ?>

<form enctype="multipart/form-data" action="<? echo $PHP_SELF ?>?action=add" method="post" name="newlesson">

<? IF ($titleerror) { echo $titleerror; } ?>Title:<br>
<input name="title" type="text" size="40" maxlength="75" value="<? echo @$title; ?>"><br><br>

<? IF ($audienceerror) { echo $audienceerror; } ?>Audience:<br>
<input name="audience" type="text" size="40" maxlength="50" value="<? echo @$audience; ?>">

<br><br>Image:<br><input name="userfile" type="file"><br><br>

<input type="submit" name="Submit" value="Submit"></form>
<?
	}

exit;
}
?>

AstroTeg

Hmm... This is an interesting dilemma.

In the past, I've worked with some huge forms which ended up being broken down into many pages. There was file uploading involved as well. For each page, the individual form was validated and redisplayed with error(s) much like what you're doing. The file uploading was put in its own form so all it had to do was validate the file handling. It was hard for the user to botch this up (unless they uploaded the wrong file format). I'm not sure if that would work for you - split your form up into 2 pages. One page containing your form stuff and the 2nd page containing the file upload stuff. If you have a small form, then this probably isn't a great solution. If you have a big form, then you're users may appreciate this.

If the files the user plans on uploading are small, then the other approach is to delete the temp file that was created from the upload and make the user upload it again. This is more along the lines of "it sucks to be them" approach which isn't the best, but ok if the files are small and the user doesn't get ticked with you.

If you don't mind doing some additional work, you could validate the upload and prepare moving the file to its final destination. Show an additional row (maybe above the file upload box) displaying some text saying the file was uploaded and its file name was X. Then let the user decide if they want to upload another file. If they do upload, then delete the previous file. If they don't upload, then keep the 1st file.

tomandhannah

That's a great idea about just posting the 'current image' just above the input type"file" and then if they want to change it they can. I've already added this to my edit function, complete with an automatic thumbnail image too.

The original form is long and complicated and I had considered breaking it up into multiple forms... Maybe I still will.

I'm also thinking I should go ahead and upload the image regardless of whether or not the fields are validated. Then if the user decides not to finish the form and the data is never inserted into the DB, then I'll just have an orphaned image file on the server. I don't think it will happen that often and this site isn't going to have high traffic. so it shouldn't be a big deal.

On the other hand, I could copy the file to my own 'temp' folder... and then once the form is validated move it to the final location. Then I could have a script that occasionally purges that 'temp' folder of old images. Hmmm... Did you alreayd suggest that and I just repeated it in different words? Or did I come up with that on my own? I'll try it and see what happens.

tomandhannah

So, here's what I did. I had the image uploaded to the 'temp' directory before the form fields were validated. Then, if the fields return no errors, the file is moved to the permenant location.

However, if a field is invalid, then the file stays in the 'temp' folder while the user is returned to the form to fix the error. At that time, the user can opt to simply fix the error and continue or fix the error and upload a new file.

If a new file is uploaded then the old file is deleted from the 'temp' folder and the new file is moved to the permenant location. If no new file is uploaded, then the old file is moved to the permenant location. Wala!

The only drawback is that if the user is alerted of invalid fields and chooses to simply leave the web site... or clicks elsewhere, the file stays in 'temp' forever! But I'm planning to make a script that will delete all files in 'temp' that I can run from time to time.

Here's the code:

<?

$host = "xxxxxx";
$user = "xxxxxx";
$pass = "xxxxxx";
$db = "xxxxxx";
$fullpath = "xxxxxx"; /***** With no trailing slash *****/

$PHP_SELF = $_SERVER['PHP_SELF'];
$action = @$_GET['action'];

if ($action) { $action = $action; }
else {
header("Location: $PHP_SELF?action=new");
exit;
}

/************ NEW LESSON ********************/

 if ($action=="new")
    {
?>
<form enctype="multipart/form-data" action="<? echo $PHP_SELF ?>?action=add" method="post" name="newlesson">


Title:<br>
<input name="title" type="text" size="40" maxlength="75"><br><br>

Audience:<br>
<input name="audience" type="text" size="40" maxlength="50">

<br><br>Image:<br><input name="userfile" type="file"><br><br>

<input type="submit" name="Submit" value="Submit"></form>

<?
include("footer.php");

exit;
}

//*********************************//

function handleupload() { 
if  (is_uploaded_file($_FILES['userfile']['tmp_name'])) { 

	$file = $_FILES['userfile']['name'];
	$realname = str_replace(" ", "_", $file); //replace spaces with underscore

	copy($_FILES['userfile']['tmp_name'], "../images/lessons/temp/".$realname); 
	unset($_FILES['userfile']['tmp_name']);
	return $realname; 

} else { 
unset($_FILES['userfile']['tmp_name']);
return false;
} 
}

/************ ADD LESSON ****************/

if ($action=="add")
{
if ($_FILES['userfile']['tmp_name']) {
$image = handleupload();
if ($_POST['oldimage']) {
unlink($fullpath."/images/lessons/temp/".$_POST['oldimage']); }
} ELSE { $image = @$_POST['oldimage']; }

// set up error list array
	$errorList = array();
	$count = 0;

// validate text input fields
if ((!$_POST['title'] || !$_POST['audience'])) { $missingfields = "Error: The fields marked in red below cannot be left blank."; }

if (!$_POST['title']) { $errorList[$count] = "Title"; $titleerror = "<img src=\"invalidfield.gif\"> "; $count++; }

if (!$_POST['audience']) { $errorList[$count] = "Audience"; $audienceerror = "<img src=\"invalidfield.gif\"> "; $count++; }

// check for errors
if (sizeof($errorList) == 0)
{

MYSQL_CONNECT($host,$user,$pass) OR DIE("Unable to connect to database");

@mysql_select_db("$db") or die("Unable to select database");

$title = strip_tags(@$_POST['title']);
$audience = strip_tags(@$_POST['audience']);


$query = "INSERT INTO lessons(title,audience,image) VALUES('$title','$audience','$image')";

$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());

MYSQL_CLOSE();

$temp2 = $fullpath."/images/lessons/temp/".$image."";
$perm = $fullpath."/images/lessons/".$image."";
copy($temp2, $perm); 
unlink($temp2);

header("Location: $PHP_SELF?action=new");
} 
	else
	{
		// errors occurred
echo "$missingfields";

$title = @$_POST['title'];
$audience = @$_POST['audience']; ?>

<form enctype="multipart/form-data" action="<? echo $PHP_SELF ?>?action=add" method="post" name="newlesson">

<? IF ($titleerror) { echo $titleerror; } ?>Title:<br>
<input name="title" type="text" size="40" maxlength="75" value="<? echo @$title; ?>"><br><br>

<? IF ($audienceerror) { echo $audienceerror; } ?>Audience:<br>
<input name="audience" type="text" size="40" maxlength="50" value="<? echo @$audience; ?>">
<?
IF ($image) {
print "<br><br>Current Image: $image<br><br>";
print "<input type=\"hidden\" name=\"oldimage\" value=\"$image\">";
} ?>

<br><br>Image:<br><input name="userfile" type="file"><br><br>

<input type="submit" name="Submit" value="Submit"></form>
<?
	}

exit;
}
?>