quimmy
asked on
PHP - Assistance with IF Statement
I have a script where a user can add info into a data entry page, containing several text fields and a file upload button. The data is then parsed to 2 separate tables. It works great, but I am running into an issue where if I decide to not upload a document, the script will still run, but make a blank entry into the table housing the file upload info. See below:
I want to be able to simply bypass the file upload portion of this script if no doc was chosen for the upload. I have tried added a IF null statement, but its not working. Any help would be appreciated!
P.S. I know I should move over to PDO or mysqli. I will.
//connect to db
require_once('./includes/mysql_connect.inc');
//enter data into db
$sql="INSERT INTO masterlist (client, entry, type, createdBy, dateCreated, lastUpdate, description, notes)
VALUES ('$cn', '$en', '$ty', '$ur', '$dc', '$ud', '$ds', '$nt')";
if (!mysql_query($sql,$dbc))
{
die('Error: ' . mysql_error());
}else{
echo "<font color='#CCCCFF'>New entry submitted! </font>";
}
//start script for uploading function
require_once('./includes/mysql_connect.inc');
$pidQuery = "SELECT UID FROM masterlist WHERE client='$cn' AND notes='$nt'";
$pidResult = mysql_query($pidQuery);
$pidRow = mysql_fetch_array($pidResult);
// Add the record to the database.
$uploadQuery = "INSERT INTO masterupload (uploadID, fname, fsize, ftype) VALUES ('$pidRow[UID]','{$_FILES['file']['name']}', {$_FILES['file']['size']}, '{$_FILES['file']['type']}')";
$uploadResult = @mysql_query($uploadQuery);
echo mysql_error();
//if info successfully posted to hel
if($uploadResult){
// Create the filename.
$extension = explode('.', $_FILES['file']['name']);
$filename = $pidRow['UID'] . '.' . $extension[1];
// Move the file over.
if(move_uploaded_file($_FILES['file']['tmp_name'], "\wamp\www\content/$filename")) {
echo '<p><center>The file has been uploaded!</center></p>';
} else {
echo '<p><font color="#CCCCFF"><center>The file could not be moved.</font></p>';
echo mysql_error();
}
} else { // If the query did not run OK.
echo '<p><font color="#CCCCFF"><center>Your document could not be uploaded due to a system error.</center></font></p>';
}
mysql_close(); // Close the database connection.
}}
?>I want to be able to simply bypass the file upload portion of this script if no doc was chosen for the upload. I have tried added a IF null statement, but its not working. Any help would be appreciated!
P.S. I know I should move over to PDO or mysqli. I will.
OK, there are a lot of moving parts to this application / script so let's deconstruct it a little bit. Before we go too far, please post the HTML document that you use to upload the file(s), so we can see how you're creating the PHP $_FILES array.
Next, please make a Google search for PHP security and read everything you can find. What you've got here has the ability to destroy your database, as soon as a hacker finds it. These links will be helpful, too.
http://php.net/manual/en/language.variables.external.php
http://php.net/manual/en/security.php
http://php.net/manual/en/features.file-upload.php
I'll try to show you some of the things that you need to know about file uploads in another post.
Next, please make a Google search for PHP security and read everything you can find. What you've got here has the ability to destroy your database, as soon as a hacker finds it. These links will be helpful, too.
http://php.net/manual/en/language.variables.external.php
http://php.net/manual/en/security.php
http://php.net/manual/en/features.file-upload.php
I'll try to show you some of the things that you need to know about file uploads in another post.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Ray. Here is the HTML code:
<br><h1 align="left">Enter Information:</h1></font>
<form name="entryadd" method="POST" action="<?php echo $_SERVER['PHP_SELF'];?>" enctype="multipart/form-data">
<table class="clean">
<tr><td>Client Name:</td><td><select name="client">
<option value="">Please select client
<option value="Client Name">Client Name
</select></td></tr>
<tr><td>Entry Name:</td><td>
<input type="text" name="entry" size="20" maxlength="20" /></td></tr>
<tr><td>Type:</td><td><select name="type">
<option value="">Please select type
<option value="General Info">General
<option value="Password">Password
<option value="Network Info">Network Info
<option value="Licensing">Licensing
</select></td></tr>
<tr><td>Created By:</td><td><select name="user">
<option value="">Please select type
<option value="Tech 1>Tech 1
</select></td></tr>
<tr><td>Select File:</td><td>
<input type="file" name="file"></tr></td>
<tr><td>Description:</td><td>
<textarea name="desc" rows="5" cols="75"></textarea></td></tr>
<tr><td>Notes:</td><td>
<textarea name="notes" rows="20" cols="75"></textarea></td></tr>
<input type="hidden"
name="udate"
value="<?php if (isset($_POST['date'])) echo $_POST['date']; else echo date('Y-m-d H:i:s');?>"
size="20"
maxlength="20" /></td></tr>
<tr><td colspan="4" align="center"><input type="submit" name="submit" value="Submit" /></td></tr></table>SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER