0

I have a script that would upload an image and pass form field data to be processed by freeaspupload.php and myself. For some reason, just here recently the script stopped working. I can no longer receive data from 2 of my form fields.

This is my form page.

<!--#include file="includes/open_db_conn.asp"-->
<!--#include file="includes/security_article.asp"-->
<!--#include file="includes/header.asp"-->
<% uid = CInt(Request.QueryString("uid"))

rs.Open "SELECT * FROM landingPage WHERE pageId =" & uid, con %>
<br>

<div class="content">
<% If Request.QueryString("post") = "successful" Then %>

    <p style="color:Red">Landing Page Edited Successfully.</p>
<% End If %>
<% If Request.QueryString("uid") > 0 Then %>
    <p style="color:Red"><a href="/landingpage.asp?id=<%= Request.QueryString("uid") %>" target="_blank">/landingpage.asp?id=<%= Request.QueryString("uid") %></a></p>
<% End If %>

<p class="header">Edit This Landing Page:</p><br>
<form action="landingpage_process.asp" name="landingForm" method="post" enctype="multipart/form-data">
<input type="hidden" name="pageId" size="30" maxlength="255" value="<%= rs("pageId") %>"/>
<input type="hidden" name="action" value="edit" />
<table width="80%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="30%" align="left" valign="top"><p class="copy">Title:</p></td>
    <td width="70%" align="left" valign="top"><p class="copy"><input type="text" name="pageTitle" size="30" value="<%= rs("pageTitle") %>" /></p></td>
  </tr>
  <tr>
    <td width="30%" align="left" valign="top"><p class="copy">Banner Image:</p></td>
    <td width="70%" align="left" valign="top"><p class="copy"><input type="file" name="pageBanner" size="30" /></p>
    <img src="../images/pages/<%= rs("pageBanner") %>" alt="" style="max-height:75px;" /></td>
  </tr>
  <tr>
    <td align="left" valign="top" colspan="2"><p class="copy">Left Column:</p><p class="copy">
    <textarea id="pageLeftColumn" name="pageLeftColumn"><%= Replace(rs("pageLeftColumn"), "&amp;", "&") %></textarea>
    </p></td>
  </tr>
  <tr>
    <td align="left" valign="top" colspan="2"><p class="copy">Right Column (Leave blank for one large left column)</p><p class="copy">
    <textarea id="pageRightColumn" name="pageRightColumn"><%= Replace(rs("pageRightColumn"), "&amp;", "&") %></textarea>
    </p></td>
  </tr>
  <tr>
    <td align="center" valign="top" colspan="2"><center><input type="submit" value="Edit Page" /></center></td>
  </tr>
</table>

</form>

</div>

<!--#include file="includes/footer.asp"-->
<!--#include file="includes/close_db_conn.asp"-->

This is the page used for processing:

<%@ Language=VBScript %>
<%
option explicit 

Response.Expires = -1

Server.ScriptTimeout = 600
' All communication must be in UTF-8, including the response back from the request
Session.CodePage  = 65001
%>
<!-- #include file="includes/freeaspupload.asp" -->
<!-- #include file="includes/ChkString.asp"-->
<!-- #include file="includes/open_db_conn.asp"-->
<%
Dim action, returnPage
action = "add"

returnPage = "landingpage_add.asp"

Dim uploadsDirVar
uploadsDirVar = "C:\inetpub\colloquy.com\images\pages"

function TestEnvironment()
    Dim fso, fileName, testFile, streamTest

    TestEnvironment = ""

    Set fso = Server.CreateObject("Scripting.FileSystemObject")

    if not fso.FolderExists(uploadsDirVar) then
        TestEnvironment = "<B>Folder " & uploadsDirVar & " does not exist.</B><br>The value of your uploadsDirVar is incorrect. Open uploadTester.asp in an editor and change the value of uploadsDirVar to the pathname of a directory with write permissions."

        exit function
    end if

    fileName = uploadsDirVar & "\test.txt"

    on error resume next

    Set testFile = fso.CreateTextFile(fileName, true)

    If Err.Number<>0 then
        TestEnvironment = "<B>Folder " & uploadsDirVar & " does not have write permissions.</B><br>The value of your uploadsDirVar is incorrect. Open uploadTester.asp in an editor and change the value of uploadsDirVar to the pathname of a directory with write permissions."

        exit function
    end if

    Err.Clear

    testFile.Close

    fso.DeleteFile(fileName)

    If Err.Number<>0 then
        TestEnvironment = "<B>Folder " & uploadsDirVar & " does not have delete permissions</B>, although it does have write permissions.<br>Change the permissions for IUSR_<I>computername</I> on this folder."

        exit function
    end if

    Err.Clear

    Set streamTest = Server.CreateObject("ADODB.Stream")

    If Err.Number<>0 then
        TestEnvironment = "<B>The ADODB object <I>Stream</I> is not available in your server.</B><br>Check the Requirements page for information about upgrading your ADODB libraries."

        exit function
    end if

    Set streamTest = Nothing
end function

Dim test
Dim varStrings
Dim imageArray
Dim item
Dim tempArray

Dim fields
Dim values
Dim sql_add

function SaveFiles
        Dim Upload, fileName, fileSize, ks, i, fileKey

    on error resume next

        Set Upload = New FreeASPUpload

        Upload.Save(uploadsDirVar)

    ' If something fails inside the script, but the exception is handled

    If Err.Number<>0 then 'Exit function
        'Response.Write(Err.Description)
    End If

        SaveFiles = ""

        ks = Upload.UploadedFiles.keys

        if (UBound(ks) <> -1) then
            for each fileKey in Upload.UploadedFiles.keys
                    SaveFiles = SaveFiles & fileKey & "=>" & Upload.UploadedFiles(fileKey).FileName & "<|>"
            next
        end if

        action = Upload.Form("action")

    leftColumn = Upload.Form("pageLeftColumn")
    Response.Write(leftColumn)

        SaveFiles = SaveFiles & "pageTitle=>" & Upload.Form("pageTitle") & "<|>"
        SaveFiles = SaveFiles & "pageLeftColumn=>" & Upload.Form("pageLeftColumn") & "<|>"
        SaveFiles = SaveFiles & "pageRightColumn=>" & Upload.Form("pageRightColumn")

        If action = "edit" Then
            SaveFiles = SaveFiles & "<||>"
            SaveFiles = SaveFiles & Upload.Form("pageId")
        End If
end function

fields = ""
values = ""

test = TestEnvironment()

If len(test) < 1 Then
        varStrings = SaveFiles()

    Response.Write(varStrings)
    Response.End()

        If action = "add" Then
            imageArray = Split(varStrings,"<|>")

            For Each item In imageArray
                    tempArray = Split(item,"=>")
                    fields = fields & tempArray(0) & ", "
                    values = values & "'" & Server.HTMLEncode(replaceQuotes(tempArray(1))) & "', "
            Next

            fields = fields & "dateAdded"
            values = values & "'" & Now() & "'"

            on error resume next

            sql_add = "Insert Into landingPage (" & fields & ") Values (" & values & ");"

            con.Execute sql_add

            Dim rsIdentity 'a recordset to hold the identity value

            'This line of code will get us the indentity value for the row
            ' we just inserted!!
            Set rsIdentity = con.Execute("SELECT @@IDENTITY AS NewID")

            returnPage = "landingpage_add.asp?uid=" & rsIdentity("NewID")

            If err<>0 Then
                response.write("<p class=""header"">Error!</p><p class=""copy"">The record was not saved, please try again.</p><p class=""copy"">" & err.Description & "</p><p class=""copy"">" & sql_add & "</p>")
            End If
        End If

        If action = "edit" Then
            Dim Array1
            Dim Array2

            Array1 = Split(varStrings,"<||>")
            Array2 = Split(Array1(0),"<|>")

            imageArray = Split(varStrings,"<|>")

            Dim comma
            comma = ""

            For Each item In Array2
                    tempArray = Split(item,"=>")
                    fields = fields & comma & tempArray(0) & "='" & Server.HTMLEncode(replaceQuotes(tempArray(1) & "")) & "'"
                    comma = ", "
            Next

            fields = fields & " Where pageId=" & Array1(1)

            returnPage = "landingpage_edit.asp?uid=" & Array1(1)

            on error resume next

            sql_add = "Update landingPage Set " & fields & ";"
            ''Response.Write(sql_add)

            con.Execute sql_add

            If err<>0 Then
                response.write("<p class=""header"">Error!</p><p class=""copy"">The record was not saved, please try again.</p><p class=""copy"">" & err.Description & "</p><p class=""copy"">" & sql_add & "</p>")
            End If
        End If
End If
%>
<!--#include file="includes/close_db_conn.asp"-->
<%
If err=0 Then
    Response.Redirect returnPage & "&post=successful"
End If
%>

The Response.Write(varStrings) at the bottom gives me:

pageTitle=>2013 COLLOQUY Awards Ceremony Video<|>pageLeftColumn=><|>pageRightColumn=><||>46

As you can see, there's no data for the left or right column, though I did have info in those fields.

I've tried changing my textarea's to input's, but that didn't work either (which I was hoping it would since the title field still comes through).

James
  • 3,765
  • 4
  • 48
  • 79
  • Look at your IIS server logs. No one will be able to tell by looking at your code. – Diodeus - James MacFarlane Sep 26 '13 at 15:29
  • My guess is a Windows Update. When I worked in classic ASP, I found it to be more difficult to get it to run properly on Windows Server 2008. Do some searches focused on classic asp and 2008 and see what hits come up. – CM Kanode Sep 26 '13 at 15:31
  • Have you tried removing `enctype="multipart/form-data"` and reading the form values via Request.Form to rule out any typo's etc.? If that works then it points to an issue with the upload class. – DAC84 Sep 26 '13 at 16:29
  • @DAC84 Yes, if I do that I get all of the data. I don't understand what could have changed with the class though. The file has never been updated (`freeaspupload.com`). I think I'm going to try to undo the latest Windows updates and see if it starts working... – James Sep 26 '13 at 17:20
  • you talk about freeaspupload.php - you are using a file with a .asp extension to do your upload, aren't you – John Sep 26 '13 at 21:14
  • 1
    You may find this question worth reading. http://stackoverflow.com/questions/18271091/how-to-insert-record-and-upload-file-using-the-freeaspupload-script/18283776#18283776 . If your server supports it, though, I recommend doing uploads in asp.net. Even if it's the very first thing you ever do in .net it's easier to configure than ASPFreeupload – John Sep 26 '13 at 21:23
  • @John Sorry, I'm a PHP programmer and just put .php automatically out of habit. But yes, it's .asp. Also I found the issue. It was because the text being passed contained a windows curly quote character which just broke it. :/ I looked over their text and seen that. – James Oct 02 '13 at 22:39

2 Answers2

2

The problem is you're trying to access the form data using Request.Form which doesn't support enctype="multipart/form-data".

To access the binary data you need to use Request.BinaryRead(Request.TotalBytes) and the easiest way is to use a prewritten class designed for uploading files/images, see: http://www.codeguru.com/csharp/.net/net_asp/article.php/c19297/Pure-ASP-File-Upload.htm

As an example, you would access the files and other form values like so:

Dim Uploader, strTest, File
Set Uploader = New FileUploader
Uploader.Upload 'Start the upload process

'typical form field
strTest = Uploader.Form("field-name")

'Uploaded file
For Each File In Uploader.Files.Items
    strFileName = File.FileName
    dblFileSize = Cdbl(Round((File.FileSize/1000), 2))

    'save the file - optionally change the filename before saving
    File.FileName = "newfilename.doc"
    File.SaveToDisk "C:\YourPath"
Next
DAC84
  • 1,254
  • 1
  • 20
  • 30
  • I actually didn't know you still couldn't use request.form if it was set to multipart/form-data, but an issue I'm still having is that when using freeaspupload.php's script which always worked before, I can now only get the title field and image field. Neither column text areas are sending data (or when I change them to text fields). Nothing has changed in the script. However, with your answer I guess I need to update my question to only ask about freeaspupload.php. Thanks and +1 for the unknown info. – James Sep 26 '13 at 16:15
0

It turns out that the form was working, but the test text being used contained a windows curly quote character which was breaking the upload script at the form element containing the character. I don't know why those characters were ever invented... So annoying.

James
  • 3,765
  • 4
  • 48
  • 79