Validation Problem

Im using the following to upload a single image file. The form works to limit the size of the file (If the file is over 500k it won’t be uploaded). However – my error handling doesn’t seem to be working correctly. I’ve left out the code thats not associated with the image upload below for the most part.

Anyone have any ideas?

[code]<script language=javascript>
extArray = new Array(“.jpg”, “.jpeg”,”.gif”); //”.png”, , “.gif”
function callSave()
{
if(!isCurrency(document.frmlisting.txtlistingprice.value)){
alert(“Price: Incorrect data”);
document.frmlisting.txtlistingprice.select();
return;
}
if(isBlank(document.frmlisting.txtlistingtitle.value)){
alert(“Title is Required”);
document.frmlisting.txtlistingtitle.focus();
return;
}
if(!isBlank(document.frmlisting.txtlistingimage.value)){
if(!isValidFile(document.frmlisting.txtlistingimage.value)){
alert(“Selected file is not a vaild image type. nPlease select “+ (extArray.join(” “).toUpperCase())+ ” files. “);
document.frmlisting.txtlistingimage.select();
return;
}
}
if(isBlank(document.frmlisting.txtlistingemail.value)){
alert(“Email is Required”);
document.frmlisting.txtlistingemail.select();
return;

}
if(!isEmail(document.frmlisting.txtlistingemail.value)){
alert(“Email: Incorrect data”);
document.frmlisting.txtlistingemail.select();
return;
}

document.frmlisting.action=”listingsubmit.php”;
document.frmlisting.submit();
}
</script>
<FORM name=”frmlisting” method=”post” enctype=”multipart/form-data”>
<input type=”hidden” name=”MAX_FILE_SIZE” value=”500000″>
<Input type=”file” name=”txtlistingimage” style=”WIDTH: 275px; HEIGHT: 20px” size=”39″ maxlength=”100″>
<Input type=hidden name=”mode” value=”<?=$mode?>”>
<input type=hidden name=”l_id” value=”<?=$l_id?>”>
<input type=hidden name=”c_id” value=”<?=$c_id?>”>
<input type=hidden name=”cboCity” value=”<?=$intcityid?>”>
<input type=hidden name=”txtpreviousimage” value=”<?=$listingimage?>”>
<input type=hidden name=”txtfrmpg” value='<?=$frmpg?>’>
<input type=”button” class=”btn_text” value=”Preview” onclick=”javascript:callSave();” style=”border:solid-1px; color: #333333 “>[/code]

The processor “listingsubmit.php”

[code=php]
<?
include(“connection.php”);
$c_id = $_POST[‘c_id’];
$city = $_POST[‘cboCity’];
$l_id = $_POST[‘l_id’];
$listing_title = $_POST[‘txtlistingtitle’];
$listing_location = $_POST[‘txtlistinglocation’];

if(isset($_POST[‘txtlistingprice’])){
$listing_price = $_POST[‘txtlistingprice’];
}else{
$listing_price =0;
}
$listing_text = $_POST[‘txtlistingtext’];
$listing_address = $_POST[‘txtlistingaddress’];
$listing_city = $_POST[‘txtlistingcity’];
$listing_email = $_POST[‘txtlistingemail’];
$listing_emailoption = $_POST[‘rademailoption’];
$listing_contactinfo = $_POST[‘txtlistingcontactinfo’];
$listing_date = $_POST[‘txtlistingdate’];
$listing_show = “N”;
$listing_buysell = $_POST[‘radfor’];
$listing_premier = $_POST[‘chkpremier’];
if($listing_premier==”on”){
$listing_premier = “Y”;
}else{
$listing_premier = “N”;
}
$listing_date = date(“Y-m-d”);

if(isset($_GET[‘mode’]))
{
$mode =$_GET[‘mode’];
}
if(isset($_POST[‘mode’]))
{
$mode =$_POST[‘mode’];
}

$frmpg = $_POST[‘txtfrmpg’]; //form vars
$dirupload = “images/listing/”; // path to the image directory

switch ($mode){ //defined on the form and above add or edit
case “Add”:

if($_FILES[‘txtlistingimage’][‘name’] == “”){
$listing_image = “”;
}else{
$listing_image = getfilename($_FILES[‘txtlistingimage’][‘name’],1);
copy ( $_FILES[‘txtlistingimage’][‘tmp_name’],$dirupload.$listing_image)
or $msgid=2;
}

//– GET SIZE OF UPLOADED IMAGE
var_dump($_FILES);
$file = $_FILES[‘txtlistingimage’]; //file from form
$max_size = 500000; // roughly 500K
if(filesize($file[‘tmp_name’]) > $max_size)
die(‘File size is too great.’);

//$img_info = getimagesize($file[‘tmp_name’]);

$img_info = getimagesize($_FILES[‘txtlistingimage’][‘tmp_name’]);
if(($img_info[0] > 600) || ($img_info[1] > 600))
die(‘Image dimensions are greater than 600px x 600px.’);

if(is_uploaded_file($file[‘tmp_name’])){
if(move_uploaded_file($file[‘tmp_name’], $dirupload.$file[‘name’])){
echo ‘w00t! The file was uploaded and is in ‘.$dirupload;
}
} else {
echo ‘No file uploaded to be moved.’;
}

$strInsert=”Insert into listing_master(city_id,category_id,listing_title,listing_location,listing_price,listing_text,listing_address,listing_city,listing_image,listing_email,listing_email_option,listing_contact_information,listing_date,listing_show,listing_buysell,listing_premier) values (“;
if($listing_date == “”){
$strInsert=$strInsert . “$city,$c_id,’$listing_title’,’$listing_location’,$listing_price,’$listing_text’,’$listing_address’,’$listing_city’,’$listing_image’,’$listing_email’,’$listing_emailoption’,’$listing_contactinfo’,NULL,’$listing_show’,’$listing_buysell’,’$listing_premier’)”;
}else{
$strInsert=$strInsert . “$city,$c_id,’$listing_title’,’$listing_location’,$listing_price,’$listing_text’,’$listing_address’,’$listing_city’,’$listing_image’,’$listing_email’,’$listing_emailoption’,’$listing_contactinfo’,’$listing_date’,’$listing_show’,’$listing_buysell’,’$listing_premier’)”;
}
$MsgId=1;
if(!($dbResult = mysql_query($strInsert, $dbLink)))
{
$success = “false”;
$MsgId=2;
}

// $ssql = “SELECT max(listing_id) as listing_id FROM listing_master”;

// $dbResultid = mysql_query($ssql,$dbLink);
// $rowlistid = mysql_fetch_array($dbResultid, MYSQL_ASSOC);
// $listingid = $rowlistid[‘listing_id’];
$listingid = mysql_insert_id();
header(“Location:listingpreview.php?l_id=$listingid&cityid=”.$city.”&c_id=$c_id&catid=$c_id&msgid=”.$MsgId);
return;
break;

//Begin Edit

case “Edit”:
if($_FILES[‘txtlistingimage’][‘name’] != “”){
if ($_POST[‘txtpreviousimage’] != “”){
if(file_exists(realpath($dirupload.$_POST[‘txtpreviousimage’]))){
unlink(realpath($dirupload.$_POST[‘txtpreviousimage’]));
}
}
$listing_image = getfilename($_FILES[‘txtlistingimage’][‘name’],1);
copy ( $_FILES[‘txtlistingimage’][‘tmp_name’],$dirupload.$listing_image)
or $msgid=2;
}else{
if ($_POST[‘txtpreviousimage’] != “”){
$listing_image=$_POST[‘txtpreviousimage’];
}else{
$listing_image=””;
}
}
$strEdit=”Update listing_master Set “;
$strEdit=$strEdit . “city_id = ” . $city . “,”;
$strEdit=$strEdit . “category_id = ” . $c_id . “,”;
$strEdit=$strEdit . “listing_title = ‘” . $listing_title . “‘,”;
$strEdit=$strEdit . “listing_location = ‘” . $listing_location . “‘,”;
$strEdit=$strEdit . “listing_price = “. $listing_price .”,”;
$strEdit=$strEdit . “listing_text = ‘” . $listing_text . “‘,”;
$strEdit=$strEdit . “listing_address = ‘” . $listing_address . “‘,”;
$strEdit=$strEdit . “listing_city = ‘” . $listing_city . “‘,”;
$strEdit=$strEdit . “listing_image = ‘” . $listing_image . “‘,”;
$strEdit=$strEdit . “listing_email = ‘” . $listing_email . “‘,”;
$strEdit=$strEdit . “listing_email_option = ‘” . $listing_emailoption . “‘,”;
$strEdit=$strEdit . “listing_contact_information = ‘” . $listing_contactinfo . “‘,”;
if($listing_date == “”){
$strEdit=$strEdit . “listing_date = NULL,”;
}else{
$strEdit=$strEdit . “listing_date = ‘” . $listing_date . “‘,”;
}
$strEdit=$strEdit . “listing_show = ‘” . $listing_show . “‘,”;
$strEdit=$strEdit . “listing_buysell = ‘” . $listing_buysell . “‘,”;
$strEdit=$strEdit . “listing_premier = ‘” . $listing_premier . “‘”;
$strEdit=$strEdit . ” where listing_id = “. $_POST[‘l_id’];
//echo $strEdit;
//return;
$MsgId=1;
if(!($dbResult = mysql_query($strEdit, $dbLink)))
{
$success = “false”;
$MsgId=2;
}
// header(“Location:listing_list.php?cityid=”.$city.”&c_id=$c_id&msgid=”.$MsgId);
if($frmpg==””){
header(“Location:listingpreview.php?l_id=$l_id&cityid=”.$city.”&c_id=$c_id&catid=$c_id&msgid=”.$MsgId);
}else{
header(“Location:listing_publish.php?l_id=$l_id&cityid=”.$city.”&c_id=$c_id&catid=$c_id”);
}
return;
break;

//Begin Delete

case “Delete”:

?>
[/code]

Also in #PHP _↴