PHP Upload Form Validation

[aleister1987]

Hi People,

 

I have this problem, i have created an upload form which includes some text fields and also an image upload which then gets sent to a server. I haven't yet got any validation or sanitisation on there at the moment. Im abit new to PHP and can code beginners stuff really, could someone give us some help with this please!

 

addproduct.php - This is my form

 

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">

<tr>

<td><form enctype="multipart/form-data" name="form1" method="post" action="insert_add.php">

<table width="100%" border="0" cellspacing="1" cellpadding="3">

<tr>

<td width="200"><b>Model</b></td>

<td width="10">:</td>

<td width="400"><input name="model" type="text" id="model" size="28"></td>

</tr>

<tr>

<td><b>Product</b></td>

<td>:</td>

<td><input name="product" type="text" id="product" size="28"></td>

</tr>

<tr>

<td><b>Description</b></td>

<td>:</td>

<td><textarea rows="5" cols="21" type="text" name="description" id="description"></textarea></td>

</tr>

<tr>

<td><b>Price</b></td>

<td>:</td>

<td><input name="price" type="text" id="price" size="28"></td>

</tr>

<tr>

<td><b>Image:</b></td>

<td>:</td>

<td><input type="file" name="photo"></td>

</tr>

<tr>

<tr>

<td colspan="3" align="center"><input type="submit" name="Submit" value="Submit"></td>

</tr>

</table>

</form>

</td>

</tr>

</table>

 

 

insert_add.php - This is a page which uploads contents to server

 

 

<?php

$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

//This is the directory where images will be saved 
$target = "images/"; 
$target = $target . basename( $_FILES['photo']['name']); 

// Get values from form
$model=$_POST['model'];
$product=$_POST['product'];
$description=$_POST['description'];
$price=$_POST['price'];
$pic=($_FILES['photo']['name']); 

// Insert data into mysql
$sql="INSERT INTO $tbl_name(model, product, description, price, photo)VALUES('$model', '$product', '$description', '$price', '$pic')";
$result=mysql_query($sql);

if(move_uploaded_file($_FILES['photo']['tmp_name'], $target)) 
{ 
//Tells you if its all ok 
echo "<center>The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory</center>"; 
} 

else { 
//Gives and error if its not 
echo "Sorry, there was a problem uploading your file."; 
} 

// close connection
mysql_close();
?>

 

 

Any help with coding would be greatfully appreciated.

[Pikachu2000]

So just what is it you want to validate? What are the valid parameters for the fields?

[aleister1987]

I would like to validate the text fields in the HTML section to make sure data has been filled out, which would be:

 

Model, product, description, price and image.

 

• Model: checks to see if data is added.
  
• product: checks to see if data is added.
  
• description: checks to see if data is added.
  
• price: checks to see if integers are added.
  
• image: checks to see if an image has been added.
  

 

[Pikachu2000]

What data type is expected, or allowed for each field? Model, product and description are strings, price is decimal, while image obviously is a file? Are they all required, or are any optional?

[aleister1987]

All the data types are required and need data. thanks