I am new to php,trying to do a form, which allows me to upload a few text fields and then upload 3 images, the images are then uploaded into a remote server, and the name of the images are saved into database, so then it can be pulled out and displayed later. (p.s. Ignore the SQL injection issue, i just havent got time around that yet. Thanks)
At the moment i am testing this on localhost. My question is should i loop it, or should i just do the upload process 3 times? Below is what i tried. But the looping trial isnt uploading the files, it just goes straight to invalid file. Also i would like to make sure all 3 files are valid files before uploading them, would i have to loop the verifying first then loop the uploading again?
Please give me some advice, thanks for your time.
<?php
ini_set('display_errors', 1); error_reporting(E_ALL);
ob_start();
session_start();
include 'connect.php';
if ($_POST)
{
//get form data
$Listingname = addslashes(strip_tags($_POST['Listingname']));
$Location = addslashes(strip_tags($_POST['Location']));
$nobed = addslashes(strip_tags($_POST['nobed']));
$zip = addslashes(strip_tags($_POST['zip']));
$price = addslashes(strip_tags($_POST['price']));
$username=addslashes(strip_tags($_POST[$_SESSION['username']]));
if (!$Listingname||!$nobed||!$nobed||!$zip||!$price)
echo "Please fill out all fields";
else
for($i=0;$i<count($_FILES["image"]["name"]);$i++)
{$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"][$i]);
$extension = end($temp);
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 400000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Upload: " . $_FILES["file"]["name"][$i] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"][$i] . " already exists please add another file, or change the. ";
}
else
{
$photo=$_FILES["file"]["name"][$i];
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/$photo");
echo "Stored in: " . "upload/" . $_FILES["file"]["name"][$i];
}
}
}
else
{
echo "Invalid file";
}
{
$username=$_SESSION['username'];
//register into database
mysqli_query($con,"INSERT INTO Listing (username,Listingname,Location,nobed,zip,price,pic1) VALUES
('$username','$Listingname','$Location','$nobed','$zip','$price','$photo');") or die(mysqli_error());
echo "Listing Added";
}
}
}
else
{
?>
<form action="Submitlisting2.php" method="post"
enctype="multipart/form-data">
Listing Name:<br />
<input type='text' name='Listingname'><p />
Location:<br />
<input type='text' name='Location'><p />
Number of Beds:<br />
<input type='test' name='nobed'><p />
Zip:<br />
<input type='text' name='zip'><p />
Price:<br />
<input type='text' name='price'><p />
<label for="file">Pic1(File must be exceed 4mb):</label>
<input type="file" name="file[]" id="file"><br>
<label for="file">Pic2(File must be exceed 4mb):</label>
<input type="file" name="file[]" id="file"><br>
<br>
<input type='submit' name='submit' value='Submit'>
</form>
<?php
}
?>
Attempt without looping(this get very very long, the attempt is only with 2 images upload, which is 1 reason why i am thinking to loop)
<?php
ini_set('display_errors', 1); error_reporting(E_ALL);
ob_start();
session_start();
include 'connect.php';
if ($_POST)
{
//get form data
$Listingname = addslashes(strip_tags($_POST['Listingname']));
$Location = addslashes(strip_tags($_POST['Location']));
$nobed = addslashes(strip_tags($_POST['nobed']));
$zip = addslashes(strip_tags($_POST['zip']));
$price = addslashes(strip_tags($_POST['price']));
$username=addslashes(strip_tags($_POST[$_SESSION['username']]));
if (!$Listingname||!$nobed||!$nobed||!$zip||!$price)
echo "Please fill out all fields";
else
{$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 400000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
}
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists please add another file, or change the. ";
}
}
}
}
else
{$allowedExts1 = array("gif", "jpeg", "jpg", "png");
$temp1 = explode(".", $_FILES1["file1"]["name1"]);
$extension1 = end($temp1);
if ((($_FILES1["file"]["type"] == "image/gif")
|| ($_FILES1["file"]["type"] == "image/jpeg")
|| ($_FILES1["file"]["type"] == "image/jpg")
|| ($_FILES1["file"]["type"] == "image/pjpeg")
|| ($_FILES1["file"]["type"] == "image/x-png")
|| ($_FILES1["file"]["type"] == "image/png"))
&& ($_FILES1["file"]["size"] < 400000)
&& in_array($extension1, $allowedExts1))
{
if ($_FILES1["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES1["file"]["error"] . "<br>";
}
else
{
echo "Upload: " . $_FILES1["file"]["name"] . "<br>";
echo "Type: " . $_FILES1["file"]["type"] . "<br>";
echo "Size: " . ($_FILES1["file"]["size"] / 1024) . " kB<br>";
echo "Temp file: " . $_FILES1["file"]["tmp_name"] . "<br>";
if (file_exists("upload/" . $_FILES1["file"]["name"]))
{
echo $_FILES1["file"]["name"] . " already exists please add another file, or change the. ";
}
}
}
else
{ $photo=$_FILES["file"]["name"];
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/$photo");
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
else
{
echo "Pic 1 Invalid file" and die("Unable to upload pic1");
}
}
{
$photo1=$_FILES1["file"]["name"];
move_uploaded_file($_FILES1["file"]["tmp_name"],
"upload/$photo1");
echo "Stored in: " . "upload/" . $_FILES1["file"]["name"];
}
else
{
echo "Pic 2 Invalid file" and die("Unable to upload Pic2");
}
{
$username=$_SESSION['username'];
//register into database
mysqli_query($con,"INSERT INTO Listing (username,Listingname,Location,nobed,zip,price,pic1) VALUES
('$username','$Listingname','$Location','$nobed','$zip','$price','$photo');") or die(mysqli_error());
echo "Listing Added";
}
else
{
?>
<form action="Submitlisting2.php" method="post"
enctype="multipart/form-data">
Listing Name:<br />
<input type='text' name='Listingname'><p />
Location:<br />
<input type='text' name='Location'><p />
Number of Beds:<br />
<input type='test' name='nobed'><p />
Zip:<br />
<input type='text' name='zip'><p />
Price:<br />
<input type='text' name='price'><p />
<label for="file">Filename(File must be exceed 4mb):</label>
<input type="file" name="file" id="file"><br>
<label for="file">Filename(File must be exceed 4mb):</label>
<input type="file" name="file1" id="file1"><br>
<br>
<input type='submit' name='submit' value='Submit'>
</form>
<?php
}
?>
