-1

Hi My uploadform page is not redirecting to the thank-you.php page after upload. Everything is perfect i dont want to change the code, its just that the header is not directing the paege to go to thank-you.php.

Here is the code that posts the data.

<?php
$target = "Carpics";
//$target = $target . basename( $_FILES['photo']['name']);

ini_set('display_errors',1);
error_reporting(0);
$conn = mysql_connect("localhost","admin","");
if(!$conn)
{
    echo mysql_error(); 
}
$db = mysql_select_db("upload",$conn);
if($db)
{ echo mysql_error();
    }
    $name = $_POST['name'];
    $address = $_POST['address'];
    $from_date = $_POST['from_date'];
    $to_date = $_POST['to_date'];
    $full_name = $_POST['full_name'];
    $email = $_POST['email'];
    $city = $_POST['city'];
    $tel = $_POST['tel'];
    $town = $_POST['town'];
    $country = $_POST['country'];
    $model = $_POST['model'];
    $displacement = $_POST['displacement'];
    $trans = $_POST['trans'];
    $driver = $_POST['driver'];
    $photopath1 = $target . basename( $_FILES['photo1']['name']);
    $photopath2 = $target . basename( $_FILES['photo2']['name']);
    $photopath3 = $target . basename( $_FILES['photo3']['name']);
    $photopath4 = $target . basename( $_FILES['photo4']['name']);
    for($i=1;$i<5;$i++){ 
        if($i==1){
            $target = $photopath1;
        }elseif($i==2){
            $target = $photopath2;
        }elseif($i==3){
            $target = $photopath3;
        }elseif($i==4){
            $target = $photopath4;
        }   
    $photo = addslashes(file_get_contents($_FILES['photo'.$i]['tmp_name']));
    $image = getimagesize($_FILES['photo'.$i]['tmp_name']);
        $imgtype = $image['mime'];
if(move_uploaded_file($_FILES['photo'.$i]['tmp_name'], $target))
{
echo "The file ". basename( $_FILES['photo'.$i]['name']);
}
else {
echo "Sorry, there was a problem uploading your file.";
}       
    }
    if(!$insert = mysql_query("INSERT INTO data VALUES('','$name','$address','$from_date','$to_date','$full_name','$email','$city','$tel','$town','$country','$model','$displacement','$trans','$driver','$photo', '$photopath1', '$photopath2', '$photopath3', '$photopath4','$imgtype')")); 
      echo header('Location: thank-you.php');   
?>

it instead displays this The file img5.jpgThe file img7.jpgThe file Pontiac sports car.jpgThe file volkswagen-polo.jpg

Help please

Daneo
  • 508
  • 3
  • 17
shopi wilber
  • 1

1 Answers1

0

I've noted the following while looking at your sample.

if(move_uploaded_file($_FILES['photo'.$i]['tmp_name'], $target))  
{  
echo "The file ". basename( $_FILES['photo'.$i]['name']);  
}
else {  
echo "Sorry, there was a problem uploading your file.";  
}

This happens before you attempt to perform a redirection, and Php.net states the following :

Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP. It is a very common error to read code with include, or require, functions, or another file access function, and have spaces or empty lines that are output before header() is called.

So that would be a possible cause, except that you also use the header function in the wrong way. You do not have to put an echo in front of it. So instead of

echo header('Location: thank-you.php');

use

header('Location: thank-you.php');

That is the cause of it printing out the filenames, but not performing the redirection. Upon any output before the redirection, it cannot complete. As far as I recall, if you put error handling at 8191 you should be able to view it. (E_ALL)

Also, you're not escaping anything in the filename, username, etc, which gives the user room to either corrupt your database using funky characters, or even an SQL injection.

Take a look at mysql_real_escape_string and at the last note. This function doesn't escape certain wildcard characters, so take you might want to check on that as well when you're ready for that. And read up at : Sanitizing user input

Community
  • 1
  • 1
Daneo
  • 508
  • 3
  • 17