Prevent Upload file when F5 key pressed

rfontain

Hello,

on the same php page, I upload files with a file form? then I register the data in a sql database, and finally I list all the files previously uploaded.
Problem is when I refresh screen with F5, without (uploading new files), i add the last file data into my database. I didn't find how to test it. I tried to unset $_FILES but it is re-set when pressing F5 and I can't do the test.

Can you help?

Thanks
Richard

Najjar

Before you insert into the Database you need to check if the values already exist
and/or you can use no-cache and redirect the user to another page.

<META Http-Equiv="Cache-Control" Content="no-cache">
<META Http-Equiv="Pragma" Content="no-cache">
<META Http-Equiv="Expires" Content="0">

Nugen

after the file is uploaded:

header("Location: file_upload_complate_page.php");

problem solved.

rfontain

thank you for you two. I' ll trY.regards

rfontain

Sorry, I am a beginner, i tried both solutoins and I couldn't make them work.
I try to check with :

(isset($_FILES['userfile']['type']))

now with the no-cahce options a popup window appears to telle me that I have to reload informatoin for this page, but at the end, the varaible still exists!

For the header("Location: file_upload_complate_page.php"); I have the warning "headers already sent...."
Actually, to which page should I redirect the user? Should I "copy" my "upload" file? Does taht mean that I cannot have a upload file part and an insertion in the same page?
Thanks and sorry for my "beginners" questions.
PS my code is below.

<form enctype="multipart/form-data" action="upload.php" method=post>
<table width="499">

<tr>
<td class="textmain"> </td>
<td height="21" colspan="3" class="textmain">File :
<input type="file" name="userfile" ></td>
<td> </td>
</tr>
<tr>
<td class="textmain"> </td>
<td height="21" colspan="3" class="textmain">Select the re-touch type you want for your pictures : </td>
<td> </td>
</tr>
<tr>
<td class="textmain"> </td>
<td height="21" class="textmain"><label>
<input name="touching_type" type="radio" value="1" checked>
Bulk</label></td>
<td width="6"> </td>
<td width="194" valign="top" class="textmain"><label>
<input type="radio" name="touching_type" value="2">
Custom</label></td>
<td width="77"> </td>
</tr>
<tr>
<td> </td>
<td height="21"><span class="textmain">
<input name="Envoyer" type="submit" class="textmain" value="Upload picture">
</span></td>
<td></td>
<td></td>
<td></td>
</tr>
</table>
</form>
<?php
// test if there is a file uploaded, if not don't insert anything in the database, if yes go through the check procedure before uploading into database
//check procedure
if (isset($FILES['userfile']['type']))
{
if ($FILES['userfile']['error'] > 0)
{
echo 'Problem: ';
switch ($FILES['userfile']['error'])
{
case 1: echo 'File exceeded upload_max_filesize'; break;
case 2: echo 'File exceeded max_file_size'; break;
case 3: echo 'File only partially uploaded'; break;
case 4: echo 'No file uploaded'; break;
}
exit;
}
// Does the file have the right MIME type, image type?
$typefile = $FILES['userfile']['type'];
if (($typefile != 'image/pjpeg') & ($typefile != 'image/jpeg') & ($typefile != 'image/gif') & ($typefile != 'image/png'))
{
echo 'Problem: file type not supported';
echo $typefile ;
exit;
}
// file downloaded into temporary directory so copy it in user directory before it is deleted
$upfile ='uploads/'.$FILES['userfile']['name'];
if (is_uploaded_file($FILES['userfile']['tmp_name']))
{
if (!move_uploaded_file($FILES['userfile']['tmp_name'], $upfile))
{
echo 'Problem: Could not move file to destination directory';
echo $FILES['userfile']['tmp_name'];
exit;
}
}
else
{
echo 'Problem: Possible file upload attack. Filename: ';
exit;
}
print "<tr><td><span class='titre2'>File uploaded successfully</span></td></tr><br><br>";
//insert image data into tabel_image db
db_connect();
$name=$FILES['userfile']['name'];
$id = $SESSION['userid'];
$type = $POST['touching_type'];
$datejour = date('c');
$query = "INSERT INTO table_image SET image_name='$name', subscriber_id='$id', retouch_type='$type', image_status='0',date_image_posted='$datejour'";
$result = $db->query($query);
$db->close();
}
// connect to database for reading
db_connect();
$name=$FILES['userfile']['name'];
$id = $_SESSION['userid'];
//look for all the pictures downloaded for bulk retouch with status=0
$query = "SELECT * from table_image where subscriber_id='$id' and retouch_type='1' and image_status='0'";
$result = $db->query($query);
?>
<p><img src="Buttons/barre_titres.gif" width="800" height="5"></p>
<p valign = 'top' class="titrepage">Uploaded pictures for bulk re-touch</p>
<?php
$nb = $result->num_rows;
print "<tr><td><span class='textmain'>You have $nb picture(s) uploaded for bulk retouch</span></td></tr><br><br>";
$i=1;
?>
<table width="600">

<tr class="barretitre" cellpadding="10" cellspacing ="0">
<td width="77"><div align="center">N°</div></td>
<td ><div align="center">Image name </div></td>
<td colspan="2"><div align="center">Modify</div></td>
</tr>
<?php
// list all pictures for bulk retouch and display into table
$i=1;
while ($i<=$nb)
{
$row = $result->fetch_assoc();
$nom = $row['image_name'];
print"<tr align='left'><td class='textmain'><div align ='center'>$i</div></td><td class='textmain'>"?><a href="javascript:popImage <?php print"('./uploads/$nom','titreimage')"?>""><?php print"$nom</a></td>";
print"<td valign='middle' class='textmain'><form action='' method='post' name='retouch_type_valid' id='retouch_type_valid'>";
print" <p><input type='checkbox' name='checkbox' value='checkbox'>Delete</p>";
print" <td valign='middle' class='textmain'><input type='checkbox' name='checkbox2' value='checkbox'>Change to custom re-touch</td>";
$i++;
}
print"</td></tr></table>";