PHP 即使文件 upload/field 元素被禁用,脚本也会插入

PHP Script insert even if file upload/field element is disabled

您好,我似乎无法确定问题所在。我有一个包含元素的表单。你能检查一下脚本吗?我只知道它缺少一些东西,但像我这样的菜鸟不知道。 Basically when the Smart Money radio button is selected, the BPI is disabled,and vice versa.它应该在数据库中插入数据输入。如果选择的无线电 btn 是 BPI,它工作正常,但如果选择智能货币并且用户输入数据并且禁用 BPI/file 上传,它不会在数据库中插入任何内容。你能告诉我该怎么做我认为脚本有点放错了,因为查询在文件上传脚本下面。我认为当 upload/that 选项没有被禁用时它不会插入任何东西。我猜是文件上传脚本干扰了。

PHP:

if(isset($_FILES['filename'])){
    $errors = array();
    $file_name = $_FILES['filename']['name'];
    $file_size =$_FILES['filename']['size'];
    $file_tmp =$_FILES['filename']['tmp_name'];
    $file_type=$_FILES['filename']['type'];   
    $file_ext=strtolower(end(explode('.',$_FILES['filename']['name'])));


    $expensions= array("jpeg","jpg","png");         
    if(in_array($file_ext,$expensions)=== false){
        $errors[]="extension not allowed, please choose a JPEG or PNG file.";
    }
    if($file_size > 2097152){
        $errors[]='File size must be excately 2 MB';
    }          

    // if no error...     
    if (empty($errors)==true) {

        // upload the file...
        move_uploaded_file($file_tmp,"uploads/".$file_name);

        $servername = "localhost";
        $username = "root";
        $password = " ";
        $dbname = "admin";

        // create new record in the database
        include ("dbinfo.php");

        mysql_query("INSERT INTO payment_form (Tracking, date, mode, ContactNo, totalsent, datesent, filename) VALUES ('$transactionNo', NOW(), '$rad', '$contactNo', '$totalSent', '$dateSent', '$file_name')") ;

        header('Location: paymentform_success.php');
    }else{
        print_r($errors);
    }
}

表格:

<form name="form" method="POST" enctype="multipart/form-data">
<table width="416" height="245" border="1" align="center">
<tr>
<td colspan="2">Transaction No: <input type="text" name="transaction_no" id="transaction_no" /> </td>
</tr>
<tr>
<td colspan="2" align="center">Please select the mode of payment</td>
</tr>
<tr>
<td width="183" align="center"><input name="rad" type="radio" onclick="enableField(this)" value="Smart Money"> 
Smart Money</td>
<td width="201" align="center"><input name="rad" type="radio" onclick="enableField(this)" value="BPI"> BPI Bank Deposit</td>
</tr>
<tr>
<td align="center"><input name="contactno" type="text" disabled="disabled" id="contactno"></td>
<td align="center"><input name="filename" type="file" id="filename" disabled="disabled"/></td>
</tr>
<tr>
<td>Total amount sent:</td>
<td>&nbsp;<input type="text" name="totalsent" id="totalsent" /></td>
</tr>
<tr>
<td>Date sent:</td>
<td>&nbsp;<input type="text" name="datesent" id="datesent" /></td>
</tr>
<tr>
<td colspan="2" align="center"><input name="submit" type="submit" id="submit" value="Submit" /></td>
</tr>
</table>
<input type="hidden" name="MM_insert" value="form" />

</form>

JS disable/enable

<script type="text/javascript">
function enableField(obj){
    var form=obj.form;
    var txtNames=['contactno','filename'], f;
    var rads=document.getElementsByName(obj.name), r, i=0;
    while(r=rads[i++]){
        f=form[txtNames[i-1]];
        if(r.checked){
            f.removeAttribute('disabled');
            f.focus();
        }
        else{
            f.value='';
            f.setAttribute('disabled','disabled')
        }
    }
}
</script>

if(isset($_FILES['filename'])) 块之外执行 INSERT

if (isset($_POST['submit'])) {
    $errors = array();
    if (isset($_FILES['filename'])) {
        $file_name = $_FILES['filename']['name'];
        $file_size =$_FILES['filename']['size'];
        $file_tmp =$_FILES['filename']['tmp_name'];
        $file_type=$_FILES['filename']['type'];   
        $file_ext=strtolower(end(explode('.',$_FILES['filename']['name'])));

        $expensions= array("jpeg","jpg","png");         
        if(in_array($file_ext,$expensions)=== false){
            $errors[]="extension not allowed, please choose a JPEG or PNG file.";
        }
        if($file_size > 2097152){
            $errors[]='File size must be excately 2 MB';
        }          

        // if no error...     
        if (empty($errors)==true) {

            // upload the file...
            move_uploaded_file($file_tmp,"uploads/".$file_name);

        }else{
            print_r($errors);
        }
    } else {
        $file_name = '';
    }

    if (empty($errors)) {
        $servername = "localhost";
        $username = "root";
        $password = " ";
        $dbname = "admin";

        // create new record in the database
        include ("dbinfo.php");

        $transactionNo = $_POST['transaction_no'];
        $rad = $_POST['rad'];
        $contactNo = $_POST['contactno'];
        $totalSent = $_POST['totalsent'];
        $dateSent = $_POST['datesent'];

        mysql_query("INSERT INTO payment_form (Tracking, date, mode, ContactNo, totalsent, datesent, filename) VALUES ('$transactionNo', NOW(), '$rad', '$contactNo', '$totalSent', '$dateSent', '$file_name')") ;

        header('Location: paymentform_success.php');
    }
}