1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 7:34 am May 2, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Form validation issue

validation issue

         

thx967

10:17 pm on Mar 13, 2006 (gmt 0)

10+ Year Member



Im using the following to upload a single image file. The form works to limit the size of the file (If the file is over 500k it won't be uploaded). However - my error handling doesn't seem to be working correctly. I've left out the code thats not associated with the image upload below for the most part.

Anyone have any ideas? 

<script language=javascript>
extArray = new Array(".jpg", ".jpeg",".gif"); //".png", , ".gif"
function callSave()
{
  if(!isCurrency(document.frmlisting.txtlistingprice.value)){
    alert("Price: Incorrect data");
    document.frmlisting.txtlistingprice.select();
return;
  }
if(isBlank(document.frmlisting.txtlistingtitle.value)){
  alert("Title is Required");
    document.frmlisting.txtlistingtitle.focus();
  return;
  }
if(!isBlank(document.frmlisting.txtlistingimage.value)){
  if(!isValidFile(document.frmlisting.txtlistingimage.value)){
    alert("Selected file is not a vaild image type. \nPlease select "+ (extArray.join(" ").toUpperCase())+ " files. ");
    document.frmlisting.txtlistingimage.select();
    return;
  }
  }
if(isBlank(document.frmlisting.txtlistingemail.value)){
    alert("Email is Required");
    document.frmlisting.txtlistingemail.select();
return;
  }
  if(!isEmail(document.frmlisting.txtlistingemail.value)){
    alert("Email: Incorrect data");
    document.frmlisting.txtlistingemail.select();
    return;
  }
document.frmlisting.action="listingsubmit.php";
  document.frmlisting.submit();
}
</script>
<FORM name="frmlisting" method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="500000">
<Input type="file" name="txtlistingimage" style="WIDTH: 275px; HEIGHT: 20px" size="39" maxlength="100">
       <Input type=hidden name="mode" value="<?=$mode?>">
       <input type=hidden name="l_id" value="<?=$l_id?>">
       <input type=hidden name="c_id" value="<?=$c_id?>">
          <input type=hidden name="cboCity" value="<?=$intcityid?>">
          <input type=hidden name="txtpreviousimage" value="<?=$listingimage?>">
          <input type=hidden name="txtfrmpg" value='<?=$frmpg?>'>
<input type="button" class="btn_text" value="Preview" onclick="javascript:callSave();" style="border:solid-1px; color: #333333 ">

The processor "listingsubmit.php" 


<?
$frmpg = $HTTP_POST_VARS['txtfrmpg'];
$dirupload = "images/listing/";
switch ($mode){
case "Add":
//-- GET SIZE OF UPLOAD IMAGE
  /*== only allow images smaller than 600 x 600 ==*/
  $imgsize = GetImageSize('txtlistingimage');
  /*== check size 0=width, 1=height ==*/
  if (($imgsize[0] > 600) ¦¦ ($imgsize[1] > 600))
  {
     /*== if an error occurs the file could not
        be written, read or possibly does not exist ==*/
     print "Your File is to large. Maximum file dimensions are 600px x 600px.";
     exit();
    }
$max_filesize_k = ($max_filesize / 500);
if($_FILES['txtlistingimage']['size'] > $max_filesize)
{
  echo "Your file is too large. Files may be up to ".$max_filesize_k."K\n";
  include("listingentry.php");
  exit;
}
//-- END GET SIZE OF UPLOAD IMAGE
    if($HTTP_POST_FILES['txtlistingimage']['name'] == ""){
      $listing_image = "";
    }else{
      $listing_image = getfilename($HTTP_POST_FILES['txtlistingimage']['name'],1);
      copy ( $HTTP_POST_FILES['txtlistingimage']['tmp_name'],$dirupload.$listing_image)
      or $msgid=2;
    }

jbrevell

5:10 pm on Mar 14, 2006 (gmt 0)

10+ Year Member



Where does $max_filesize get defined. Doesn't seem to come from the form(<input type="hidden" name="MAX_FILE_SIZE" value="500000">)

try adding $max_filesize = $_POST('MAX_FILE_SIZE')

at the beginning of your php script

John

thx967

6:41 pm on Mar 14, 2006 (gmt 0)

10+ Year Member



The max file size is set in the form (in the first set of code in the post) this portion works - it limits the file sizes to under 500k. The problem I'm having is that while the form is processed the error handling isn't working.

thx967

9:02 pm on Mar 14, 2006 (gmt 0)

10+ Year Member



I errored in my last post - you are correct - i've edited my code to also reflect some updated php. But its still not working. 


$frmpg = $HTTP_POST_VARS['txtfrmpg'];
$dirupload = "images/listing/";
switch ($mode){
case "Add":
  if($HTTP_POST_FILES['txtlistingimage']['name'] == ""){
   $listing_image = "";
  }else{
   $listing_image = getfilename($HTTP_POST_FILES['txtlistingimage']['name'],1);
   copy ( $HTTP_POST_FILES['txtlistingimage']['tmp_name'],$dirupload.$listing_image)
   or $msgid=2;
  }
//-- GET SIZE OF UPLOADED IMAGE
$max = $_POST['MAX_FILE_SIZE'];
$maxsize = $max / 500000; 
$file = $_FILES['$frmpg']; // file from form
$upload_dir = 'images/listing/'; // path to the image directory
$max_size = 500000; // roughly 500K
if(filesize($file['tmp_name']) > $max_size)
 die('File size is too great.');
$img_info = getimagesize($file['tmp_name']);
if($img_info[0] > 600 ¦¦ $img_info[1] > 600)
 die('Image dimensions are greater than 600px x 600px.');
if(is_uploaded_file($file['tmp_name'])){
if(move_uploaded_file($file['tmp_name'], $upload_dir.$file['name'])){
 echo 'w00t! The file was uploaded and is in '.$upload_dir;
}
} else {
echo 'No file uploaded to be moved.';
}

jbrevell

10:31 am on Mar 15, 2006 (gmt 0)

10+ Year Member



Your code is missing end of statements (}), and the syntax of your case statement was wrong (why do you need it in any case) I've cleaned it up, see if it does what you expect- I've added comments to the code also:

<form enctype="multipart/form-data" method="post">
<input type="file" name="txtlistingimage">
<input type="hidden" name="mode" value="Add">
<input type="submit">
</form>
<?
$frmpg = $HTTP_POST_VARS['txtfrmpg'];
$dirupload = "images/listing/";

//where does $mode come from?
switch ($_POST['mode']){
case "Add":
if($HTTP_POST_FILES['txtlistingimage']['name'] == ""){
$listing_image = "";
//need something here to stop the script
}
else{
$listing_image = $HTTP_POST_FILES['txtlistingimage']['name'];
copy ( $HTTP_POST_FILES['txtlistingimage']['tmp_name'],$dirupload.$listing_image)
or $msgid=2;
}
break; //added break to case statement

default:
echo "Mode not recognised";
break;
}//added end of switch

//-- GET SIZE OF UPLOADED IMAGE
//$max = $_POST['MAX_FILE_SIZE']; // why use this... you don't use $max anywhere else!
//$maxsize = $max / 500000;
$file = $_FILES['txtlistingimage']; // file from form ISN'T THIS 'txtlistingimage'?
//$upload_dir = 'images/listing/'; // path to the image directory (already defined by $dirupload)
$max_size = 500000; // roughly 500K - correct to hard code this to prevent dudez playing with the form on the clients side

if(filesize($file['tmp_name']) > $max_size)
die('File size is too great.');

//you need to check the file type also(getimagesize returns an image type)

$img_info = getimagesize($file['tmp_name']);
if(($img_info[0] > 600) ¦¦ ($img_info[1] > 600) )//you must bracket each conditional statement, then around whole lot
die('Image dimensions are greater than 600px x 600px.');

if(is_uploaded_file($file['tmp_name'])){
if(move_uploaded_file($file['tmp_name'], $dirupload.$file['name'])) echo 'w00t! The file was uploaded and is in '.$upload_dir;
else echo 'No file uploaded to be moved.';
//added missing end of if statement
}

?>

thx967

9:18 pm on Mar 15, 2006 (gmt 0)

10+ Year Member



I had made some changes to the form already - and have included some of your notes as well. Unfortunatly - still not workin. Mode is defined in the form either add or edit. Below is the current code which covers the "mode" ADD to conclusion. 


if(isset($HTTP_GET_VARS['mode']))
{
 $mode =$HTTP_GET_VARS['mode'];
}
if(isset($HTTP_POST_VARS['mode']))
{
 $mode =$HTTP_POST_VARS['mode'];
}
$frmpg = $HTTP_POST_VARS['txtfrmpg']; //form vars
$dirupload = "images/listing/"; // path to the image directory
switch ($mode){ //defined on the form and above add or edit
case "Add":
 if($HTTP_POST_FILES['txtlistingimage']['name'] == ""){
 $listing_image = "";
 }else{
 $listing_image = getfilename($HTTP_POST_FILES['txtlistingimage']['name'],1);
 copy ( $HTTP_POST_FILES['txtlistingimage']['tmp_name'],$dirupload.$listing_image)
 or $msgid=2;
 }
//-- GET SIZE OF UPLOADED IMAGE
$file = $_FILES['txtlistingimage']; //file from form
$max_size = 500000; // roughly 500K
if(filesize($file['tmp_name']) > $max_size)
 die('File size is too great.');
$img_info = getimagesize($file['tmp_name']);
if(($img_info[0] > 600) ¦¦ ($img_info[1] > 600)) //bracketed each conditional
 die('Image dimensions are greater than 600px x 600px.');
if(is_uploaded_file($file['tmp_name'])){
if(move_uploaded_file($file['tmp_name'], $dirupload.$file['name'])){
 echo 'w00t! The file was uploaded and is in '.$dirupload;
}
} else {
echo 'No file uploaded to be moved.';
} 
 $strInsert="Insert into listing_master(city_id,category_id,listing_title,listing_location,listing_price,listing_text,listing_address,listing_city,listing_image,listing_email,listing_email_option,listing_contact_information,listing_date,listing_show,listing_buysell,listing_premier) values (";
 if($listing_date == ""){
 $strInsert=$strInsert . "$city,$c_id,'$listing_title','$listing_location',$listing_price,'$listing_text','$listing_address','$listing_city','$listing_image','$listing_email','$listing_emailoption','$listing_contactinfo',NULL,'$listing_show','$listing_buysell','$listing_premier')";
 }else{
 $strInsert=$strInsert . "$city,$c_id,'$listing_title','$listing_location',$listing_price,'$listing_text','$listing_address','$listing_city','$listing_image','$listing_email','$listing_emailoption','$listing_contactinfo','$listing_date','$listing_show','$listing_buysell','$listing_premier')";
 }
 $MsgId=1;
 if(!($dbResult = mysql_query($strInsert, $dbLink)))
 {
 $success = "false";
 $MsgId=2;
 }
// $ssql = "SELECT max(listing_id) as listing_id FROM listing_master";
// $dbResultid = mysql_query($ssql,$dbLink);
// $rowlistid = mysql_fetch_array($dbResultid, MYSQL_ASSOC);
// $listingid = $rowlistid['listing_id'];
 $listingid = mysql_insert_id();
 header("Location:listingpreview.php?l_id=$listingid&cityid=".$city."&c_id=$c_id&catid=$c_id&msgid=".$MsgId);
 return;
 break; 
// START MODE EDIT
case "Edit":
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 7:34 am May 2, 2026