0

I am working on this issue since yesterday and still unable to find any solution. In this code I take 3 text inputs and an image/picture file upload. If I try this without any invalid entries (without any blank in text fields or with a small image file) it works fine. But if I enter no value in message/msg field and press submit twice or if I try to upload a large image file, the code does not give any error and doesn't insert a record in the database.

I think it finding if(isset($_POST['submitted'])) false in cases mentioned above, but why it is losing the 'submitted' value in those cases, I am unable to understand. Once it loses the value of $_POST['submitted'], it will keep doing it until I delete history, including all cookies etc.

I will appreciate any help.

<?php 
session_start();
require_once('modules/dbcon.php');  // Connect to Database


echo ' post '.$_POST['submitted']; 
if(isset($_POST['submitted'])) {
  $var1=$_POST['wisher'];
  $var2=$_POST['wishingto'];
  $msg=$_POST['msg'];
  $timestmp=time();
  $date_rec=date('y/m/d');
  $temp=$_FILES['image']['name'];
  $image_size = $_FILES['image']['size'];
  $fileup="";
  echo 'Image size = '.$image_size;

  if (move_uploaded_file($_FILES['image']['tmp_name'],'images/'.$_FILES['image']['name']))
    {  
      print '<p> The file has been successfully uploaded </p>';
      $fileup="true";
    }
  else
    { 
      switch ($_FILES['image'] ['error'])
        {  case 1:
            print '<p> The file is bigger than this PHP installation allows</p>';
            break;
        case 2:
          print '<p> The file is bigger than this form allows</p>';
          break;
        case 3:
          print '<p> Only part of the file was uploaded</p>';
          break;
        case 4:
          print '<p> No file was uploaded</p>';
          break;
        }
    }

  if($fileup){
    $submit=mysql_query("INSERT INTO records VALUES ('','$var1','$var2','$msg','$temp','$timestmp','N','$date_rec')");

    echo '<script type="text/javascript">alert ("Your submission has been successfully recorded and awaiting review");</script>';

    session_destroy();

  } // File is up

} else {
  echo 'Nothing submitted at this run';
}  //End Submit records (if any)

if(array_key_exists('page',$_GET)){
  $page=$_GET['page'];
} else{
  $page=0 ;
}

$skip=$page*25;

$time=time()-(604800); // Timestamp 7 days old
//$query=mysql_query("SELECT * FROM records WHERE approved='Y' AND stamp>='$time' ORDER BY stamp DESC LIMIT $skip,25"); // Fetch records of current week
$query=mysql_query("SELECT * FROM records ORDER BY stamp DESC LIMIT $skip,25"); // Fetch records of current week

@ $count=mysql_num_rows($query); //no. of rows fetched
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0     Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="stylesheet" type="text/css" href="stylesheet.css" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
 </head>

<body bgcolor="#FFFFFF">

<center>
<div class="main">

<?php 
while(@ $rec=mysql_fetch_assoc($query)){ //Loop over records to print each
?>

<div class="record">

    <div class="image" align="left">
    <a href="<?php echo 'images/'.$rec['image']; ?>"><img src="<?php echo 'images/'.$rec   ['image']; ?>" width="150" border="0"/></a>
    </div><!-- image -->

    <div class="name1" align="left">
    <?php echo 'From: '.$rec['wisher']; ?>
    </div><!-- name1 -->

    <div class="name2" align="left">
    <?php echo 'To: '.$rec['wishingto']; ?>
    </div><!-- name2 -->

    <div class="message" align="left">
     <?php echo $rec['message']; ?>
    </div><!-- message -->

</div><!-- Record -->


<?php  } ?>

<?php if($count!=0) { ?> <!-- Navigation Buttons --> 

<center> <div class="navbuttons">
<?php if($page!=0){ ?> <a style="padding-right:10px;" href="?page=<?php echo $page-1;?>" >Prev</a> <?php } ?>
<?php if($count==25){ ?><a href="?page=<?php echo $page+1;?>">Next</a> <?php } ?>
</div></center>

<?php } ?>



<div class="submitform" align="left">
<h2>Submit Your Information :</h2><br />
    <form action="index.php" method="post" enctype="multipart/form-data" onsubmit="return validateForm(this)" >
    <script>
      function validateForm(form)
      {
       var wisher_name    = form.wisher.value;
   var wishingto_name = form.wishingto.value;
       var msg_contents   = form.msg.value;
       var image_name     = form.image.value;

        if (wisher_name == null || wisher_name =="")
    {
         alert('Enter value in Wisher name');
         return false;
    } 

        if (wishingto_name == null || wishingto_name =="")
    {
         alert('Enter value in Wishing to name, prev field = '+form.wisher.value);
         return false;
    } 

        if (msg_contents == null || msg_contents =="")
    {
         alert('Enter value in the message');
         return false;
    } 

        if (image_name == null || image_name =="")
    {
         alert('Select an image');
         return false;
    } 

         return true;

       }
    </script>


    <label> Wisher: <input type="text" name="wisher" /> </label>
    <label> Wishing to: <input type="text" name="wishingto" /> </label>
    <label> Message: <input type="text" name="msg" /> </label>
    <input type="hidden" name="MAX_FILE_SIZE" value="307200" />
    <label> Image (300 KB max.) <input type="file" name="image" /> </label>
    <input type="submit" value="Submit" name="submit" />
    <input type="hidden" name="submitted" value="1">
    </form>
</div><!-- Form -->



</div><!-- main -->
</center>

</body>
</html>
user2026794
  • 123
  • 2
  • 13
  • I wouldn't use mysql_ commands, they are outdated and very open to attacks. Use something like PDO instead. – Lemon Drop May 23 '13 at 01:04
  • just FYI all those @ suppressions are pretty costly. You should consider doing real query success and fail checks instead of just suppressing the errors if they fail. – Kai Qing May 23 '13 at 01:05

2 Answers2

0

The line:

<label> Image (300 KB max.) <input type="file" name="image" </label>

is missing the closing > for <input. It should be:

<label> Image (300 KB max.) <input type="file" name="image" /> </label>

This may be messing up parsing of the rest of the form, although I don't know why it works sometimes and fails other times.

Barmar
  • 741,623
  • 53
  • 500
  • 612
  • Thanks for noticing that but after correcting that it did not fix the issue. – user2026794 May 23 '13 at 01:31
  • I wonder what messes up in the Form data if I press submit button twice without entering a value in the msg field. – user2026794 May 23 '13 at 01:33
  • I can't think of anything that would prevent the hidden field from being submitted correctly. – Barmar May 23 '13 at 01:35
  • Let me also ask you: Any idea how and where to check image size properly so that it won't even try to load larger image than 300k? Thanks for your help – user2026794 May 23 '13 at 03:31
  • See http://stackoverflow.com/questions/3717793/javascript-file-upload-size-validation – Barmar May 23 '13 at 03:37
0

Not sure about your code but some advice

  • Turn on error reporting, so you can debug

Add following code at the beginning of your script

ini_set('display_errors',1);
ini_set('display_startup_errors',1);
error_reporting(-1);
  • Remove all error suppressions

Remove @ from the beginning of your expressions

  • Remove the hidden field <input type="hidden" name="submitted" value="1">

You can use only following (that is already available in your form)

<input type="submit" value="Submit" name="submit" />

and check the form submission

if( isset( $_POST['submit'] ) )
{
    //...
}

Instead of if(isset($_POST['submitted'])) because every time you submit your form, the submit button will be available in the $_POST array and finally, my_sql is deprecated.

The Alpha
  • 143,660
  • 29
  • 287
  • 307
  • First I got time zone error after doing the recommended changes. I fixed that and it has helped by not give same problem when pressing submit twice with bank message . But once I get some sort of error like file size is too big (it doesn't show any error) or connection issue. – user2026794 May 23 '13 at 03:23
  • Any idea how and where to check image size properly so that it won't even try to load larger image than 300k? Thanks for your help. – user2026794 May 23 '13 at 03:25
  • @user2026794, http://stackoverflow.com/questions/1249943/check-picture-file-type-and-size-before-file-upload-in-php – The Alpha May 23 '13 at 03:34