This script handles posts from an html form. When I submit the form to the script it will insert or update the data fields to the database, but it wont upload the files. I have also written the file upload a different way. I have included both ways in this post. Can any one help.
I was wondering if $_POST is getting in the way of the images being uploaded?
<?php
include "../../xtemplate/xtemplate.class.php";
include "../../include/error.inc";
include "../../include/include.inc";
// Initialize an error string
$errorString = "";
$id = (int) isSet($_GET['id']) ? $_GET['id'] : 0;
$pageid = $id + 99;
$picid = $id + 99;
$cat = 22;
// Clean and trim the POSTed values
foreach($_POST as $varname => $value)
$pageFormVars[$varname] = clean($value, 512);
// Validate the home, about, and native anmerican categories apges
if (($id == 1) || ($id == 3) || ($id >= 5) && ($id <= $cat))
{
// Validate pgtitle
if (empty($pageFormVars["pgtitle"]))
// The pgtitle for the home page cannot be NULL
$errorString .= "\n<br>The pgtitle field cannot be blank.";
}
// Now the script has finished validation,
// Check if there were any errors
if (!empty($errorString))
{
?>
<html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<head>
<title>Pages Insert Modify Error</title>
<body>
<center><h1>Pages Insert Modify Error</h1>
<?=$errorString?>
<br>
<a href ="pagesForm.php?id=$id"</a>
</body>
</html>
<?php
exit;
}
// If we made it here, then the data is valid
if (!($connection = @ mysql_pconnect($hostName,
$username,
$password)))
die("Could not connect to the database");
if (!mysql_select_db($databaseName, $connection))
showerror();
// Check to see if the pageid is in the database
if (@ mysql_query ("SELECT pageid FROM pages WHERE pageid = $pageid", $connection))
{
if (($id == 1) || ($id == 3) || ($id >= 5) && ($id <= $cat))
{
// update required fields
if (!(@ mysql_query ("UPDATE pages SET ".
"pgtitle = \"" . $pageFormVars["pgtitle"] . "\", " .
}
elseif ($id == 4)
{
// update required fields
if (!(@ mysql_query ("UPDATE pgmission SET ".
"paragraph1 = \"" . $pageFormVars["paragraph1"] . "\" ".
"WHERE pageid = $pageid", $connection)))
showerror();
}
elseif ($id == 2)
{
// update required fields
if (!(@ mysql_query ("UPDATE pgcontact SET ".
"conheading = \"" . $pageFormVars["conheading"] . "\", " .
"conStorename = \"" . $pageFormVars["conStorename"] . "\", " .
"conAddress = \"" . $pageFormVars["conAddress"] . "\", " .
"conCity = \"" . $pageFormVars["conCity"] . "\", " .
"conState = \"" . $pageFormVars["conState"] . "\", " .
"conzip = \"" . $pageFormVars["conzip"] . "\", " .
"conphone = \"" . $pageFormVars["conphone"] . "\", " .
"confax = \"" . $pageFormVars["confax"] . "\", " .
"conemail = \"" . $pageFormVars["conemail"] . "\" " .
"WHERE pageid = $pageid", $connection)))
showerror();
}
else
showerror();
}
elseif (!(@ mysql_query ("SELECT pageid FROM pages WHERE pageid = $pageid", $connection)))
{
if (($id == 1) || ($id == 3) || ($id >= 5) && ($id <= $cat))
{
// insert required fields
if (!(@ mysql_query ("INSERT INTO pages SET pageid = $pageid, " .
"pgtitle = \"" . $pageFormVars["pgtitle"] . "\", " .
"pgdesc = \"" . $pageFormVars["pgdesc"] . "\", " .
"kywd1 = \"" . $pageFormVars["kywd1"] . "\", " .
"kywd2 = \"" . $pageFormVars["kywd2"] . "\", " .
"kywd3 = \"" . $pageFormVars["kywd3"] . "\", " .
"kywd4 = \"" . $pageFormVars["kywd4"] . "\", " .
"kywd5 = \"" . $pageFormVars["kywd5"] . "\", " .
"kywd6 = \"" . $pageFormVars["kywd6"] . "\", " .
"kywd7 = \"" . $pageFormVars["kywd7"] . "\", " .
"kywd8 = \"" . $pageFormVars["kywd8"] . "\", " .
"kywd9 = \"" . $pageFormVars["kywd9"] . "\", " .
"kywd10 = \"" . $pageFormVars["kywd10"] . "\", " .
"kywd11 = \"" . $pageFormVars["kywd11"] . "\", " .
"kywd12 = \"" . $pageFormVars["kywd12"] . "\", " .
"heading = \"" . $pageFormVars["heading"] . "\", " .
"subheading = \"" . $pageFormVars["subheading"] . "\", " .
"paragraph1 = \"" . $pageFormVars["paragraph1"] . "\", " .
"paragraph2 = \"" . $pageFormVars["paragraph2"] . "\", " .
"paragraph3 = \"" . $pageFormVars["paragraph3"] . "\", " .
"paragraph4 = \"" . $pageFormVars["paragraph4"] . "\", " .
"picturetext1 = \"" . $pageFormVars["picturetext1"] . "\", " .
"picturetext2 = \"" . $pageFormVars["picturetext2"] . "\"", $connection)))
showerror();
}
elseif ($id == 4)
{
// update required fields
if (!(@ mysql_query ("INSERT INTO pgmission SET pageid = $pageid, " .
"paragraph1 = \"" . $pageFormVars["paragraph1"] . "\"", $connection)))
showerror();
}
elseif ($id == 2)
{
// update required fields
if (!(@ mysql_query ("INSERT INTO pgcontact pageid = $pageid, ".
"conheading = \"" . $pageFormVars["conheading"] . "\", " .
"conStorename = \"" . $pageFormVars["conStorename"] . "\", " .
"conAddress = \"" . $pageFormVars["conAddress"] . "\", " .
"conCity = \"" . $pageFormVars["conCity"] . "\", " .
"conState = \"" . $pageFormVars["conState"] . "\", " .
"conzip = \"" . $pageFormVars["conzip"] . "\", " .
"conphone = \"" . $pageFormVars["conphone"] . "\", " .
"confax = \"" . $pageFormVars["confax"] . "\", " .
"conemail = \"" . $pageFormVars["conemail"] . "\"", $connection)))
showerror();
}
else
showerror();
}
else
showerror();
// Check to see if the file has been uploaded
if (@ mysql_query ("SELECT picid FROM picture WHERE picid = $pageid", $connection))
{
// update picture 1 & picture 2
error_reporting(0);
$path = "/home/httpd/vhosts/turquoisepueblo.com/httpdocs/images/"; //set you own absolute path
$tmp_name = $_FILES['picture1']['tmp_name'];
$tmp_name1 = $_FILES['picture2']['tmp_name1'];
$fname = $_FILES['picture1']['name'];
$fname1 = $_FILES['picture2']['name1'];
if((is_uploaded_file($tmp_name)) && (is_upload_file($tmp_name1)))
{
if((move($tmp_name, $path.$fname)) && (move($tmp_name1, $path.$fname1)))
{
if(!(@ mysql_query("UPDATE picture SET picture1='".$fname."'
picture2='".$fname1."'
WHERE picid='".$pageid."'")))
showerror();
}
}
}
elseif (!(@ mysql_query ("SELECT picid FROM picture WHERE picid = $pageid", $connection)))
{
// insert picture 1 & picture 2
error_reporting(0);
$path = "/home/httpd/vhosts/turquoisepueblo.com/httpdocs/images/"; //set you own absolute path
$tmp_name = $_FILES['picture1']['tmp_name'];
$tmp_name1 = $_FILES['picture2']['tmp_name1'];
$fname = $_FILES['picture1']['name'];
$fname1 = $_FILES['picture2']['name1'];
if((is_uploaded_file($tmp_name)) && (is_upload_file($tmp_name1)))
{
if((move($tmp_name, $path.$fname)) && (move($tmp_name1, $path.$fname1)))
{
if(!(@ mysql_query("INSERT INTO picture SET picid='".$pageid."'
pageid='".$pageid."'
picture1='".$fname."'
picture2='".$fname1."'", $connection)))
showerror();
}
}
}
else
showerror();
// Now show the confirmation page
// header("Location: $HTTP_REFERRER");
?>
<?php
if((is_uploaded_file($picture1)) || (is_uploaded_file($picture2)))
{
// Open the uploaded files
$file = fopen($picture1, "r");
$file1 = fopen($picture2, "r");
// Read in the uploaded file
$fileContents = fread($file, filesize($picture1);
$fileContents1 = fread($file, filesize($picture2);
//Escape special characters in the file
$fileContents = AddSlashes($fileContents);
$fileContents1 = AddSlashed($fileContents);
}
if (is_uploaded_file($picture1))
{
if(!(@ mysql_query("SELECT picture1 FROM picture WHERE picid = $pageid", $connection)
{
if(!(@ mysql_query("INSERT INTO picture SET picid='".$pageid."'
pageid='".$pageid."'
picture1='".$fileContents."'", $connection)))
showerror();
}
else
{
if(!(@ mysql_query("UPDATE picture SET picture1='".$fileContents."'
WHERE picid = '".$pageid."'", $connection)))
showerror();
}
}
if (is_uploaded_file($picture2))
{
if (!(@ mysql_query("SELECT picture2 FROM picture WHERE picid = $pageid", $connection)
{
if (!(@ mysql_query("INSERT INTO picture SET picid='".$pageid."'
pageid='".$pageid."'
picture2='".$fileContents1."'", $connection)))
showerror();
}
else
{
if(!(@ mysql_query("UPDATE picture SET picture2='".$fname."'
WHERE picid = '".$fileContents1."'", $connection)))
showerror();
}
?>
