I have a form for capturing data with empty form field validation. I also have an input which allows a user to upload an image (images are uploaded into a folder and the path is then written into a table). The problem is users can upload images WITHOUT entering any data in the form and they can submit a completed form without submitting an image. As the image is linked to the form everything must be written on a single submit and not independently and as data is being written into two tables have kept the validation for both elements separate, I tried to put everything together but that didn’t work either. I have spent most of the week working on this and played around with all manner of code so would be grateful if someone could amend my code to resolve this.
<?php
session_start();
include "connect.php";
require("checkLoginSession.php");
$message = $_GET['message'];
error_reporting(E_ERROR);
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
$path = "uploads/" . $_FILES["file"]["name"];
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/png"))
&& ($_FILES["file"]["size"] < 2000000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
//echo '<img src="'.$path.'" alt="" />';
if (file_exists("uploads/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"uploads/" . $_FILES["file"]["name"]);
echo "Stored in: " . "uploads/" . $_FILES["file"]["name"];
}
}
}
$Link = mysql_connect($Host, $User, $Password);
$user = $_SESSION['UserName'];
$Query = "INSERT INTO $Table_3 VALUES ('0','".mysql_escape_string($user)."','{$path}')";
if (mysql_query($Query, $Link)) { echo ("Image stored"); }else { die ("Failed to connect to database!: " .mysql_error()); };
$nameErr = $intelligenceErr = $strengthErr = $speedErr = $energyErr = $fightingErr = $googleErr = $biographyErr = "";
$name = $intelligence = $strength = $speed = $energy = $fighting = $google = $biography = "";
function validate_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if (isset($_POST['Submit']))
{
$has_errors = false;
if (empty($_POST["name"])) {
$has_errors = true;
$nameErr = "Enter a name";
}else{
$name = validate_input($_POST["name"]);
}
if (empty($_POST["intelligence"])) {
$has_errors = true;
$intelligenceErr = "Enter intelligence value";
} else {
$intelligence = validate_input($_POST["intelligence"]);
}
if (empty($_POST["strength"])) {
$has_errors = true;
$strengthErr = "Enter strength value";
} else {
$strength = validate_input($_POST["strength"]);
}
if (empty($_POST["speed"])) {
$has_errors = true;
$speedErr = "Enter speed value";
} else {
$speed = validate_input($_POST["speed"]);
}
if (empty($_POST["energy"])) {
$has_errors = true;
$energyErr = "Enter energy value";
} else {
$energy = validate_input($_POST["energy"]);
}
if (empty($_POST["fighting"])) {
$has_errors = true;
$fightingErr = "Enter fighting value";
} else {
$fighting = validate_input($_POST["fighting"]);
}
if (empty($_POST["google"])) {
$has_errors = true;
$googleErr = "Enter the googleindex";
} else {
$google = validate_input($_POST["google"]);
}
if (empty($_POST["biography"])) {
$has_errors = true;
$biographyErr = "Enter a biography";
} else {
$biography = validate_input($_POST["biography"]);
}
if (!$has_errors)
{
$Link = mysql_connect($Host, $User, $Password);
$user = $_SESSION['UserName'];
$Query = "INSERT INTO $Table_2 VALUES ('0','".mysql_escape_string($user)."','".mysql_escape_string($name)."','".mysql_escape_string($intelligence)."', '".mysql_escape_string($strength)."', '".mysql_escape_string($speed)."', '".mysql_escape_string($energy)."', '".mysql_escape_string($fighting)."', '".mysql_escape_string($google)."', '".mysql_escape_string($biography)."')";
if(mysql_db_query ($DBName, $Query, $Link)) {
$message = "Card created";
header("Location: comics.php?message=".urlencode($message));
} else {
die("Query was: $Query. Error: ".mysql_error($Link));
}
}
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<link rel="stylesheet" href="styles/all.css" />
<link rel="stylesheet" href="styles/forms.css" />
<link rel="stylesheet" href="styles/slideshow1.css" />
<script type="text/javascript" src="javascript/jquery-1.7.1.min.js"></script>
<link href='//fonts.googleapis.com/css?family=Ubuntu:400,500' rel='stylesheet' type='text/css'>
<link href='//fonts.googleapis.com/css?family=Voltaire' rel='stylesheet' type='text/css'>
<link href='//fonts.googleapis.com/css?family=Nova+Square' rel='stylesheet' type='text/css'>
<link href='//fonts.googleapis.com/css?family=Marvel:400,400italic,700,700italic' rel='stylesheet' type='text/css'>
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<title>Trading Card Generator</title>
<meta name="Description" content="Trading Card Generator" />
<meta name="Keywords" content="Trading Card Generator" />
</head>
<body id="bodyform">
<br style="clear:left;"/>
<form action="comics.php" method ="post" enctype="multipart/form-data">
<fieldset>
<div class="legendcard">Create a Card</div>
<div class="createcard">
<p class="phpmessage"><?php print $message ; ?></p>
<div><input id="name" class="insetcard" name="name" type="text" placeholder="Name" value="<?PHP print $name ; ?>"/>
<p class="error"><?php echo $nameErr;?></p></div>
<div><input id="intelligence" class="insetcard" name="intelligence" type="text" placeholder="Intelligence" value="<?PHP print $intelligence ; ?>"/>
<p class="error"><?php echo $intelligenceErr;?></p></div>
<div><input id="strength" class="insetcard" name="strength" type="text" placeholder="Strength" value="<?PHP print $strength ; ?>"/>
<p class="error"><?php echo $strengthErr;?></p></div>
<div><input id="speed" class="insetcard" name="speed" type="text" placeholder="Speed" value="<?PHP print $speed ; ?>"/>
<p class="error"><?php echo $speedErr;?></p></div>
<div><input id="energy" class="insetcard" name="energy" type="text" placeholder="Energy" value="<?PHP print $energy ; ?>"/>
<p class="error"><?php echo $energyErr;?></p></div>
<div><input id="fighting" class="insetcard" name="fighting" type="text" placeholder="Fighting" value="<?PHP print $fighting ; ?>"/>
<p class="error"><?php echo $fightingErr;?></p></div>
<div><input id="google" class="insetcard" name="google" type="text" placeholder="Google Index" value="<?PHP print $google ; ?>"/>
<p class="error"><?php echo $googleErr;?></p></div>
<div><textarea id="biography" name="biography" class="biography" placeholder="Enter character biography" value="<?PHP print $biography ; ?>"/></textarea>
<p class="error"><?php echo $biographyErr;?></p></div>
<input type="file" name="your-image">
<input type="text" name="another-field">
<input type="submit" value='submit' >
</div>
</fieldset>
</form>
</body>
</html>