zimmo
08-22-2007, 05:11 AM
Below is my script which is part of my application, this is where the users upload files associated with themselves. I have a value that associates them. Now, when they reach this script, I did not envisage the problem with the header output being sent, as I have echos to relay messages if they either, upload a file too big, or if they upload the wrong file type etc.. but when these get sent it cause a problem with the output at the bottom as the headers are already sent.
So, how can I fix this so I can get my error messages such as "You have uploaded the incorrect file format". to be presented and not cause a problem with the headers being sent.
<?
include("inc/connect.inc");
//# Error Checking For the info section of the quote
if ( $_POST['submit'] ) {
$valid = 1;
// clean out any malicious data
foreach ($_POST as $k => $v) {
$_POST[$k] = (get_magic_quotes_gpc() ? strip_tags($v) : strip_tags(addslashes($v)));
}
$file_title = $_POST['file_title'];
if ( empty($file_title) ) {
$valid = 0;
$file_title_error = 'Please choose a name for the file.';
}
$file_name = $_POST['file_name'];
if ( empty($file_name) ) {
$valid = 0;
$file_name_error = 'Please select a file to upload.';
}
// End of error checking
if ( $valid == 1 ) {
// Upload new file.
// Check the file type is a what we allow.
if (($_FILES['file_name']['type'] != "application/pdf") && ($_FILES['file_name']['type'] != "application/msword") && ($_FILES['file_name']['type'] != "application/vnd.ms-powerpoint") && ($_FILES['file_name']['type'] != "application/vnd.ms-excel")) {
echo "You have uploaded the incorrect file format." ;
} elseif ($_FILES['file_name']['size'] > 10000000) {
echo "The file size is bigger than 10MB.</SPAN>" ;
} else {
move_uploaded_file($_FILES['file_name']['tmp_name'], "/home/*****/*****/*****/*****/*****/*****/*****/files/$sid".$_FILES['file_name']['name']) ;
echo "File successfully uploaded." ;
}
# setup SQL statement
// End of the expression, now move onto to the insert.
$SQL = " INSERT INTO ***** (***, ***, file_name) VALUES ('$***', '{$_POST['file_title']}', '{$_FILES['file_name']['name']}') ";
#execute SQL statement
$result = mysql_db_query( absolutehss,"$SQL",$connection );
# check for error
if (!$result) { echo("ERROR: " . mysql_error() . "\n$SQL\n"); }
{
header("Location: http://www.businessinberkshire.co.uk/absolutehss/cdm_questionnaire/add_info.php?sid=$sid");
exit;
}
}
}
?>
So, how can I fix this so I can get my error messages such as "You have uploaded the incorrect file format". to be presented and not cause a problem with the headers being sent.
<?
include("inc/connect.inc");
//# Error Checking For the info section of the quote
if ( $_POST['submit'] ) {
$valid = 1;
// clean out any malicious data
foreach ($_POST as $k => $v) {
$_POST[$k] = (get_magic_quotes_gpc() ? strip_tags($v) : strip_tags(addslashes($v)));
}
$file_title = $_POST['file_title'];
if ( empty($file_title) ) {
$valid = 0;
$file_title_error = 'Please choose a name for the file.';
}
$file_name = $_POST['file_name'];
if ( empty($file_name) ) {
$valid = 0;
$file_name_error = 'Please select a file to upload.';
}
// End of error checking
if ( $valid == 1 ) {
// Upload new file.
// Check the file type is a what we allow.
if (($_FILES['file_name']['type'] != "application/pdf") && ($_FILES['file_name']['type'] != "application/msword") && ($_FILES['file_name']['type'] != "application/vnd.ms-powerpoint") && ($_FILES['file_name']['type'] != "application/vnd.ms-excel")) {
echo "You have uploaded the incorrect file format." ;
} elseif ($_FILES['file_name']['size'] > 10000000) {
echo "The file size is bigger than 10MB.</SPAN>" ;
} else {
move_uploaded_file($_FILES['file_name']['tmp_name'], "/home/*****/*****/*****/*****/*****/*****/*****/files/$sid".$_FILES['file_name']['name']) ;
echo "File successfully uploaded." ;
}
# setup SQL statement
// End of the expression, now move onto to the insert.
$SQL = " INSERT INTO ***** (***, ***, file_name) VALUES ('$***', '{$_POST['file_title']}', '{$_FILES['file_name']['name']}') ";
#execute SQL statement
$result = mysql_db_query( absolutehss,"$SQL",$connection );
# check for error
if (!$result) { echo("ERROR: " . mysql_error() . "\n$SQL\n"); }
{
header("Location: http://www.businessinberkshire.co.uk/absolutehss/cdm_questionnaire/add_info.php?sid=$sid");
exit;
}
}
}
?>