• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 321
  • Last Modified:

File Upload problem

Hi

I'm having trouble converting a file-upload system to work with register_globals off.

The form :
<TR>
<TD>
<FONT face="Arial, Helvetica, sans-serif" size=2>
Enter the name of the file eg."work.pdf"<B>:</B>
</FONT>
</TD>
<TD>
<FONT face="Arial, Helvetica, sans-serif" size=2>
<B><INPUT class="formfont" id="fluPDFupload" type="file" name="file_pdf"
BorderStyle="Solid" BorderWidth="1px" Width="100px"> </B>
</FONT>
</TD>
</TR>
<tr>
<td align="center" colspan="2"><br>
<input class="button" type="submit" name="sub1" value="OK"> &nbsp; <input name="reset" type="reset" value="RESET">
</td>
</tr>

The form action :

if ($sub1 == 'OK'){
$time = time();
##
if ($file_html != "") {                                                            
$filenamehtml = "$time".'.html';                                          
@copy("$file_html", "./upload/html/$filenamehtml")                  
            or die("Couldn't copy the file.");                              
                  $file_html = '/upload/html/'."$filenamehtml";      
}                                                                                          
##

if($file_pdf != ""){
print "hi";
print "<script lanugage=javascript>alert('')</script>";
$filenamepdf = "$time".'.pdf';
      @copy("$file_pdf", "./upload/pdf/$filenamepdf")
                   or die("Couldn't copy the file.");
                   $file_pdf = '/upload/pdf/'."$filenamepdf";
}
##
if ($file_doc != "") {
$filenamedoc = "$time".'.doc';
      @copy("$file_doc", "./upload/doc/$filenamedoc")
                   or die("Couldn't copy the file.");
                   $file_doc = '/upload/doc/'."$filenamedoc";
}
##
if ($file_other != "") {
$filenameother = "$time".'.pps';
      @copy("$file_other", "./upload/other/$filenameother")
                   or die("Couldn't copy the file.");
                   $file_other = '/upload/other/'."$filenameother";
}
##
       $sector = addslashes($sector);
       $category = addslashes($category);
       $branch = addslashes($branch);
       $display = addslashes($display);
       $pubdate = addslashes($pubdate);
       $adddate = date("Y-m-d");
       $title = addslashes($title);
       $keyw = addslashes($keyw);
       $synopsis = addslashes($synopsis);
       $file_pdf = addslashes($file_pdf);
       $file_doc = addslashes($file_doc);
       $file_other = addslashes($file_other);
 
$sql = "INSERT INTO documents SET
           sector  = '$sector ',
       category = '$category',
       branch= '$branch',
       display = '$display',
       pubdate= '$pubdate',
       adddate = '$adddate',
       title = '$title',
       keyw = '$keyw',
       synopsis = '$synopsis',
       file_pdf = '$file_pdf',
       file_doc = '$file_doc',
       file_other = '$file_other'";
mysql_query($sql);
echo mysql_error();
print "<script language=javascript>window.location='load2.php'</script>";
}
 the variables:


if(isset($_POST['file_pdf'])){
$file_pdf = $_POST['file_pdf'];
}else{
      $file_pdf = "";
}

Please help. This works fine with regisater_globals on
0
JCGreyling
Asked:
JCGreyling
1 Solution
 
JCGreylingAuthor Commented:
I do include the variables
0
 
Diablo84Commented:
First of all a little "how to" info.

Normal form elements (with the post method), textarea, checkboxes, text inputs, etc. should be referenced using:

$_POST['the_name_of_the_input'];

The file input is a little different. On the server side you have an array called the $_FILES array. This contains all of the relevant information about the uploaded file. For example, if your file input was called "myfile":

$_FILES['myfile']['name'];

would have the original filename assigned to it.

The PHP manual page for handling file uploads will tell you everything you need to know regarding how to handle the process:

http://us3.php.net/manual/en/features.file-upload.php

Make sure your form tag includes: enctype="multipart/form-data"

For example. instead of:

if ($file_html != "") {                                                  
$filenamehtml = "$time".'.html';                                  
@copy("$file_html", "./upload/html/$filenamehtml")              
          or die("Couldn't copy the file.");                        
               $file_html = '/upload/html/'."$filenamehtml";    
}

you would use something like:

if (!empty($_FILES['file_html']['name'])) {                                                  
 $filenamehtml = "$time.html";                                  
 if (move_uploaded_file($_FILES['file_html']['tmp_name'],"/upload/html/$filenamehtml")) {
  echo "Done";
 }
 else {
  echo "Could not upload";
 }              
}

And if $sector, $category etc are being populated from the POST array you would instead use:

$sector = addslashes($_POST['sector']);

Diablo84
0
 
hujiCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
Accept: Diablo84

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Huji
EE Cleanup Volunteer
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now