Hii Alesandro, In some website there were mentioned that to create a pure AJAX file upload system is not possible because of security limitations of JavaScript (http://www.ajaxf1.com/tutorial/ajax-file-upload-tutorial.html; http://www.ehow.com/how_7172580_upload-files-using-ajax.html). So you can use jQuery libraries together with iframes in your page's HTML to upload the image while remaining on the same page.
Read more: How to Upload Images Using Ajax | eHow.com http://www.ehow.com/how_7538791_upload-images-using-ajax.html#ixzz18oG3Qrxh Alessandro Pastore wrote: > > Hi all > > I am working on a modified version of digitizepoint plugin and want to > upload some image files when inserting a point. > the form is enctype="multipart/form-data". > > the link is > http://www.simsity.it/pmapper/PPBwebgis.phtml > the correct plugin is the red pencil > > the code is ok but I don't have the uploaded files > I know that it seems not to be a pmapper related problem but I'm missing > something about the use of variables, in fact $_POST[] and, more > important, $_FILES[] are empty. > > I try to explain the code > After the form is submitted all the the fields in the table are > correctly filled, after this the script creates a subdir with the name > of the 'gid' value of the table and two subdirs (one for file) under the > 'gid' directory newly created. > then using the PHP move_uploaded_file() function the files doesn't get > copied in the subdirs. > Note that the same code out of pmapper works correctly. > > follows the code, the table name is 'poippb' with this schema: > gid | integer | not null default > nextval('poippb_gid_seq'::regclass) > nome | character varying(20) | > descrizione | text | > giudizio | integer | > file1 | character varying(200) | > file2 | character varying(200) | > link1 | character varying(200) | > video | character varying(2000) | > autore | character varying(100) | > mail | character varying(100) | > infoautore | character varying(1000) | > utente | character varying(30) | > ip | character varying(15) | > the_geom | geometry > > > the code: > <?php > //------------------------------------------------------------------------- > // This file is part o digitizepoints, a plugin for p.mapper. > // It allow to digitize points into a PostgreSQL/PostGIS table. > // See http://www.pmapper.net/ > // > // Copyright (C) 2009 Niccolo Rigacci, Thomas Raffin > // > // This program is free software: you can redistribute it and/or modify > // it under the terms of the GNU Affero General Public License as > // published by the Free Software Foundation, either version 3 of the > // License, or (at your option) any later version. > // > // This program is distributed in the hope that it will be useful, > // but WITHOUT ANY WARRANTY; without even the implied warranty of > // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > // GNU Affero General Public License for more details. > // > // You should have received a copy of the GNU Affero General Public > License > // along with this program. If not, see <http://www.gnu.org/licenses/>. > // > // Authors: Niccolo Rigacci <nicc...@rigacci.org> > // Thomas Raffin > //------------------------------------------------------------------------- > // alex > > //http://www.sv-design.org/blog/php-thumbandcrop-resize-crop-immagini-con-php/ > // includo la classe > // require_once("../../incphp/thumbncrop.inc.php"); > //valorizzo la variabile > // $tb = new ThumbAndCrop(); > > > // prevent XSS > if (isset($_REQUEST['_SESSION'])) exit(); > session_start(); > > // If plugin is not activated, do not execute. > if (!isset($_SESSION['pointinfo_activated']) or > !$_SESSION['pointinfo_activated']) { > exit(); > } > > > require_once($_SESSION['PM_INCPHP'] . '/common.php'); > require_once($_SESSION['PM_INCPHP'] . '/globals.php'); > require_once('DB.php'); > require_once('include.php'); > require_once('include_conf.php'); > > // TODO: > // * Now the pkey must be numeric, add proper escaping if needed. > // * Trap errors on fetchRow, when getting lon/lat of existing point. > > $distance = 'st_distance'; // Name for 'SELECT ... AS', must not > conflict with other table fields. > $prefix = '__db'; // Prefix for database fields used into > the html form. > > print "<html>\n"; > print "<head>\n"; > print "</head>\n"; > print "<body>\n"; > > $lon = (float)$_REQUEST['lon']; > $lat = (float)$_REQUEST['lat']; > > //------------------------------------------------------------------------ > // Connect to the database. > //------------------------------------------------------------------------ > $db = DB::connect($dsn, true); > if (DB::isError($db)) die ($db->getMessage()); > > > //------------------------------------------------------------------------ > // What to do? > //------------------------------------------------------------------------ > $action = isset($_REQUEST['__action']) ? $_REQUEST['__action'] : false; > switch($action) { > > //-------------------------------------------------------------------- > // Do insert. > //-------------------------------------------------------------------- > case 'insert': > // Get all the fields from the web form. > list($columns, $values) = get_columns_and_values($_REQUEST, > $prefix, $db); > // Add the geometry. > $val = sprintf('ST_SetSRID(ST_MakePoint(%f, %f), %d)', $lon, > $lat, $srid_map); > if ($srid_geom != $srid_map) $val = "ST_Transform($val, > $srid_geom)"; > array_push($columns, $the_geom); > array_push($values, $val); > // Make the SQL statement. > $sql = 'INSERT INTO ' . $db_table . ' (' . implode(', ', > $columns) . ')'; > $sql .= ' VALUES (' . implode(', ', $values) . ')'; > //$sql = 'INSERT INTO poippb (colonne, a,b,c) values (valori, a,b,c)'; > > $result = $db->query($sql); > if (DB::isError($result)) { > print "Errore di inserimento eseguendo " . > my_html($sql) ."<p>\n"; > die ($result->getMessage()); > } else { > msg_and_close(_p('Inserimento avvenuto con successo.')); > } > //$estrae "select gid,video, ECC FROM poippb WHERE > //ciclo > // colonna='valore' AND colonna='valore' > $query = "SELECT max(gid) AS maximo FROM poippb"; > $res = $db->query($query); > if (DB::isError($res)) { > print "Errore di estrazione eseguendo " . > my_html($query) ."<p>\n"; > die ($res->getMessage()); > } else { > //msg_and_close(_p('Inserimento avvenuto con successo.')); > } > $rec = $res->fetchRow(DB_FETCHMODE_ASSOC); > $GID = $rec[maximo]; > > //-------------------------------------------------------------------- > // crea dir e sottodir e upload file utenti > //-------------------------------------------------------------------- > > $uploaddir = '/var/www/simsity.it/file_utenti/ppb/'; > // creare sottodir > $DIR = $uploaddir . "$GID"; > $DIR1 = $uploaddir . "$GID" . "/1/"; > $DIR2 = $uploaddir . "$GID" . "/2/"; > echo "DIR: $DIR<hr>DIR1: $DIR1<hr>DIR2: $DIR2<hr>"; > echo "QUERY: $query<hr>"; > > mkdir("$DIR", 0777); > mkdir("$DIR1", 0777); > mkdir("$DIR2", 0777); > //$uploadfile1 = $DIR1 . basename($_FILES['_c_file1']['name']); > //$uploadfile2 = $DIR2 . basename($_FILES['_c_file2']['name']); > $uploadfile1 = $DIR1 . $_REQUEST['__db_c_file1']; > $uploadfile2 = $DIR1 . $_REQUEST['__db_c_file2']; > echo "<script langauge=\"javascript\">alert(\" " .$DIR. > " " .$DIR1. > " " .$DIR2. > " " .$uploadfile1. > " " .$uploadfile2. > " " .$GID."\");</script>"; > > if (move_uploaded_file($_REQUEST['__db_c_file1'], $uploadfile1)) { > echo "$uploadfile1 - File is valid, and was successfully > uploaded.\n"; > } else { > echo "Possible file upload attack!\n"; > } > if (move_uploaded_file($_REQUEST['__db_c_file2'], $uploadfile2)) { > echo "File is valid, and was successfully uploaded.\n"; > } else { > echo "Possible file upload attack!\n"; > } > foreach ($_REQUEST as $valore) { > echo "a $valore<br/>"; // 4 e 5 > } > //-------------------------------------------------------------------- > // taglia, thumba e salva le immagini > //-------------------------------------------------------------------- > ### per alex: non sono riuscito a farla funzionare > ### e non crea + le dir per i files > # $tb->openImg($uploadfile1); > # $newHeight = $tb->getRightHeight(100); > # $tb->creaThumb(100, $newHeight); > # $tb->saveThumb($DIR1 . '/cropthumb.jpg'); > > //echo 'Here is some more debugging info:'; > //print_r($_FILES); > print "</pre>"; > if (!$result) { > print "Error executing statement: " . $sql ."<p>\n"; > die ($result->getMessage()); > } else { > msg_and_close(_p('Insert successful.')); > } > //echo $VIDEO; > break; > > //-------------------------------------------------------------------- > // Get points near the clik and get table info. > //-------------------------------------------------------------------- > default: > $point = sprintf("ST_PointFromText('POINT(%f %f)', %d)", $lon, $lat, > $srid_map); > $geom_ll = $the_geom; > // Function ST_Distance_Sphere() requires EPSG:4326 lon/lat > points. > if ($srid_map != 4326) $point = "ST_Transform($point, 4326)"; > if ($srid_geom != 4326) $geom_ll = "ST_Transform($the_geom, > 4326)"; > > > $sql = 'SELECT *, ST_Distance_Sphere(%s, %s) AS %s'; > // $sql = 'SELECT *, ST_Distance(%s, %s) AS %s'; > $sql .= ' FROM %s WHERE ST_Distance_Sphere(%s, %s) < %f'; > $sql .= ' ORDER BY %s'; > $sql = sprintf($sql, $geom_ll, $point, $distance, $db_table, > $geom_ll, $point, $tolerance, $distance); > > $result = $db->query($sql); > if (DB::isError($result)) die ($result->getMessage()); > $tableinfo = $result->tableInfo(); > // If there is a near point, we will do an update. > if (!isset($_REQUEST['addnew']) and $result->numRows() > 0) { > $record = $result->fetchRow(DB_FETCHMODE_ASSOC); > $point = $the_geom; > if ($srid_geom != $srid_map) $point = "ST_Transform($point, > $srid_map)"; > $sql = 'SELECT ST_X(%s), ST_Y(%s) FROM %s WHERE %s = %s'; > $sql = sprintf($sql, $point, $point, $db_table, $pkey, > $record[$pkey]); > list($point_lon, $point_lat) = > $db->query($sql)->fetchRow(DB_FETCHMODE_ORDERED); > $new_record = false; > $action = 'update'; > $id = $record[$pkey]; > //-------------------------------------------------------------------- > // inizio definizioni record PPB > //-------------------------------------------------------------------- > $video = $record[video]; > $media1 = $record[file1]; > $media2 = $record[file2]; > $link1 = $record[link1]; > $nome = $record[nome]; > $descrizione = $record[descrizione]; > //-------------------------------------------------------------------- > // visualizza immagine a seconda del giudizio sul puntoPPB > //-------------------------------------------------------------------- > if ( $record[giudizio]== '0' ) { > $GIUD = "Bene del Paesaggio"; > $GIUDIMG = " /img/PPB0.gif "; > } > elseif ( $record[giudizio]== '1' ) { > $GIUD = "Migliorabile"; > $GIUDIMG = " /img/PPB1.gif "; > } > else { //2 > $GIUD = "Offesa al Paesaggio"; > $GIUDIMG = " /img/PPB2.gif "; > } > $pippo = substr($media1, -3, 3); > if ( substr($media1, -3, 3)=="jpg" ) { > $MEDIA1 =" ../file_utenti/ppb/$id/1/$record[file1] > ../file_utenti/ppb/$id/1/thumb.jpg > "; > } > elseif ( substr($media1, -3, 3)=="mp3" ) { > $MEDIA1 =" ../file_utenti/ppb/$id/1/$record[file1] > Audio (1) "; > } > else { > $MEDIA1 ="! $media1 !"; > } > > //$DIV_video="<div style='border: 1px solid blue; width: > 350px; height: 260px'; padding 5px'>"; > //$DIV_descrizione = "<div style='border: 1px solid red; > width: 350px; height: 260px'; padding 5px'>"; > > echo "<div class='infopointcontaniner' > id='infopointcontaniner'> > <div class='giudimg' id='giudimg'> $GIUDIMG</div> > <div class='giudizio' id='giudizio'>giudizio</div> > <div class='giud' id='giud'>$GIUD</div> > <div class='coordinate' > id='coordinate'>lon:$lon lat:$lat</div> > <div class='nome' id='nome'>nome: $nome</div> > <div class='descrizione' > id='descrizione'>descrizione: $descrizione</div> > <div class='media1' id='media1'>$MEDIA1</div> > <div class='media2' id='media2'>$MEDIA2</div> > <div class='video' id='video'>$video</div> > <div class='id' id='id'>(id:$id)</div> > <div class='segnalato' id='segnalato'>Segnalato da: > $record[autore]</div> > </div>"; > > > } else { > list($point_lon, $point_lat) = array($lon, $lat); > $new_record = true; > $action = 'insert'; > $id = ''; > // tolgo la form dal caso in cui i dati ci siano gia'} > > > //------------------------------------------------------------------------ > // Display the insert/update form. > > //------------------------------------------------------------------------ > $html = ''; > $heading = ($new_record) ? _p('Inserisci un nuovo punto') : > _p('Update point'); > $html .= '<h2>' . $heading . "</h2>\n"; > $html .= '<form id="pointinfo_form" name="inputform" > enctype="multipart/form-data" > method="post" action="' . > $_SERVER['SCRIPT_NAME'] . '">' . "\n"; > $html .= '<input type="hidden" name="__action" value="' . > $action . "\">\n"; > $html .= '<input type="hidden" name="__id" id="point_id" > value="' . my_html($id) . "\">\n"; > $html .= '<input type="hidden" name="__click_lon" id="click_lon" > value="' . my_html($lon) . "\">\n"; > $html .= '<input type="hidden" name="__click_lat" id="click_lat" > value="' . my_html($lat) . "\">\n"; > $html .= '<input type="hidden" name="MAX_FILE_SIZE" value="1000000" > />'. "\n"; > > > // Display the form for record insert/update. > $html .= "<table>\n"; > > // Display the form for record insert/update. > $html .= "<tr><td>Nome breve</td><td><input type='text' id='text1' > name='__db_c_nome' maxlength='20' class='required'/></td></tr>\n"; > $html .= "<tr><td valign='top'>Descrizione</td><td><textarea > name='__db_c_descrizione' cols='40' rows='2'></textarea></td></tr>\n"; > $html .= "<tr><td>Il tuo giudizio</td><td> > <select name='__db_n_giudizio'> > <option value='' selected='yes'>Scegli...</option>\n > <option value='0'>Bellissimo</option>\n > <option value='1'>Migliorabile</option>\n > <option value='2'>Tragico</option>\n > </select></td></tr>\n"; > $html .= "<tr><td>Foto o mp3</td><td><input type='file' > name='__db_c_file1' size='36'></td></tr>\n"; > $html .= "<tr><td>Foto o mp3</td><td><input type='file' > name='__db_c_file2' size='36'></td></tr>\n"; > $html .= "<tr><td>Link</td><td><input type='text' > name='__db_c_link1' size='36'></td></tr>\n"; > $html .= "<tr><td>Link You Tube</td><td><input type='text' > name='__db_c_video' size='36'></td></tr>\n"; > $html .= "<tr><td>Il tuo nome</td><td><input type='text' > name='__db_c_autore' size='36'></td></tr>\n"; > $html .= "<tr><td>la tua mail (privacy)</td><td><input type='text' > name='__db_c_mail' size='36'></td></tr>\n"; > $html .= "<tr><td valign='top'>Parlaci di te</td><td><textarea > name='__db_c_infoautore' cols='40' rows='2'></textarea></td></tr>\n"; > > > > > > // Input fields for longitude and latitude. > $html .= '<tr><th>' . _p('Longitudine') . '</th><td > align="right">'; > $html .= sprintf('<input type="text" size="36" name="lon" > value="%s" readonly="yes">', my_html($point_lon)); > $html .= "</td></tr>\n"; > $html .= '<tr><th>' . _p('Latitudine') . '</th><td > align="right">'; > $html .= sprintf('<input type="text" size="36" name="lat" > value="%s" readonly="yes">', my_html($point_lat)); > $html .= "</td></tr>\n"; > > $addnew_url = sprintf('?addnew=yes&lon=%f&lat=%f', $lon, $lat); > $delete_url = sprintf('?__action=delete&__id=%d', my_html($id)); > $disabled = $new_record ? 'disabled' : ''; > > $html .= "<tr><th> </th><td>\n"; > $html .= '<input type="button" class="primaryAction" value="' . > _p('INSERISCI') . "\" onClick=\"javascript: > PM.Plugin.pointinfo.pntSave();\" />\n"; > $html .= '<input type="button" value="' . _p('ANNULLA') . "\" > onClick=\"javascript: PM.Plugin.pointinfo.closeDlg();\" />\n"; > $html .= "<p>\n"; > // $html .= '<input type="button" value="' . _p('Delete > point') . '" onClick="javascript: if (!confirm(\'Delete > point?\')) return false; PM.Plugin.pointinfo.pntDelete();"' . $disabled > . ">\n"; > // $html .= '<input type="button" value="' . _p('Do not edit, add > new') . '" onClick="javascript: PM.Plugin.pointinfo.pntAddNew();"' . > $disabled . ">\n"; > $html .= "</td>\n"; > $html .= "</table>\n"; > $html .= "</form>\n"; > $html .= "</body>\n"; > $html .= "</html>\n"; > > echo $html; > > //inserisco fine else non esiste gia' > } > break; > } > > $db->disconnect(); > > > thanks in advice > alessandro e carlo > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > pmapper-users mailing list > pmapper-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/pmapper-users > > -- View this message in context: http://old.nabble.com/digitizepoint-and-upload-files-tp28098191p30511727.html Sent from the pmapper users mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Forrester recently released a report on the Return on Investment (ROI) of Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even within 7 months. Over 3 million businesses have gone Google with Google Apps: an online email calendar, and document program that's accessible from your browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew _______________________________________________ pmapper-users mailing list pmapper-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/pmapper-users
