0

Here is what I have tried so far and it isn't working. The HTML file contains:-

<!DOCTYPE html>
<html>
    <head>
        <meta charset="utf-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <title>Form Generator | Upload Driver Specification Sheet</title>
        <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js"></script>
        <script type='text/javascript'>
            function submit_form() {

                var formData = new FormData($(this)[0]);

                $.ajax({
                    url: 'last_file_action.php',
                    type: 'POST',
                    data: formData,
                    async: false,
                    success: function (data) {
                        $('#results').html(data);
                    },
                    cache: false,
                    contentType: false,
                    processData: false
                });

                return false;
            }
        </script>
    </head>
    <body class="gray-bg3_full">
        <form class="m-t" role="form" id='data'  method="post" enctype="multipart/form-data">
            <input type="hidden" name="MAX_FILE_SIZE" value="2000000">

            <div class="form-group">
                <p id='new_project_text'>Please include your Product spec sheet: </p>
                <input class="btn btn-primary-save btn-block" type="file" name="userfile" /> <i class="fa fa-upload"></i> &nbsp;  <br/>
            </div>
            <button type= 'button' id="submit_driver" class="btn btn-warning block full-width m-b m-t" onclick='submit_form()'>Submit</button>
        </form>
        <div id='results'></div>
    </body>
</html>

And the PHP file i.e. 'last_file_action.php' contains this:-

<?php

if ($_FILES['userfile']['error'] > 0)
{
    switch ($_FILES['userfile']['error'])
    {
        case 1:
            echo "File exceeded upload_max_filesize";
            break;
        case 2:
            echo "File exceeded max_file_size";
            break;
        case 3:
            echo "File only partially uploaded";
            break;
        case 4:
            echo "Please choose a file to upload";
            break;
        case 6:
            echo "Cannot upload file: No temp directory specified";
            break;
        case 7:
            echo "Upload failed: Cannot write to disk";
            break;
    }
    exit;
}
$upfile = 'productinformation/';

if (is_uploaded_file($_FILES['userfile']['tmp_name']))
{
    if (!move_uploaded_file($_FILES['userfile']['tmp_name'], $upfile))
    {
        echo "Problem: Could not move file to destination directory";
        exit;
    }
}
else
{
    echo "Problem: Possible file upload attack. Filename: ";
    echo $_FILES['userfile']['name'];
    exit;
}



// remove possible HTML and PHP tags from the file's contents
$contents = file_get_contents($upfile);
$contents = strip_tags($contents);
file_put_contents($_FILES['userfile']['name'], $contents);
// show what was uploaded

When I click the submit button I get this error "Problem: Possible file upload attack. Filename:". This is the error I've myself set in PHP file. It shows this error even when I don't select the file to upload. I want it to show Error "Please choose a file to upload" if I don't select a file to upload.

Community
  • 1
  • 1
Waseem Abbas
  • 81
  • 8
  • Without consistent indentation, it's very difficult to follow that code. – David Feb 08 '16 at 20:03
  • [related](http://stackoverflow.com/questions/166221/how-can-i-upload-files-asynchronously?rq=1). – Kenney Feb 08 '16 at 20:09
  • I have edited the question. I hope its easier for you now @David – Waseem Abbas Feb 08 '16 at 20:11
  • @WaseemAbbas: Since you didn't fix the indentation then, no, it isn't. Formatting your code to be more readable would probably also make it easier for *you* to debug your code and see what's going on. Basically, since it's displaying a message that you wrote, it would appear that somewhere in your conditional structures there is a condition which results in that message being displayed. What is that condition? Why do you expect that condition to be different? – David Feb 08 '16 at 20:13

2 Answers2

1
var formData = new FormData();
formData.append("userfile", $(":file")[0].files[0]);
AsgarAli
  • 2,201
  • 1
  • 20
  • 32
  • you should explain how this will help the OP, and why the problem occurs with the OP's code. – davejal Feb 08 '16 at 23:36
  • Okay. Great. This works but what if I have two file uploads instead of one. In this form there is only one file and also what if I have some input fields too. – Waseem Abbas Feb 09 '16 at 00:05
0

Here is how I did it.

var formData = new FormData();

formData.append("userfile", $(":file")[0].files[0]);

The above code is right as long as you have one file and no other input fields. In case you have more input field and multiple file upload in a single form. One should consider target elements by their IDs instead of type $(":file"). Here is how we can get other files:-

 var formData = new FormData();
formData.append("first_file", $("#1st_file_id")[0].files[0]);
formData.append("2nd_file", $("#2nd_file_id")[0].files[0]);
formData.append("3rd_file", $("#3rd_file_id")[0].files[0]);

Here is how we can get data from input fields of form by targeting their IDs.

  formData.append("input_field", $("#input_field_id").val());

In PHP nothing needs to be changed. If we want to get the value of input field we can do it by:-

$var = $_POST['input_field'];
And if its a file, we can capture it by this and do the rest of the work as done in the question. 
$_FILES['userfile'] or $_FILE['2nd_file']
Waseem Abbas
  • 81
  • 8