 PHP Page 3 - Handling Files for a Project Management Application |
The add_file script - PHPIn this article we will be discussing how to handle the files that a project needs. We will also be looking at how to upload files using standard PHP functions. This article is the sixth part of a seven-part tutorial that explains how to build a project management application. Be sure to check out the other articles in the series.
print this article SEARCH DEV SHED |
The next script that we will be looking at is the add_file script. It is responsible for adding files to a project. The page consists of a form that provides a file field. This is a special field that is specifically designed for uploading files. The form also has one additional attribute, as you will see in the HTML section of the page. Below is a screen shot of the form and also the code that built the script:
And the code for the page: <?php include "dbcon.php"; include "functions.php"; if(isset($_GET['pid'])){ //clean pid if(!is_numeric($_GET['pid'])){ //the value received is not numeric. redirect the user to login header("location:login.php"); } //otherwise clean the received value for query use $cpid = mysql_escape_string($_GET['pid']); $getname = "SELECT title FROM projects WHERE pid = '".$cpid."'"; $g_result = mysql_query($getname); if(!$g_result){ echo mysql_error(); }else{ $rowname = mysql_fetch_assoc($g_result); $title = $row['title']; } }//end pid check if(isset($_POST['submit'])){ //check vars if(!$_FILES['userfile']['name']) { $err = true; $msg .= "<BR>Please upload a image file."; } $fname=mysql_escape_string($_FILES['userfile']['name']); $p_pid=mysql_escape_string($_POST['p_pid']); //insert if(!$err){ $insert = "INSERT INTO files SET filename = '".$fname."',"; $insert .= "p_id= '".$p_pid."'"; if(!mysql_query($insert)){ echo mysql_error(); }else{ $newid=mysql_insert_id(); $msg= "Data inserted.".$p_pid."<br>"; } }//err check //upload file if($new_id > 0){ $uploadpath = "p_files/"; $filename = trim(addslashes($_FILES['userfile']['name'])); if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadpath . $filename)) { $msg .= "File uploaded.".$filename.""; }else{ $msg .= "File not uploaded."; } } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/PM_Main.dwt.php" codeOutsideHTMLIsLocked="false" --> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <!-- InstanceBeginEditable name="doctitle" --> <title>Untitled Document</title> <!-- InstanceEndEditable --> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="Templates/main.css" rel="stylesheet" type="text/css" /> </head> <body> <table width="100%" border="0"> <tr> <td width="33%"> </td> <td width="28%"> </td> <td width="39%">Logged in: <!-- InstanceBeginEditable name="login" --><? echo $_SESSION['name'];?> | <a href="logout.php">Logout</a><!-- InstanceEndEditable --></td> </tr> <tr> <td colspan="3" bgcolor="#6699CC" class="headertxt">Project Management Software </td> </tr> <tr> <td colspan="3"><!-- InstanceBeginEditable name="main" --> <form id="form1" name="form1" method="post" action="add_file.php" enctype="multipart/form-data"> <table width="100%" border="0"> <tr> <td colspan="2" class="loginheader"><?php echo $title;?></td> </tr> <tr> <td colspan="2"><?php if(isset($msg)){ echo $msg; }?> </td> </tr> <tr> <td width="10%">File Name </td> <td width="90%"><label> <input name="userfile" type="file" id="userfile" /> <input type="hidden" name="p_pid" value="<?php echo $_GET['pid'];?>"/> </label></td> </tr> <tr> <td> </td> <td><label> <input type="submit" name="submit" value="Upload File" /> </label></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr> <td colspan="3"><!-- InstanceBeginEditable name="nav" --><a href="main.php">View Project List</a> | <a href="admin/login.php">Administrators Corner </a><!-- InstanceEndEditable --></td> </tr> <tr> <td align="right" class="cright" colspan="3">copyright © 2007 PM </td> </tr> </table> </body> <!-- InstanceEnd --></html> The code does a couple of familiar things. First it makes the usual checks to make sure that we don't crash the application, then it retrieves the project name and stores it in a variable called $title: <?php include "dbcon.php"; include "functions.php"; if(isset($_GET['pid'])){ //clean pid if(!is_numeric($_GET['pid'])){ //the value received is not numeric. redirect the user to login header("location:login.php"); } //otherwise clean the received value for query use $cpid = mysql_escape_string($_GET['pid']); $getname = "SELECT title FROM projects WHERE pid = '".$cpid."'"; $g_result = mysql_query($getname); if(!$g_result){ echo mysql_error(); }else{ $rowname = mysql_fetch_assoc($g_result); $title = $row['title']; } }//end pid check
blog comments powered by Disqus |
|
|
|
|
|
|
|
