It uploads two files into two distinct folder, and it takes the filenames and inserts them into a MYSQL database along with other product information.
Here is the entire .php file. I list it because the errors are not showing at all, and I need a fresh pair of eyes to look at it.
Any answers, critisims (constructive), or other talk that is related to the question is welcome. No security has been added because I want to make sure everything works before I start adding more code ( that and that is one of my weaknesess).
Here is the code (Working code is going to be italized):
Expand|Select|Wrap|Line Numbers
- <!--Session Cookie -->
- <?php
- if($_COOKIE['auth'] == '1'){
- //do nothing
- } else {
- //redirect bakc to login form if not authorized
- header("Location: productlogin.php");
- exit();
- }
- ?>
- <!-- End of Session Cookie -->
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
- <title>Onsisa - Enter a Product</title><br />
- <link href="../OnsisaMainStyle.css" type="text/css" rel="stylesheet" />
- <link href="../OnsisaProductStyle.css" type="text/css" rel="stylesheet" />
- </head>
- <body class="MainPageBody">
- <div align="center">
- <table border="0" class="TableBG">
- <tr>
- <td>
- <!--Header-->
- <a href="../index.html" target="_top"><img class="MainLogo" src="../images/onsisalogo.gif" border="0"/></a>
- <!--End of Header-->
- </td>
- </tr>
- </table>
- <table border="0">
- <tr>
- <td colspan="2">
- <!-- CSS Menu-->
- <div class="MainMenu">
- <a href="productenter.php" target="_top">Entre Producto</a>
- <a href="productdelete.php" target="_top">Destruye Producto</a>
- <a href="productsadmin.php" target="_top">Listas de Productos</a>
- <a href="productlogin.php" target="_top" onclick="<?php setcookie("auth", "", time() - 3600); ?>">Log Out</a>
- </div>
- <!--End of Css Menu-->
- </td>
- </tr>
- <tr>
- <td colspan="2">
- <hr style="background-color:#CC0000; color:#CC0000;" />
- </td>
- </tr>
- <tr>
- <td>
- <div align="left" style="font-family:Arial, Helvetica, sans-serif; font-weight:bold;">
- Seleccione Division Para Presentar
- </div>
- </td>
- <td>
- <div align="right" style="font-family:Arial, Helvetica, sans-serif; font-weight:bold;">
- (Codigo de Divisiones: PP, CS, TO, & OW)
- </div>
- </td>
- </tr>
- <tr>
- <th colspan="2">
- <?php $divisioncode = "PP"; ?>
- <form method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>" enctype="multipart/form-data">
- <input type="submit" name="proteccion_personal" value="Proteccion Personal (PP)" class="redbuttons" />
- <input type="submit" name="calzados_seguridad" value="Calzados de Seguridad (CS)" class="redbuttons" />
- <input type="submit" name="herramientas" value="Herramientas (TO)" class="redbuttons" />
- <input type="submit" name="on_work_wear" value="ON Work Wear (OW)" class="redbuttons" />
- <input type="submit" name="show_all" value="Enseñe Todo" class="redbuttons" style="margin-top:5px;"/>
- <hr style="color:#CC0000; background-color:#CC0000;" />
- Entre <u><b>TODA</b></u> informacion correspondiente al producto, no deje ningun espacio en blanco.<br />
- Imagen del producto: <input type="file" name="imageFile"/> <br/>
- <table border="0">
- <tr>
- <th>Name</th><th>Type</th><th>Codigo</th><th>descripcion</th><th>Codigo de Division</th>
- </tr>
- <tr>
- <td><input type="text" name="productName" /></td>
- <td><input type="text" name="productType" /></td>
- <td><input type="text" name="productCode" /></td>
- <td><input type="text" name="productDescription" /></td>
- <td><input type="text" name="divisionCode" /></td>
- </tr>
- </table>
- <br />
- Manual technico del producto: <input type="file" name="manualFile"/><br />
- <input type="submit" name="submitProduct" value="Submite Nuevo Producto" class="redbuttons" />
- <hr style="color:#CC0000; background-color:#CC0000;" />
- <?php
- error_reporting(E_ALL);
- ini_set('display_errors', True);
- //====================================================================================
- /* The item code is a code that differentiates products on one table between the different
- company divisions*/
- /*
- -------------------------------
- Item Codes
- -------------------------------
- Proteccion Personal = PP
- Calzados de Seguridad = CS
- Herramientas = TO
- ON Work Waer = OW
- -------------------------------
- */
- //====================================================================================
- if($_POST["proteccion_personal"]){
- $divisioncode = "PP";
- } else if($_POST["calzados_seguridad"]){
- $divisioncode = "CS";
- } else if($_POST["herramientas"]){
- $divisioncode = "TO";
- } else if($_POST["on_work_wear"]){
- $divisioncode = "OW";
- } else if($_POST["show_all"]){
- $divisioncode = "*";
- }
- $mysql = mysql_connect("localhost", "onsisac", "picobebe");
- mysql_select_db("onsisac_onsisaproducts", $mysql);
- if(mysql_error()){
- die("Connect failed: %s\n". mysql_error());
- exit();
- } else {
- //=======================
- //Files & Data Insertion
- //=======================
- if($_POST['submitProduct']){
- if ($_FILES["imageFile"]["error"] > 0 || $_FILES["manualFile"]["error"] > 0){
- echo "Error: " . $_FILES["imageFile"]["error"] . "<br />";
- echo "Error: " . $_FILES["manualFile"]["error"] . "<br />";
- } else {
- $sqlAllFile = "INSERT INTO products (id, image, name, type, item_code, description, techmanual, division_code) VALUES ('','". $_FILES['imageFile']['name']."', '".$_POST['productName']."', '".$_POST['productType']."', '".$_POST['productCode']."',' ".$_POST['productDescription']."',' ".$_FILES['manualFile']['name']."', '".$_POST['divisionCode']."')";
- $resAllFile = mysql_query($sqlAllFile, $mysql) or or die('MySQL Error: ' .mysql_error());
- if($resAllFile){
- echo "<span style='color:#FF0000; font-weight:bold;'>Producto fue agregado con exito!</span><br/>";
- } else {
- echo "Error: producto no se pudo agregar - " . mysql_error()."<br />";
- }
- }
- }
- //=======================
- //Displaying of list
- //=======================
- if($divisioncode != "*"){
- $sql = "SELECT * FROM products WHERE item_code = '".$divisioncode."'";
- } else if($divisioncode == "*"){
- $sql = "SELECT * FROM products";
- }
- $res = mysql_query($sql, $mysql);
- if($res){
- $number_of_rows = mysql_num_rows($res);
- echo "<center>";
- if($divisioncode == "OW"){
- echo "<img src='../images/onworkwearlogo2.gif'/>";
- }else if($divisioncode == "TO"){
- echo "<span style='font-family:Arial, Helvetica, sans-serif; font-weight:bold;'>Herramientas</span>";
- }else if($divisioncode == "CS"){
- echo "<span style='font-family:Arial, Helvetica, sans-serif; font-weight:bold;'>Calzados de Seguridad</span>";
- }else if($divisioncode == "PP"){
- echo "<span style='font-family:Arial, Helvetica, sans-serif; font-weight:bold;'>Protección Personal</span>";
- }else if($divisioncode == "*"){
- echo "<span style='font-family:Arial, Helvetica, sans-serif; font-weight:bold;'>Todas Divisiones</span>";
- }else{
- printf("Error: No such item code %s.<br />", $divisioncode);
- }
- echo "<hr style='background-color:#CC0000; color:#CC0000;' />";
- echo "<table border='0' style='border:#CC0000;' class='productlist'><tr>";
- echo "<th>ID #</th><th>Image</th><th>Name</th><th>Type</th><th>Item Code</th><th>Description</th><th>Tech. Manual</th><th>Division Code</th></tr><tr>";
- while ($row = mysql_fetch_assoc($res)) {
- echo "<td>".$row['id']."</td><td><img src='../productimages/".$row['image']."' /></td><td>".$row['name']."</td><td>".$row['type']."</td><td>". $row['item_code']."</td><td>".$row['description']."</td><td><a href='../manuals/".$row['techmanual']." target='_blank'/></td><td>".$row['division_code']."</td></tr><tr>";
- }
- echo "</tr></table>";
- echo "<p>";
- printf("Resultados contiene %d products.\n", $number_of_rows);
- echo "</center>";
- } else {
- printf("Could not retrieve records: %s\n", mysql_error($mysql));
- }
- mysql_close($mysql);
- }
- ?>
- </form>
- </th>
- </tr>
- </table>
- </div>
- </body>
- </html>
Sorry for large post, but after a week, it is causing me to loose sleep.
Thank you very much.