即使禁用了文件上载/字段元素,也会插入PHP脚本

时间:2015-01-31 12:14:10

标签: php mysql insert sql-insert

嗨,我似乎无法确定错误。我有一个带元素的表格。你能检查一下脚本吗?我只是知道它缺少一些东西,但像我这样的菜鸟并不知道。基本上,当选择Smart Money单选按钮时,BPI被禁用,反之亦然。它应该在数据库中插入数据输入。如果所选的无线电btn是BPI但是如果选择智能资金并且用户输入数据并禁用BPI /文件上传,则它可以正常工作,它不会在数据库中插入任何内容。你能告诉我该怎么做我认为这些脚本有点错误,因为查询在文件上传脚本之下。我认为当没有任何内容上传/禁用该选项时,它不会插入任何内容。文件上传脚本干扰我猜。

PHP:

if(isset($_FILES['filename'])){
    $errors = array();
    $file_name = $_FILES['filename']['name'];
    $file_size =$_FILES['filename']['size'];
    $file_tmp =$_FILES['filename']['tmp_name'];
    $file_type=$_FILES['filename']['type'];   
    $file_ext=strtolower(end(explode('.',$_FILES['filename']['name'])));


    $expensions= array("jpeg","jpg","png");         
    if(in_array($file_ext,$expensions)=== false){
        $errors[]="extension not allowed, please choose a JPEG or PNG file.";
    }
    if($file_size > 2097152){
        $errors[]='File size must be excately 2 MB';
    }          

    // if no error...     
    if (empty($errors)==true) {

        // upload the file...
        move_uploaded_file($file_tmp,"uploads/".$file_name);

        $servername = "localhost";
        $username = "root";
        $password = " ";
        $dbname = "admin";

        // create new record in the database
        include ("dbinfo.php");

        mysql_query("INSERT INTO payment_form (Tracking, date, mode, ContactNo, totalsent, datesent, filename) VALUES ('$transactionNo', NOW(), '$rad', '$contactNo', '$totalSent', '$dateSent', '$file_name')") ;

        header('Location: paymentform_success.php');
    }else{
        print_r($errors);
    }
}

形式:

<form name="form" method="POST" enctype="multipart/form-data">
<table width="416" height="245" border="1" align="center">
<tr>
<td colspan="2">Transaction No: <input type="text" name="transaction_no" id="transaction_no" /> </td>
</tr>
<tr>
<td colspan="2" align="center">Please select the mode of payment</td>
</tr>
<tr>
<td width="183" align="center"><input name="rad" type="radio" onclick="enableField(this)" value="Smart Money"> 
Smart Money</td>
<td width="201" align="center"><input name="rad" type="radio" onclick="enableField(this)" value="BPI"> BPI Bank Deposit</td>
</tr>
<tr>
<td align="center"><input name="contactno" type="text" disabled="disabled" id="contactno"></td>
<td align="center"><input name="filename" type="file" id="filename" disabled="disabled"/></td>
</tr>
<tr>
<td>Total amount sent:</td>
<td>&nbsp;<input type="text" name="totalsent" id="totalsent" /></td>
</tr>
<tr>
<td>Date sent:</td>
<td>&nbsp;<input type="text" name="datesent" id="datesent" /></td>
</tr>
<tr>
<td colspan="2" align="center"><input name="submit" type="submit" id="submit" value="Submit" /></td>
</tr>
</table>
<input type="hidden" name="MM_insert" value="form" />

</form>

JS for disable / enable 

<script type="text/javascript">
function enableField(obj){
    var form=obj.form;
    var txtNames=['contactno','filename'], f;
    var rads=document.getElementsByName(obj.name), r, i=0;
    while(r=rads[i++]){
        f=form[txtNames[i-1]];
        if(r.checked){
            f.removeAttribute('disabled');
            f.focus();
        }
        else{
            f.value='';
            f.setAttribute('disabled','disabled')
        }
    }
}
</script>

1 个答案:

答案 0 :(得分:0)

INSERT阻止之外的if(isset($_FILES['filename']))

if (isset($_POST['submit'])) {
    $errors = array();
    if (isset($_FILES['filename'])) {
        $file_name = $_FILES['filename']['name'];
        $file_size =$_FILES['filename']['size'];
        $file_tmp =$_FILES['filename']['tmp_name'];
        $file_type=$_FILES['filename']['type'];   
        $file_ext=strtolower(end(explode('.',$_FILES['filename']['name'])));

        $expensions= array("jpeg","jpg","png");         
        if(in_array($file_ext,$expensions)=== false){
            $errors[]="extension not allowed, please choose a JPEG or PNG file.";
        }
        if($file_size > 2097152){
            $errors[]='File size must be excately 2 MB';
        }          

        // if no error...     
        if (empty($errors)==true) {

            // upload the file...
            move_uploaded_file($file_tmp,"uploads/".$file_name);

        }else{
            print_r($errors);
        }
    } else {
        $file_name = '';
    }

    if (empty($errors)) {
        $servername = "localhost";
        $username = "root";
        $password = " ";
        $dbname = "admin";

        // create new record in the database
        include ("dbinfo.php");

        $transactionNo = $_POST['transaction_no'];
        $rad = $_POST['rad'];
        $contactNo = $_POST['contactno'];
        $totalSent = $_POST['totalsent'];
        $dateSent = $_POST['datesent'];

        mysql_query("INSERT INTO payment_form (Tracking, date, mode, ContactNo, totalsent, datesent, filename) VALUES ('$transactionNo', NOW(), '$rad', '$contactNo', '$totalSent', '$dateSent', '$file_name')") ;

        header('Location: paymentform_success.php');
    }
}
相关问题
最新问题