Forum Moderators: coopster
I have this form that is a combination of data and the image upload is optional. However, when tested, it does what is required only when an image (jpeg, gif, png or bmp types) is attached. If there is no image is attached, the form doesn't submit any data and this is very frustrating, as the form should always submit data provided it passes the validation I have put in place.
Why could this be happening? I have spent a good few hours on debugging the script and had no such luck.
Any help in any form is appreciated.
Cheers!
****Code****
<?php
if(isset($_POST['validate'])) // Check to see if form was submitted
{
if(trim($_POST['sender_Name']) == "") {
echo "Sender Name is left blank<br />"; }
else {
$sender = trim($_POST['sender_Name']);
if(trim($_POST['sender_Location']) == "") {
echo "Your Location is left blank<br />"; }
else {
$location = trim($_POST['sender_Location']);
if(trim($_POST['sender_Email']) == "") {
echo "Sender Email is left blank<br />"; }
else {
if (trim(!preg_match("/^([\w-]+(?:\.[\w-]+)*)@((?:[\w-]+\.)*\w[\w-]{0,66})\.([a-z]{2,6}(?:\.[a-z]{2})?)$/i", $_POST['sender_Email']))) {
echo "The email provided is invalid - Please enter a valid email address<br />"; }
}
$email = (trim($_POST['sender_Email']));
if(trim($_POST['sentto']) == "") {
echo "Please let us know to who is this message being sent<br />"; }
else {
$sent = trim($_POST['sentto']);
$msg_type = $_POST['Wishes'];
$show_date = ($_POST['date'] . "-" .$_POST['month'] ."-".$_POST['year']);
$publ_date = (($_POST['year'] . "-" .$_POST['month'] ."-".$_POST['date']));
if($publ_date < (date('Y-m-d'))) {
echo "Publish Date cannot be in the past<br />";}
else {
$message = (addslashes(trim($_POST['message'])));
if (trim($_POST['message']) == "") {
echo "Sorry, but you cannot send an empty message<br />"; }
else {
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
$today = date('Y-m-d');
$new_file_name = "999999";
}
}
}
}
}
if(!empty($_FILES['photo']['name']))
{
function getExtension($str)
{
$i = strrpos($str,".");
if(!$i) {return "";}
$l = strlen($str) - $i;
$ext = substr($str, $i+1, $l);
return $ext;
}
$extn = getExtension($_FILES['photo']['name']);
$extn = strtolower($extn);
$allowed_file_types = array ('jpg', 'pjpeg', 'gif', 'bmp', 'png', 'jpeg');
if (!in_array($extn, $allowed_file_types))
{
die ('The file you attempted to upload is not allowed!<br />');
}
$rand_numb = rand(111111, 999999);
$new_file_name = $rand_numb . "." . $extn;
$path = "wishes/";
$path = $path ."images/".$new_file_name;
if(!move_uploaded_file($_FILES['photo']['tmp_name'], $path))
{
$failure = "Upload Failed<br />";
} else {
$success = "Upload Successful<br />";
include_once('dbconn.php');
if (!$connx)
{
die ('Sorry, Could Not make Database Connection');
}
@mysql_select_db($dbs);
$result = "INSERT INTO wishes (wishesID, sender_Name, sender_Location, sender_IP, sender_Email,
sent_Date, sent_To, message_Type, publish_Date, message, photo_id) VALUES ('NULL', '$sender', '$location',
'$ip', '$email', '$today', '$sent', '$msg_type', '$publ_date', '$message', '$new_file_name')";
mysql_query($result) or
die ("Failed to update database");
mysql_close();
$message = nl2br(stripslashes(trim($_POST['message'])));
$post_email = "email@example.com";
$subject = $show_date ." - $msg_type" ." Wishes to be posted on " .$show_date;
$message = nl2br(stripslashes(trim($_POST['message'])));
$post_email = "myemail@example.com";
$subject = $show_date ." - $msg_type" ." Wishes to be posted on " .$show_date;
$posted_msg = "Sender: $sender \r\n"."Email: $email \r\n"."Message: $message \r\n" ."File Sent: $new_file_name";
mail($post_email, $subject, $posted_msg, "From: $email\r\nReply-To: $post_email\r\nReturn-Path: $post_email\r\n");
}
}
}
?>
[edited by: eelixduppy at 5:06 pm (utc) on Sep. 6, 2008]
[edit reason] exemplified [/edit]
// etc...
if(isset($_POST['validate'])) // Check to see if form was submitted
{
if(trim($_POST['sender_Name']) == "") {
echo "Sender Name is left blank<br />"; }
else {
$sender = trim($_POST['sender_Name']);
if(trim($_POST['sender_Location']) == "") {
echo "Your Location is left blank<br />"; }
else {
$location = trim($_POST['sender_Location']);
if(trim($_POST['sender_Email']) == "") {
echo "Sender Email is left blank<br />"; }
else {
if (trim(!preg_match("/^([\w-]+(?:\.[\w-]+)*)@((?:[\w-]+\.)*\w[\w-]{0,66})\.([a-z]{2,6}(?:\.[a-z]{2})?)$/i", $_POST['sender_Email']))) {
echo "The email provided is invalid - Please enter a valid email address<br />"; }
}
$email = (trim($_POST['sender_Email']));
if(trim($_POST['sentto']) == "") {
echo "Please let us know to who is this message being sent<br />"; }
else {
$sent = trim($_POST['sentto']);
$msg_type = $_POST['Wishes'];
$show_date = ($_POST['date'] . "-" .$_POST['month'] ."-".$_POST['year']);
$publ_date = (($_POST['year'] . "-" .$_POST['month'] ."-".$_POST['date']));
if($publ_date < (date('Y-m-d'))) {
echo "Publish Date cannot be in the past<br />";}
else {
$message = (addslashes(trim($_POST['message'])));
if (trim($_POST['message']) == "") {
echo "Sorry, but you cannot send an empty message<br />"; }
else {
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
$today = date('Y-m-d');
$new_file_name = "999999";
}
}
}
}
if(!empty($_FILES['photo']['name']))
{
function getExtension($str)
{
$i = strrpos($str,".");
if(!$i) {return "";}
$l = strlen($str) - $i;
$ext = substr($str, $i+1, $l);
return $ext;
}
$extn = getExtension($_FILES['photo']['name']);
$extn = strtolower($extn);
$allowed_file_types = array ('jpg', 'pjpeg', 'gif', 'bmp', 'png', 'jpeg');
if (!in_array($extn, $allowed_file_types))
{
die ('The file you attempted to upload is not allowed!<br />');
}
$rand_numb = rand(111111, 999999);
$new_file_name = $rand_numb . "." . $extn;
$path = "wishes/";
$path = $path ."images/".$new_file_name;
if(!move_uploaded_file($_FILES['photo']['tmp_name'], $path))
{
$failure = "Upload Failed<br />";
} else {
$success = "Upload Successful<br />";
include_once('dbconn.php');
if (!$connx)
{
die ('Sorry, Could Not make Database Connection');
}
@mysql_select_db($dbs);
$result = "INSERT INTO wishes (wishesID, sender_Name, sender_Location, sender_IP, sender_Email,
sent_Date, sent_To, message_Type, publish_Date, message, photo_id) VALUES ('NULL', '$sender', '$location',
'$ip', '$email', '$today', '$sent', '$msg_type', '$publ_date', '$message', '$new_file_name')";
mysql_query($result) or
die ("Failed to update database");
mysql_close();
$message = nl2br(stripslashes(trim($_POST['message'])));
$post_email = "email@example.com";
$subject = $show_date ." - $msg_type" ." Wishes to be posted on " .$show_date;
$message = nl2br(stripslashes(trim($_POST['message'])));
$post_email = "myemail@example.com";
$subject = $show_date ." - $msg_type" ." Wishes to be posted on " .$show_date;
$posted_msg = "Sender: $sender \r\n"."Email: $email \r\n"."Message: $message \r\n" ."File Sent: $new_file_name";
mail($post_email, $subject, $posted_msg, "From: $email\r\nReply-To: $post_email\r\nReturn-Path: $post_email\r\n");
}
}
/*
addition:
you need another else {
add another insert
as is if you had an editor highlighting brackets you will see as I suspected
that the only condition matched if: If img is set
AND you are not sanityzing your data sent to your DB
using any variation around of mysql_real_escape_string
*/
}
?>
<edit> This is not a good logic
instead of two inserts
move the bracket ending the img section
just above the conn script
so one way or the other you will always insert
</edit>
