Form File
<link href="formstijl.css" rel="stylesheet" type="text/css">
<h1>
<legend>Nieuw Product:</legend>
</h1>
<?php
include 'db_config.php';
?>
<div id="stylized" class="formstyle-1">
<form action="/procces/proc_add_product.php" method="POST" enctype="multipart/form-data">
<p>Velden gemarkeerd met <em>*</em> zijn verplicht!</p>
<fieldset>
<label for="product">Naam het product<em>*</em>
<span class="small">Verplicht veld</span></label>
<input id="product" name="product" />
<?php
$result = @mysql_query("SELECT categorie FROM producten_categorie");
echo '<label for="categorie">Categorie</label>';
echo '<select name="categorie">'.PHP_EOL;
while ($row = mysql_fetch_assoc($result))
{
echo '<option value="'.$row['categorie'].'">'.$row['categorie'].'</option>'.PHP_EOL;
}
echo '</select>'.PHP_EOL;
echo '</p>'.PHP_EOL;
?>
<?php
$result = @mysql_query("SELECT leverancier FROM producten_leverancier");
echo '<label for="leverancier">Leverancier</label>';
echo '<select name="leverancier">'.PHP_EOL;
while ($row = mysql_fetch_assoc($result))
{
echo '<option value="'.$row['leverancier'].'">'.$row['leverancier'].'</option>'.PHP_EOL;
}
echo '</select>'.PHP_EOL;
echo '</p>'.PHP_EOL;
?>
<label for="beschrijving">Beschrijving</label>
<textarea id="beschrijving" name="beschrijving"></textarea>
<?php
$result = @mysql_query("SELECT verpakking FROM producten_verpakking");
echo '<label for="verpakking">Verpakking</label>';
echo '<select name="verpakking">'.PHP_EOL;
while ($row = mysql_fetch_assoc($result))
{
echo '<option value="'.$row['verpakking'].'">'.$row['verpakking'].'</option>'.PHP_EOL;
}
echo '</select>'.PHP_EOL;
echo '</p>'.PHP_EOL;
?>
<?php
$result = @mysql_query("SELECT eenheid FROM producten_eenheid");
echo '<label for="eenheid">Eénheid</label>';
echo '<select name="eenheid">'.PHP_EOL;
while ($row = mysql_fetch_assoc($result))
{
echo '<option value="'.$row['eenheid'].'">'.$row['eenheid'].'</option>'.PHP_EOL;
}
echo '</select>'.PHP_EOL;
echo '</p>'.PHP_EOL;
?>
<label for="opmerking">Opmerking</label>
<textarea id="opmerking" name="opmerking"></textarea>
<label for="product_url">Meer info<em></em>
<span class="small">voorafgaande van http://</span></label>
<input id="product_url" name="product_url" />
<label for="order_url">Bestellen<em></em>
<span class="small">voorafgaande van http://</span></label>
<input id="order_url" name="order_url" />
<label for="file">Logo<em></em>
<span class="small">Max. 4mb</span></label>
<input name="userfile" type="file" id="userfile">
<input name="upload" type="submit" class="box" id="upload" value=" Verzenden ">
<div class="spacer"></div>
</fieldset>
</form>
</div>
procces file
<?php
ini_set('display_errors', 'On');
error_reporting(E_ALL | E_STRICT);
if ($_SERVER['REQUEST_METHOD'] == "POST")
// Configuratie
$allowed_filetypes = array('.jpg','.jpeg','.gif','.bmp','.png');
$max_filesize = 4194304; // 4mb
$upload_path = '../images/producten/';
$filename = $_FILES['userfile']['name']; // Verkrijg userfilesnaam en extentie.
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Verkrijg userfile extentie.
// Bekijk of het bestandsextentie is toegelaten.
if(!in_array($ext,$allowed_filetypes))
die('Bestandsextentie is niet toegelaten.');
// Nakijken van de max_filesize.
if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize)
die('Het bestand is te groot.');
// nakijken of de doelmap schrijfbaar is.
if(!is_writable($upload_path))
die('Doelmap is niet schrijfbaar, gelieven de CHMOD te veranderen naar 777.');
// Bestandscontrole op identieke namen.
if (file_exists("$upload_path" . "$filename")) {
$random_digit=rand(0000,9999);
$filename=$random_digit.$filename;
}
else {
$filename = $_FILES['userfile']['name'];
}
// Directory target.
$target = $upload_path .$filename;
// Schrijf data naar mysql database.
include '../db_config.php';
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$query = "INSERT INTO producten_leverancier (product, categorie, leverancier, beschrijving, eenheid, verpakking, opmerking, product_url, order_url, name, size, type, path)".
"VALUES ('".mysql_real_escape_string($_POST['product'])."',
'".mysql_real_escape_string($_POST['categorie'])."',
'".mysql_real_escape_string($_POST['leverancier'])."',
'".mysql_real_escape_string($_POST['beschrijving'])."',
'".mysql_real_escape_string($_POST['opmerking'])."',
'".mysql_real_escape_string($_POST['verpakking'])."'
'".mysql_real_escape_string($_POST['eenheid'])."'
'".mysql_real_escape_string($_POST['product_url'])."'
'".mysql_real_escape_string($_POST['order_url'])."'
'".mysql_real_escape_string($fileName)."',
'".mysql_real_escape_string($fileSize)."',
'".mysql_real_escape_string($fileType)."',
'".mysql_real_escape_string($upload_path . $filename)."')";
mysql_query($query) or die('Error, query failed : ' . mysql_error());
include '../db_close.php';
// Upload het bestand.
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $target))
{
// Slot besluit.
echo "De ingevoerde gegevens zijn correct verstuurd.";
}
else {
echo "<p>Er heeft zich een onbekende fout voorgedaan!</p>\n";
}
?>
Thanx in advance