Hello.

I wrote an image uploader with php which recieves the form values from post method, here's a part of the source code to understand better :

1 -
<form method="post" enctype="multipart/form-data" action="<?php echo($PHP_SELF) ?>" >
<input class="file" type="file" size="17" name="uploadedfile">
<input type="submit" value="Submit" name="Submit">
2 -
if(isset($_POST['Submit']) { ..... }

as you see when user click on submit the form will be sent to $PHP_SELF, so the page will be reloaded again and save the image sent
Now if you send an image then you click on refresh several times your file will be saved each time

this makes a lot of repeated work and also takes no reason space, so I have to solve this problem. Does any body know how to fix it ?

any help will be appreciated

Just want to make sure that you closed your form, as you don't show it there :p

Also I think an easy way to fix this would be to just use the file_exists function.


if (file_exists($uploadedfile)) {
echo "This file has already been uploaded.";
} else {
// execute normally
}

It appears that you have two options.

Either to run a separate script for saving the uploaded image, or, to use a session variable as a flag to control script execution.

Hope this helps.

Just want to make sure that you closed your form, as you don't show it there :p

Also I think an easy way to fix this would be to just use the file_exists function.


if (file_exists($uploadedfile)) {
echo "This file has already been uploaded.";
} else {
// execute normally



...But you must know the image file name in advance.

That's what the submitting form is for. As soon as the form is submitted all this is posted. Let me clarify:


if(isset($_POST['Submit']) {
if (file_exists($_POST['uploadedfile'])) {
echo "This file has already been uploaded.";
} else {
// execute the uploading of the file
}


}

Just want to make sure that you closed your form, as you don't show it there :p

Also I think an easy way to fix this would be to just use the file_exists function.


if (file_exists($uploadedfile)) {
echo "This file has already been uploaded.";
} else {
// execute normally
}

Thanks

I've already closed the form after giving the requested values in html part. would you tell me where exactly I have to close it pls ?

and also, the picture will be saved with a randomly name. for example everytime you send an image it'll be saved with a different name
so if 2 users send 2 different pictures with the same name (for example untitled-1.bmp) both of them will be accepted

It appears that you have two options.

Either to run a separate script for saving the uploaded image, or, to use a session variable as a flag to control script execution.

Hope this helps.


Thanks

for example we have a page like upload.html and then it sends the data to upload.php ? I've already done this but it didn't help me any much
and the second option you said was about making a session variable, I really didn't understand what exactly you mentioned but I think that using session variables could make a lot of problem when user wants to upload a different picture after that
anyway, would you tell me more about the details ?

Separate the form and form handler into two separate scripts.

form.php => Form
form_exec.php => Form Handler

at the top of form.php add this code:


<?php
session_start();
$secret = md5(uniqid(rand(), true));
$_SESSION['FORM_SECRET'] = $secret;
?>


Then add a hidden field anywhere in your form:


<input type="hidden" name="form_secret" id="form_secret"
value="<?php echo $_SESSION['FORM_SECRET'];?>" />



In form_exec.php use the following code:


<?php
session_start();

//Retrieve the value of the hidden field
$form_secret = $_POST['form_secret'];

if(!isset($_SESSION['FORM_SECRET'])) {
//Secret key missing
echo 'Form data has already been processed!';
exit();
}

if(strcasecmp($form_secret, $_SESSION['FORM_SECRET']) === 0) {
/*Put your form submission code here
After processing the form data,
unset the secret key from the session
*/
unset($_SESSION['FORM_SECRET']);
}else {
//Invalid secret key
}
?>

Would it not be easier just to redirect after a successful upload, say to a page called uploaded.html? Then a refresh will do nothing. For people wanting to upload another image include a link back to the first page.

Would it not be easier just to redirect after a successful upload, say to a page called uploaded.html? Then a refresh will do nothing. For people wanting to upload another image include a link back to the first page.

yes, nice and useful idea

Separate the form and form handler into two separate scripts.

form.php => Form
form_exec.php => Form Handler

at the top of form.php add this code:


<?php
session_start();
$secret = md5(uniqid(rand(), true));
$_SESSION['FORM_SECRET'] = $secret;
?>


Then add a hidden field anywhere in your form:


<input type="hidden" name="form_secret" id="form_secret"
value="<?php echo $_SESSION['FORM_SECRET'];?>" />



In form_exec.php use the following code:


<?php
session_start();

//Retrieve the value of the hidden field
$form_secret = $_POST['form_secret'];

if(!isset($_SESSION['FORM_SECRET'])) {
//Secret key missing
echo 'Form data has already been processed!';
exit();
}

if(strcasecmp($form_secret, $_SESSION['FORM_SECRET']) === 0) {
/*Put your form submission code here
After processing the form data,
unset the secret key from the session
*/
unset($_SESSION['FORM_SECRET']);
}else {
//Invalid secret key
}
?>

Thank you, the problem solved