1

I have a form and when i submit it, it will validate if the file exist or not. The Validation works if I choose a file to upload. When I don't need to upload a file, I leave the choose file empty, the validation does not work and the script always shows that the file already exist even though I don't need to upload a file and the input type="file" is not required

Here is my Code:

<form action="../function/add_pre.php" method="post" enctype="multipart/form-data" >    
    <table class="table table-bordered">         
    <tr>
        <td><label class="form-control">Attach and Upload your Proposal for Purchase Request:</label></td>
        <td><input class="form-control" type="file" name="file" title="Click here to select file to upload."></td>
    </tr>
    </table>
    <button name="submit" type="submit" class="btn btn-info"><i class="fa fa-paper-plane"></i> Submit</button>
</form>

This is the add_pre.php

if(isset($_POST['submit'])){
    if (file_exists("../employee/" . $_FILES["file"]["name"])){
    echo '<script language="javascript">alert(" Sorry!! Filename Already Exists...") </script>';
    echo '<script language="javascript">window.history.back();</script>';
    }
else{
    move_uploaded_file($_FILES["file"]["tmp_name"],
    "../employee/" . $_FILES["file"]["name"]) ;
    $sql = "INSERT INTO purchase_request_file (pr_no,file) VALUES ('" .$pr_no."','" . 
      $_FILES["file"]["name"] ."');";
        if (!mysql_query($sql))
            echo('Error : ' . mysql_error());
        else
            echo"Success!";
    }

I need to echo"Success!" even though i submitted the form without a file.

jp remar serrano
  • 61
  • 6
  • Then test to see if you passed a file. `if (isset($FILES))` – RiggsFolly Jan 07 '17 at 16:17
  • where should i put `if (isset($FILES))` ? – jp remar serrano Jan 07 '17 at 16:21
  • 1
    Every time you use [the `mysql_`](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) database extension in new code **[a Kitten is strangled somewhere in the world](http://2.bp.blogspot.com/-zCT6jizimfI/UjJ5UTb_BeI/AAAAAAAACgg/AS6XCd6aNdg/s1600/luna_getting_strangled.jpg)** it is deprecated and has been for years and is gone for ever in PHP7. If you are just learning PHP, spend your energies learning the `PDO` or `mysqli` database extensions. [Start here](http://php.net/manual/en/book.pdo.php) – RiggsFolly Jan 07 '17 at 16:29

2 Answers2

1

first check if you choose file first, then check if file exits. because file_exists also check if directory exits. in your code, when there is no file to upload, your code check if employee directory exits, which is true. for this reason you always show file exits.

if(isset($_POST['submit'])){
    if(!isset($_FILES["file"]["name"]))
    {
      //do what you want 
      echo "success";
    }
    else if (file_exists("../employee/" . $_FILES["file"]["name"])){
    echo '<script language="javascript">alert(" Sorry!! Filename Already Exists...") </script>';
    echo '<script language="javascript">window.history.back();</script>';
    }
else{
    move_uploaded_file($_FILES["file"]["tmp_name"],
    "../employee/" . $_FILES["file"]["name"]) ;
    $sql = "INSERT INTO purchase_request_file (pr_no,file) VALUES ('" .$pr_no."','" . 
      $_FILES["file"]["name"] ."');";
        if (!mysql_query($sql))
            echo('Error : ' . mysql_error());
        else
            echo"Success!";
    }
   }
reza
  • 1,507
  • 2
  • 12
  • 17
1

From the documentation of file_exists() function,

file_exists — Checks whether a file or directory exists

So if you don't upload any file, $_FILES["file"]["name"] will be an empty string, and file_exists() function will check whether this directory ../employee/ exists or not, which does exist in your case. And this is the reason why your file validation is failing.

The solution is, use is_uploaded_file() function to check a file has been uploaded or not, like this:

if(isset($_POST['submit'])){
    if(is_uploaded_file($_FILES["file"]["tmp_name"])){
        if (file_exists("../employee/" . $_FILES["file"]["name"])){
            echo '<script language="javascript">alert(" Sorry!! Filename Already Exists...") </script>';
            echo '<script language="javascript">window.history.back();</script>';
        }else{
            move_uploaded_file($_FILES["file"]["tmp_name"],"../employee/" . $_FILES["file"]["name"]);
            $sql = "INSERT INTO purchase_request_file (pr_no,file) VALUES ('" .$pr_no."','" . $_FILES["file"]["name"] ."');";
            if (!mysql_query($sql))
                echo('Error : ' . mysql_error());
            else
                echo"Success!";
        }
    }else{
        // user hasn't uploaded any file
    }
}

Sidenote: Don't use mysql_* functions, they are deprecated as of PHP 5.5 and are removed altogether in PHP 7.0. Use mysqli or pdo instead. And this is why you shouldn't use mysql_* functions.

Community
  • 1
  • 1
Rajdeep Paul
  • 16,887
  • 3
  • 18
  • 37