...

View Full Version : Header with message question



PeaTearGriffin
05-08-2008, 03:50 AM
Hi,

What I want to do is upload a file, and if its successful I want to print a message. Right now it works, but if the user refreshes the page, it will try to upload it again. So I tried to use the header function. It would prevent someone from refreshing, but then I can't show the success message. How can I do that without redirecting to another page?


<?php
if (!isset($_POST['submit']))
{
?>
<html>
<head>
<body>
<br /><br />
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data">
<input type="file" name="up" />
<input type="submit" name="submit" value="submit" />
</form>
</body>
</html>
<?php
}
else
{
if ($_FILES['up']['type'] == 'image/jpeg' || $_FILES['up']['type'] == 'text/html' || $_FILES['up']['type'] == 'text/plain' && $_FILES['up']['size'] <= 1000000)
{
if (!$_FILES['up']['error'])
{
$dir = 'uploads/';

if (file_exists($dir . $_FILES['up']['name']))
{
echo "The file name you tried to upload already exists.";
}
else
{
move_uploaded_file($_FILES['up']['tmp_name'], $dir . $_FILES['up']['name']);
header('location: ' . $_SERVER['REQUEST_URI']);
echo "<ul>";
echo "<li>File Name: " . $_FILES['up']['name'] . "</li>";
echo "<li>File Type: " . $_FILES['up']['type'] . "</li>";
echo "<li>File Size: " . $_FILES['up']['size'] . " bytes</li>";
echo "<li>File Temp: " . $_FILES['up']['tmp_name'] . "</li>";
echo "</ul>";
echo "Your file has been successfully uploaded";
}
}
else
{
echo "File Error: " . $_FILES['up']['error'];
}
}
else
{
echo "This file type is not supported";
}
}
?>

Fou-Lu
05-08-2008, 04:58 AM
Yeah, header will never allow you to view the output, as the headers are sent before the browser flush.
I would suggest keeping the route you are using, and using an intermediate redirection page, one that simply prints out a query string based message for the succession:


<?php
// Yep, I'm lazy you'll need to add your html :)
if (isset($_GET['message']))
{
$msg = (string)$_GET['message'];
echo $msg;
}
...
?>

With a change to your headers, so it looks like this (note, I didn't look over your code, just changing how the output is handled):


<?php
}
else
{
$msg = "";
if ($_FILES['up']['type'] == 'image/jpeg' || $_FILES['up']['type'] == 'text/html' || $_FILES['up']['type'] == 'text/plain' && $_FILES['up']['size'] <= 1000000)
{
if (!$_FILES['up']['error'])
{
$dir = 'uploads/';

if (file_exists($dir . $_FILES['up']['name']))
{
$msg = "The file name you tried to upload already exists.";
}
else
{
move_uploaded_file($_FILES['up']['tmp_name'], $dir . $_FILES['up']['name']);
// Meh, I should have sent it over something other than get,
// I hate having HTML in it.
$msg .= "<ul>";
$msg .= "<li>File Name: " . $_FILES['up']['name'] . "</li>";
$msg .= "<li>File Type: " . $_FILES['up']['type'] . "</li>";
$msg .= "<li>File Size: " . $_FILES['up']['size'] . " bytes</li>";
$msg .= "<li>File Temp: " . $_FILES['up']['tmp_name'] . "</li>";
$msg .= "</ul>";
$msg .= "Your file has been successfully uploaded";
}
}
else
{
$msg = "File Error: " . $_FILES['up']['error'];
}
}
else
{
$msg = "This file type is not supported";
}
header('Location: myResultHandle.php?msg=' . $msg);
}
?>


Something along that idea? Oh, just noticed you have a request uri for it, just pass it along the location and use an html meta refresh to change it - still get the output, but a timed based redirect.

PeaTearGriffin
05-08-2008, 04:50 PM
I tried playing around with the code, but couldn't get it to work. The query string isn't added onto the end of the url it seems. I'm still a little fuzzy with $_GET and not sure what the $_GET['message'] is doing. Where is the message variable? I'll try some more later.

Fou-Lu
05-08-2008, 05:01 PM
_GET is a request from the querystring, broken into an associative array. So: http://mysite.com/index.php?message=hello, the variable $_GET['message'] will contain the data 'hello'.
This doesn't work because I sent you with the wrong query string: msg, instead of message. At the bottom in the header("Location..."), part, just change the ?msg= to ?message= and that should work. My bad.

PeaTearGriffin
05-08-2008, 08:02 PM
I noticed that earlier and change all $_GET['message'] to $_GET['msg'], but it didn't work. But now I changed back to $_GET['message'] and then changed ?=msg to ?=message and now it works. Wierd.

So its all working good now. I just have a couple small questions now. When you declared the $msg variable you put a "(string)" in front of the $_GET. What does this do? I noticed it worked just fine without it.

Lastly, when I go to the page before uploading anything, I would get a url like myurl.com/upload.php?message=

I thought it kind of looked bad like that, so instead I tried to do something like:

if (isset($_POST['submit']))
{
header('location: ' . $_SERVER['PHP_SELF'] . '?message=' . $msg);
}
else
{
header('location: ' . $_SERVER['PHP_SELF']);
}

Which didn't work because it always needs the message= Any ideas?

Fou-Lu
05-09-2008, 01:26 AM
(string) is an explicit cast. Sorry, just to used to other languages, since PHP is string based language, that argument is always a string, don't need to worry about it. I'm a fan of explicit conversions anyway, so I'd recommend leaving it, just help that tiny bit more on security to prevent XSS perhaps.

Yep, there is another way to do this. Use a session / cookie. Two problems come with these.
1. Cookies can be denied by the client. Thats fine.
2. If cookies are denied, sessions require an idenfication to pass along.

With that in mind, you will likely want to go with the idenfication on the session instead:


<?php
// Your upload script
session_start();
.... All that fun stuff here. $msg is instead placed into $_SESSION['message'] = $msg just before you send the header.
Add in the header("Location: page.php" . PHPSESSID); I believe it is (if that doesn't work I'll look it up for you, been awhile since I've used built in sessions). This is because the header needs to know the session ID, and if the user doesn't have cookies on it won't pass it along (regardless of session.use_trans_sid ini configuration.

On the retrieval side, simply replace _GET with _SESSION, and make sure tha tsession_start() is still called at the top.

Does that answer what you are looking to do?



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum