Thanks for a fantastic script, I am well impressed.
Up until now I have used the script to create simple forms.
It is only today that I needed a form which saves to a mysql table and allows uploads for images.
The little problem I am having is that I have included 3 upload options on my form which works great but If a user does not upload anything a value (path of where the file would go) is still entered into the mysql table field.
I would like to know if there is a way to stop this info being entered through process.php if nothing is being uploaded?
Also is there a way to restrict the file uploads to image only (.gif, .jpg)?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anything is possible.
Place an if statement around the filename(s), test for the file extension, and either redisplay the form or ship the file if the extension does not match.
In a similar fashion, put an if statement around the MySQL entry point. If any filename is blank, don't make the SQL entry for that file.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks for the swift reply.
I guess my last message made me sound like a php pro. lol
Could you please explain that again as that just went way over my head. I'm a bit of a doughnut when it comes to tech talk sorry.
Displaying photos has nothing to do with the form keeping record of form submissions.
The line in your SQL field is due to the missing filename. The form generates a complete file path and appends the datetime stamp in front of the filename to keep file names unique. If someone where to submit the same file twice the datetime stamps keeps the files from overwritting anything with the same name.
What you need to do is detect the blank filename and prevent the SQL entry from ever occurring.
If PHP is not your bag, then you'll need a pro to work it out for you. If you would like some help, send me the php file along with a good description of what you want to accomplish. To finish the job you may need to provide other resources but this would be enough to get started.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks to TNTEverett this has now been resolved, By tweaking the process.php he successfully stopped the form from submitting values from empty upload fields into mysql and made it so only .jpg and .gif can be uploaded via the form.
Many Thanks
Ross
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm in the same boat. I need to restrict file uploads. I, too, am no php pro but I'm decent at modifying the code.
I need to be able to restrict uploads to the following formats:
.qtz
.QTZ
.NIFF
.niff
.ZIP
.zip
I found a bit of php on another site, but it didn't work. I really couldn't follow the instructions above. I think a portion must've been handled off the forum.
We want to plug this hole as we've already had an .exe file uploaded. Oddly, no one knows about the form yet except me and another guy and neither of us uploaded it. The form only went up a couple of days ago, so I doubt it would be in search engines yet. We're afraid of someone uploading a virus to our server.
Thanks!
Michele
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The example "if" statement I am giving is from another form. The variable names will obviously be different but you will get the general idea. This statement prevents files with jpg or gif extentions. This is also limited to a single form entry (photo1). If you still need help send me an email.
if(!eregi("^[a-z0-9]+([_\\.-][a-z0-9]+)*\\.(jpg)?(gif)?"."$",$HTTP_POST_FILES['photo1']['name'])&& ($HTTP_POST_FILES['photo1']['name'] != "")) {
$errors=1;
$error.="<li>You are attempting to upload an illegal file type. <br>".$HTTP_POST_FILES['photo1']['name']." <br>Only file extensions of .jpg and .gif are allowed. Please go back and try again.";
}
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It's pretty clear. My question is where does this go in the process file? Below this?
if(!is_uploaded_file($HTTP_POST_FILES['file']['tmp_name'])){
$error.="<li>The file, ".$HTTP_POST_FILES['file']['name'].", was not uploaded!";
$errors=1;
}
Also, does this prevent files with jpg or gif extensions or make them the only file types allowed? It says both in your post. I believe it makes them the only allowed. I guess I'll try it and find out.
Thanks again,
Michele
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Your reply includes a check for a failed upload. So at this point you must have decided you already have a valid file. Look near the top of the file where form vaiables are registered and then the first if statement looks for empty required vaiables. It looks something like this:
pt_register('POST','firstname');
$photo1=$HTTP_POST_FILES['photo1'];
if($firstname=="" || $lastname=="" || $regemail=="" || $password=="" ) {
$errors=1;
$error.="<li>You did not enter one or more of the required fields. Please go back and try again.";
}
After checking for empty variables, you can then check for valid variables. Add the check I gave you right after checking for empty variables.
Avoid redundant checks and be sure to preserve the existing php syntax.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Here is code that will skip (not upload, not include in messages, not make db entry) the file if it is blank or failed to upload. It also date stamps the file in case two users attempt to upload files of the same name.
This thread has been very useful to me in setting up various file type restrictions. Although, I can't seem to get the script to work to allow only .mp3 audio files. The script works great for allowing only images. But, when I set it to allow only .mp3 files, I get a an error that says only .mp3 files are allowed, even though that is the file type I am uploading. Here is my script:
if($NameofBandorArtist=="" || $AlbumTitle=="" || $SongUpload=="" ){
$errors=1;
$error.="<li>You did not enter one or more of the required fields. Please go back and try again.";
}
if(!is_uploaded_file($HTTP_POST_FILES['SongUpload']['tmp_name'])){
$error.="<li>The file, ".$HTTP_POST_FILES['SongUpload']['name'].", is too large for the upload tool! You will have to mail us your album.";
$errors=1;
}
if(!eregi("^[a-z0-9]+([_\\.-][a-z0-9]+)*\\.(mp3)?"."$",$HTTP_POST_FILES['SongUpload']['name'])&& ($HTTP_POST_FILES['SongUpload']['name'] != "")) {
$errors=1;
$error.="<li>You are attempting to upload an illegal file type.
<br>".$HTTP_POST_FILES['SongUpload']['name']." <br>Only file extensions of .mp3 are allowed. Please go back and try again.";
}
Anyhelp with this would be appreciated!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Is it also possible to put in a restriction for image dimensions...for example, can I make the script to only allow .jpg files that are 600 x 600 pixes in dimension?
Thanks and this formum has been so helpful to me since I started with PhpForGen last week :)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I found the problem and I will share it here for your reference. The song file I was trying to upload was called beleivin'.mp3
The asteric in the song title was what was causing the error. The script works great when i uploaded a song called angels.mp3
I posted another question also and wasn't sure if you saw it. I want to limit the image dimensions of .jpg files. I want to allow only pics that are 600 x 600 pixels in dimension. Is this possible.
Thanks for your time and knowledge.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I really am a novice when it comes to placing the code where it is suppose to be. If you wouldn't mind showing me where?
In this script I want to remove all special characters and spaces from the ArtWorkUpload file. I also want to limit this image to 600 x 600 pixels. I don't want anything above that number or below that number accepted. I don't want to limit the actual file size as in Megbytes, just the dimensions.
<?php
include("global.inc.php");
$errors=0;
$error="The following errors occured while processing your form input.<ul>";
pt_register('POST','NameofBandorArtist');
pt_register('POST','AlbumTitle');
pt_register('POST','EmailforSuccessfulUpload');
$AlbumArtworkUpload=$HTTP_POST_FILES['AlbumArtworkUpload'];
if($NameofBandorArtist=="" || $AlbumTitle=="" || $AlbumArtworkUpload=="" ){
$errors=1;
$error.="<li>You did not enter one or more of the required fields. Please go back and try again.";
}
if(!eregi("^[a-z0-9]+([_\\.-][a-z0-9]+)*\\.(jpg)?(jpeg)?(bmp)?(gif)?(png)?(tiff)?"."$",$HTTP_POST_FILES['AlbumArtworkUpload']['name'])&& ($HTTP_POST_FILES['AlbumArtworkUpload']['name'] != "")) {
$errors=1;
$error.="<li>You are attempting to upload an illegal file type.
<br>".$HTTP_POST_FILES['AlbumArtworkUpload']['name']." <br>Only file extensions of .jpg, .jpeg. .bmp, .gif, .png and .tiff are allowed. Please go back and try again.";
}
if(!is_uploaded_file($HTTP_POST_FILES['AlbumArtworkUpload']['tmp_name'])){
$error.="<li>The file, ".$HTTP_POST_FILES['AlbumArtworkUpload']['name'].", is too large for the upload tool! You will have to mail us your album.";
$errors=1;
}
if($errors==1) echo $error;
else{
$image_part = $AlbumTitle."_".$HTTP_POST_FILES['AlbumArtworkUpload']['name'];
$image_list[3] = $image_part;
copy($HTTP_POST_FILES['AlbumArtworkUpload']['tmp_name'], "files/".$image_part);
$where_form_is="http".($HTTP_SERVER_VARS["HTTPS"]=="on"?"s":"")."://".$SERVER_NAME.strrev(strstr(strrev($PHP_SELF),"/"));
$message="Name of Band or Artist: ".$NameofBandorArtist."
Album Title: ".$AlbumTitle."
Email for Successful Upload: ".$EmailforSuccessfulUpload."
Album Artwork Upload: ".$where_form_is."files/".$image_list[3]."
";
Thank You!!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
What is the file size of a 600x600 pixel image?
By my definition a pixel is a pixel. The file size will be determined by how much color information is in the file, and what th file type is, so it's a bit difficult to limit an image by pixel dimensions. In any case the code to limit the file size would go as shown below.
First let me say that there are 3 error checks before an error message is displayed. Normally if one error is detected you would bypass all other checks and display the correct message.
if ($AlbumArtworkUpload_size > 360000) {
$errors = 1;
$error.="File is too large.<br>";
}
if($errors==1) echo $error;
else{
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Spaces and asterics were what was preventing the file restrictions from working properly. So, I am only concered about removing those two. Is it even possible to remove spaces?
Thanks
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hey there,
Thanks for a fantastic script, I am well impressed.
Up until now I have used the script to create simple forms.
It is only today that I needed a form which saves to a mysql table and allows uploads for images.
The little problem I am having is that I have included 3 upload options on my form which works great but If a user does not upload anything a value (path of where the file would go) is still entered into the mysql table field.
I would like to know if there is a way to stop this info being entered through process.php if nothing is being uploaded?
Also is there a way to restrict the file uploads to image only (.gif, .jpg)?
Anything is possible.
Place an if statement around the filename(s), test for the file extension, and either redisplay the form or ship the file if the extension does not match.
In a similar fashion, put an if statement around the MySQL entry point. If any filename is blank, don't make the SQL entry for that file.
Thanks for the swift reply.
I guess my last message made me sound like a php pro. lol
Could you please explain that again as that just went way over my head. I'm a bit of a doughnut when it comes to tech talk sorry.
So far to display the photo's I have:
if($m[photo1]){ echo "<img src='$m[photo1]' border=1 width=100>";
}else {
echo "No Pic";
};
and the line in the Mysql field without an upload is:
http://www.mysite.com/forms/use/quick/files/07_44_21_
Many thanks
Ross
Displaying photos has nothing to do with the form keeping record of form submissions.
The line in your SQL field is due to the missing filename. The form generates a complete file path and appends the datetime stamp in front of the filename to keep file names unique. If someone where to submit the same file twice the datetime stamps keeps the files from overwritting anything with the same name.
What you need to do is detect the blank filename and prevent the SQL entry from ever occurring.
If PHP is not your bag, then you'll need a pro to work it out for you. If you would like some help, send me the php file along with a good description of what you want to accomplish. To finish the job you may need to provide other resources but this would be enough to get started.
Hi TNTEverett,
Again thanks for your reply.
Also thanks for the offer to help me out.
All I need is process.php Not to insert a value into the mysql table field if a file is not uploaded.
and to limit the uploads to .gif and .jpg only.
Can I send you my process.php to have a look at?
Ross
Sounds simple enough, let me take a look at your file.
Thanks to TNTEverett this has now been resolved, By tweaking the process.php he successfully stopped the form from submitting values from empty upload fields into mysql and made it so only .jpg and .gif can be uploaded via the form.
Many Thanks
Ross
I'm in the same boat. I need to restrict file uploads. I, too, am no php pro but I'm decent at modifying the code.
I need to be able to restrict uploads to the following formats:
.qtz
.QTZ
.NIFF
.niff
.ZIP
.zip
I found a bit of php on another site, but it didn't work. I really couldn't follow the instructions above. I think a portion must've been handled off the forum.
We want to plug this hole as we've already had an .exe file uploaded. Oddly, no one knows about the form yet except me and another guy and neither of us uploaded it. The form only went up a couple of days ago, so I doubt it would be in search engines yet. We're afraid of someone uploading a virus to our server.
Thanks!
Michele
Like I said, anything is possible.
The example "if" statement I am giving is from another form. The variable names will obviously be different but you will get the general idea. This statement prevents files with jpg or gif extentions. This is also limited to a single form entry (photo1). If you still need help send me an email.
if(!eregi("^[a-z0-9]+([_\\.-][a-z0-9]+)*\\.(jpg)?(gif)?"."$",$HTTP_POST_FILES['photo1']['name'])&& ($HTTP_POST_FILES['photo1']['name'] != "")) {
$errors=1;
$error.="<li>You are attempting to upload an illegal file type. <br>".$HTTP_POST_FILES['photo1']['name']." <br>Only file extensions of .jpg and .gif are allowed. Please go back and try again.";
}
It's pretty clear. My question is where does this go in the process file? Below this?
if(!is_uploaded_file($HTTP_POST_FILES['file']['tmp_name'])){
$error.="<li>The file, ".$HTTP_POST_FILES['file']['name'].", was not uploaded!";
$errors=1;
}
Also, does this prevent files with jpg or gif extensions or make them the only file types allowed? It says both in your post. I believe it makes them the only allowed. I guess I'll try it and find out.
Thanks again,
Michele
Your reply includes a check for a failed upload. So at this point you must have decided you already have a valid file. Look near the top of the file where form vaiables are registered and then the first if statement looks for empty required vaiables. It looks something like this:
pt_register('POST','firstname');
$photo1=$HTTP_POST_FILES['photo1'];
if($firstname=="" || $lastname=="" || $regemail=="" || $password=="" ) {
$errors=1;
$error.="<li>You did not enter one or more of the required fields. Please go back and try again.";
}
After checking for empty variables, you can then check for valid variables. Add the check I gave you right after checking for empty variables.
Avoid redundant checks and be sure to preserve the existing php syntax.
Here is code that will skip (not upload, not include in messages, not make db entry) the file if it is blank or failed to upload. It also date stamps the file in case two users attempt to upload files of the same name.
if($HTTP_POST_FILES['photo1']['tmp_name']=="") {
$image_list[12] = "";
} else if(!is_uploaded_file($HTTP_POST_FILES['photo1']['tmp_name'])) {
$error.="<li>The file, ".$HTTP_POST_FILES['photo1']['name'].", was not uploaded!"; $errors=1;
} else {
$image_part = date("h_i_s")."_".$HTTP_POST_FILES['photo1']['name'];
$image_list[12] = $where_form_is."files/".$image_part;
copy($HTTP_POST_FILES['photo1']['tmp_name'], "files/".$image_part);
}
Thanks so much. It works perfectly. Exactly what I needed.
Take care,
Michele
To sum it up, here's what I added to the code of process.php.
if(!eregi("^[a-z0-9]+([_\\.-][a-z0-9]+)*\\.(zip)?(qtz)?(niff)?"."$",$HTTP_POST_FILES['file']['name'])&& ($HTTP_POST_FILES['file']['name'] != "")) {
$errors=1;
$error.="<li>You are attempting to upload an illegal file type.
<br>".$HTTP_POST_FILES['file']['name']." <br>Only file extensions of .zip, .qtz and .niff are allowed. Please go back and try again.";
}
if($HTTP_POST_FILES['file']['tmp_name']=="") {
$image_list[12] = "";
} else if(!is_uploaded_file($HTTP_POST_FILES['file']['tmp_name'])) {
$error.="<li>The file, ".$HTTP_POST_FILES['file']['name'].", was not uploaded!";
$errors=1;
} else {
$image_part = date("h_i_s")."_".$HTTP_POST_FILES['file']['name'];
$image_list[12] = $where_form_is."files/".$image_part;
copy($HTTP_POST_FILES['file']['tmp_name'], "files/".$image_part);
}
Now when someone posts a file that is not a zip, niff or qtr file, they get an error message.
Thanks so much for your help.
Michele
Hi,
This thread has been very useful to me in setting up various file type restrictions. Although, I can't seem to get the script to work to allow only .mp3 audio files. The script works great for allowing only images. But, when I set it to allow only .mp3 files, I get a an error that says only .mp3 files are allowed, even though that is the file type I am uploading. Here is my script:
if($NameofBandorArtist=="" || $AlbumTitle=="" || $SongUpload=="" ){
$errors=1;
$error.="<li>You did not enter one or more of the required fields. Please go back and try again.";
}
if(!is_uploaded_file($HTTP_POST_FILES['SongUpload']['tmp_name'])){
$error.="<li>The file, ".$HTTP_POST_FILES['SongUpload']['name'].", is too large for the upload tool! You will have to mail us your album.";
$errors=1;
}
if(!eregi("^[a-z0-9]+([_\\.-][a-z0-9]+)*\\.(mp3)?"."$",$HTTP_POST_FILES['SongUpload']['name'])&& ($HTTP_POST_FILES['SongUpload']['name'] != "")) {
$errors=1;
$error.="<li>You are attempting to upload an illegal file type.
<br>".$HTTP_POST_FILES['SongUpload']['name']." <br>Only file extensions of .mp3 are allowed. Please go back and try again.";
}
Anyhelp with this would be appreciated!
This code appears to work for me. Double check your code and messages.
Is it also possible to put in a restriction for image dimensions...for example, can I make the script to only allow .jpg files that are 600 x 600 pixes in dimension?
Thanks and this formum has been so helpful to me since I started with PhpForGen last week :)
File size: 600x600 = 360000
Filename variable: SongUpload
if ($SongUpload_size > 360000) {
$errors = 1;
$error.="File is too large.<br>";
}
I found the problem and I will share it here for your reference. The song file I was trying to upload was called beleivin'.mp3
The asteric in the song title was what was causing the error. The script works great when i uploaded a song called angels.mp3
I posted another question also and wasn't sure if you saw it. I want to limit the image dimensions of .jpg files. I want to allow only pics that are 600 x 600 pixels in dimension. Is this possible.
Thanks for your time and knowledge.
Strip characters like this using a preg_replace command right after the pt_register.
$SongUpload=preg_replace("/(\047)/","",$SongUpload);
I really am a novice when it comes to placing the code where it is suppose to be. If you wouldn't mind showing me where?
In this script I want to remove all special characters and spaces from the ArtWorkUpload file. I also want to limit this image to 600 x 600 pixels. I don't want anything above that number or below that number accepted. I don't want to limit the actual file size as in Megbytes, just the dimensions.
<?php
include("global.inc.php");
$errors=0;
$error="The following errors occured while processing your form input.<ul>";
pt_register('POST','NameofBandorArtist');
pt_register('POST','AlbumTitle');
pt_register('POST','EmailforSuccessfulUpload');
$AlbumArtworkUpload=$HTTP_POST_FILES['AlbumArtworkUpload'];
if($NameofBandorArtist=="" || $AlbumTitle=="" || $AlbumArtworkUpload=="" ){
$errors=1;
$error.="<li>You did not enter one or more of the required fields. Please go back and try again.";
}
if(!eregi("^[a-z0-9]+([_\\.-][a-z0-9]+)*\\.(jpg)?(jpeg)?(bmp)?(gif)?(png)?(tiff)?"."$",$HTTP_POST_FILES['AlbumArtworkUpload']['name'])&& ($HTTP_POST_FILES['AlbumArtworkUpload']['name'] != "")) {
$errors=1;
$error.="<li>You are attempting to upload an illegal file type.
<br>".$HTTP_POST_FILES['AlbumArtworkUpload']['name']." <br>Only file extensions of .jpg, .jpeg. .bmp, .gif, .png and .tiff are allowed. Please go back and try again.";
}
if(!is_uploaded_file($HTTP_POST_FILES['AlbumArtworkUpload']['tmp_name'])){
$error.="<li>The file, ".$HTTP_POST_FILES['AlbumArtworkUpload']['name'].", is too large for the upload tool! You will have to mail us your album.";
$errors=1;
}
if($errors==1) echo $error;
else{
$image_part = $AlbumTitle."_".$HTTP_POST_FILES['AlbumArtworkUpload']['name'];
$image_list[3] = $image_part;
copy($HTTP_POST_FILES['AlbumArtworkUpload']['tmp_name'], "files/".$image_part);
$where_form_is="http".($HTTP_SERVER_VARS["HTTPS"]=="on"?"s":"")."://".$SERVER_NAME.strrev(strstr(strrev($PHP_SELF),"/"));
$message="Name of Band or Artist: ".$NameofBandorArtist."
Album Title: ".$AlbumTitle."
Email for Successful Upload: ".$EmailforSuccessfulUpload."
Album Artwork Upload: ".$where_form_is."files/".$image_list[3]."
";
Thank You!!
How many special characters do you want to remove?
Here is the code to remove one:
$AlbumArtworkUpload=$HTTP_POST_FILES['AlbumArtworkUpload'];
$AlbumArtworkUpload=preg_replace("/(\047)/","",$AlbumArtworkUpload);
What is the file size of a 600x600 pixel image?
By my definition a pixel is a pixel. The file size will be determined by how much color information is in the file, and what th file type is, so it's a bit difficult to limit an image by pixel dimensions. In any case the code to limit the file size would go as shown below.
First let me say that there are 3 error checks before an error message is displayed. Normally if one error is detected you would bypass all other checks and display the correct message.
if ($AlbumArtworkUpload_size > 360000) {
$errors = 1;
$error.="File is too large.<br>";
}
if($errors==1) echo $error;
else{
Spaces and asterics were what was preventing the file restrictions from working properly. So, I am only concered about removing those two. Is it even possible to remove spaces?
Thanks
I'm sorry, I want to remove spaces and apostrophes...not asterics. What symbol is designated to be removed from the use of this code?
$AlbumArtworkUpload=$HTTP_POST_FILES['AlbumArtworkUpload'];
$AlbumArtworkUpload=preg_replace("/(\047)/","",$AlbumArtworkUpload);
Find a table of ASCII characters. Use the octal value in the equation below.
preg_replace("/(\045)|\046()|(\047)/","",
This will replace;
% or & or '