0

I'm currently working on some code. Where you should be able to upload a file and select witch type of file it is.

I'm using urls to make an database entry on the upload page , so my link should look like

www.mydomain.domain?id=1&type=type

But php only gets the id because it uses get from the previous page.

So it looks like this

www.mydomain.domain?id=1&type=

So my question is how can I get the selection in the url?

I tried it with jQuery but I suck at it ;D.

My form code:

<?php
$datetype = $_POST['dateiart'];
echo $datetype;
$ek = $_GET['id'];
?>

<form action="upload.php?id=<?php echo $ek; ?>&type=<?php echo $datetype;?>"  target="_blank" method="post" enctype="multipart/form-data" id="dateiauswahl">
    Datei zum hochladen auswählen
    <input type="file" name="fileToUpload" id="fileToUpload"> <br>
    <input onclick="myFunction()" type="submit" value="Datei hochladen" name="submit"><br><br>

<input type="hidden" value="<?php echo $ek?>" id="id" name="submit"><br><br>

      <label>Dateiart:
    <select  name="dateiart" form="dateiauswahl" size="5">
      <option value="EK-Rechnung">EK-Rechnung</option>
      <option value="Kaufvertrag">Kaufvertrag</option>
      <option value="VK-Rechnung">VK-Rechnung</option>
      <option value="Datenblatt">Datenblatt</option>
      <option value="Sonstige">Sonstige</option>
    </select>
  </label>
    </div>
</form>

upload.php

<?php
$pdo = new PDO('mysql:host=localhost;dbname=', '', '');
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
$ek = $_GET['id'];
$dateiart = $_GET['type'];
echo $dateiart;
// Check if file already exists
if (file_exists($target_file)) {
    echo "Sorry, file already exists.";
    $uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 50000000) {
    echo "Sorry, your file is too large.";
    $uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "pdf"
&& $imageFileType != "gif" ) {
    echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
    $uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
    echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
        echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
    } else {
        echo "Sorry, there was an error uploading your file.";
    }


        $statement = $pdo->prepare("INSERT INTO Dateien (Link, EKNR, Datei_Bezeichnung) VALUES (:Link, :EKNR, :Datei_Bezeichnung)");
        $result = $statement->execute(array('Link' => $target_file, 'EKNR' => $ek, 'Datei_Bezeichnung' => $dateiart));

}
?>
Improve this question
1
  • You have the field already in the form, why do you try to put it again into the url (which is not possible)? Read the datetype from the POST data in the upload.php! Commented Sep 17, 2016 at 11:05

1 Answer 1

Reset to default
1

Pass parameters as hidden inputs instead of printing them in the query string of action URL of the form. Use htmlspecialchars function to prevent security issues.

<?php 
 if (!isset($_GET['id']) || !isset($_GET['type'])){
     die('Missing parameters');
 }
?>


<form action="upload.php"  target="_blank" method="post" enctype="multipart/form-data" id="dateiauswahl">
    Datei zum hochladen auswählen

    <input type="hidden" name="id" value="<?php echo htmlspecialchars($_GET['id']) ?>">
    <input type="hidden" name="type" value="<?php echo htmlspecialchars($_GET['type']) ?>">


    ....... other inputs

</form>

The in the upload.php script get them from $_POST superglobal.

$ek = $_POST['id'];
$dateiart = $_POST['type'];
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.