The upload script I'm using performs successfully in Google, but not in IE or FF. In Google, it doesn't fill the box with the path(see image), but it shows a message of successful upload. In IE, it fills the box with the path, but the path begins with C:\fakepath\... and doesn't upload or show unsuccessful upload message. In FF, my computer shows something's uploading, but it doesn't appear in AmazonS3 nor does it fill the box, or show any message. I'm not interested in starting over with a different script, I'd just like to get some suggestions/ideas/remedy for this one, please. Thanks for any help <?php session_start(); require_once 'phps3integration_lib.php'; $message = ""; if (@$_POST['submit'] != "") { $allowed_ext = array("gif", "jpeg", "jpg", "png", "pdf", "doc", "docs", "zip" , "mov", "flv", "mp4", "3gp", "); $extension = end(explode(".", $_FILES["fileBrowser"]["name"])); if (($_FILES["fileBrowser"]["size"] < 10485760) && in_array($extension, $allowed_ext)) { if ($_FILES["fileBrowser"]["error"] > 0) { //$message.="There is some error in upload, see: " . $_FILES["fileBrowser"]["error"] . "<br>";//Enable this to see actual error $message.="There is some error in upload. Please try after some time."; } else { $uploaded_file = uploaded_file_to_s3($_FILES["fileBrowser"], "uploads", true); if ($uploaded_file != FALSE) { $user_name = @$_POST['user_name'] != "" ? @$_POST['user_name'] : "Anonymous"; $form_data = array( 'file' => $uploaded_file, 'user_name' => $user_name, 'type' => 'file' ); mysql_query("INSERT INTO `phps3files` (`id`, `file`, `user_name`, `type`) VALUES (NULL, '" . $uploaded_file . "', '" . $user_name . "', 'file')") or die(mysql_error()); $message.= "File Successfully Uploaded."; } else { $message.="There is some error in upload. Please try after some time."; } } } else { $message.= "Upload Unsuccessful. Please Contact Administrator"; } } ?> <?php require_once 'header.php'; ?> <html> <head><br /><br /><br /> <font size="6" color="#c53800"><b>Upload:</b></font><br /><br /> </head> <style> button { background: #bi4e4e; color: red; } </style> <body> <?php require_once 'header.php'; ?> <!--<fieldset>--> <form action="upload_file.php" method="post" enctype="multipart/form-data"> <div class="control-group"> <label for="file" class="control-label"><font size="6" color="#454545"><b>Choose a file to upload:</b></font></label> <button type="button" onclick="getFilePathFromDialog();">ChooseFile</button> <input type="text" id="filePath" name="filePath"/><br /> <input type="file" id="fileBrowser" name="fileBrowser"style="visibility:hidden; display:none;" /> <?php //echo form_error('file'); ?> </div> <script> function getFilePathFromDialog() { document.getElementById('fileBrowser').click(); document.getElementById('filePath').value = document.getElementById('fileBrowser').value; } </script> </html> <div class="control-group"> <label></label> <div class='controls'> <input type="image" src="/images/upload.png" name="submit" value="Upload"> </div> </div> </form> <?php if ($message != "" || @$_SESSION['message'] != "") { ?> <div class="alert alert-success"> <?php echo $message; ?> <?php echo @$_SESSION['message']; @$_SESSION['message'] = ''; ?> </div> <?php } ?> <div> </div> <?php require_once 'footer.php'; ?> PHP:
You really SHOULD start over. That is some real mess you've got there. Javascript where none is needed, onclick() events where definitely none are needed, no security whatsoever...
As it has already been advised to rewrite the code because its a mess but to answer your question. DOM Specification: click() method Simulate a mouse-click. For INPUT elements whose type attribute has one of the following values: "button", "checkbox", "radio", "reset", or "submit". So click() method only works on the above listed input types and it seems chrome is not adhering to standards supporting your method.
The others have told you something's wrong, but not really a breakdown of what -- so let's do that. First off, yeah, it's bad. The code looks kinda slapped together from snippets -- some of which I even recognize from certain really bad tutorials. A big problem is you're @ hiding errors instead of using the proper functions -- 'isset' and 'empty'. You should really NEVER use @, to just blindly hide errors. Code like that just fills up error logs so quickly, that often it will bury the server you're running it on. (I've seen it happen -- see "ubbThreads" as an example of such hideous code.) You're brute forcing values that PHP already has functions to do. See: $extension = end(explode(".", $_FILES["fileBrowser"]["name"])); Code (markup): $extension = pathinfo($_FILES['fileBrowser']["name"], PATHINFO_EXTENSION); Code (markup): Don't brute force what PHP can already do. You're not checking a whole slew of values you really should be with an upload... like if $_FILES['fileBrowser'] even exists, if ['errror'] is an array which you should throw an error on since there's a vulnerabiltiy in multi-file upload... and even in testing you should be testing for UPLOAD_ERR_OK, NOT greater than zero on the error code. I don't know what this phps3 thing is, but the code you're using in relation to it is a bit terrifying. No sanititation and to be frank, this is 2014, not 2006 -- you shouldn't still be using the mysql_ functions. Hence the GIANT RED WARNING BOXES IN THE MANUAL!!! -- so that whole section of code needs to go. Once we get down to the markup it's even worse, as that HTML is outright gibberish -- on top of the tags like FONT that have no business in any markup written after 1997, you have CDATA and body only tags inside HEAD -- you can't put FONT, B, BR or any other content tag between <head> and </head>! See this reference page for HEAD: http://htmlhelp.com/reference/html40/head/head.html Paying particular attention to "contents". HEAD in a HTML document is for NON-RENDERING stuff like the TITLE (shown on the title-bar or as the text of the link on a search engine). Your markup reeks of being -- well, sadly what I expect from most people making PHP and throwing JS at non-JS stuff -- built by someone who doesn't know enough about HTML to be writing PHP or JavaScript. It's malformed, incomplete gibberish, and to be frank I'd be shocked if it works in ANY browser. I mean, where's your fieldsets? Why are you putting font inside a perfectly good LABEL tag like it's 1997? Is that a literary title or proper name? No? Then why are you putting the bold tag on it? What's this button crap when you've got a perfectly good INPUT below it? Much less the scripting that follows is broken gibberish. document.getElementById('filePath').value = Code (markup): Equals WHAT?!? document.getElementById('fileBrowser').value; Code (markup): value is not a function, you aren't assigning it to anything or testing anything with it, what is it you expect that line to even do? Keep in mind the unwritten rule of JavaScript -- if you can't make a page that's fully functional without JavaScript FIRST, you likely have no business adding JavaScript to it! Even the simple PHP is equally banjaxed... though it does a great job of proving why I think <?php <?= and ?> should be stricken from PHP entirely. I mean this: <?php if ($message != "" || @$_SESSION['message'] != "") { ?> <div class="alert alert-success"> <?php echo $message; ?> <?php echo @$_SESSION['message']; @$_SESSION['message'] = ''; ?> </div> <?php } ?> <div> Code (markup): I see code like that, my arm whips-up into knife-hand ready to deliver a pimp slap -- ESPECIALLY when I see <?php echo inside an IF. Much less again those stupid malfing error suppressions. Should probably look something more like this: <?php if (!empty($message) || ( isset($_SESSION['message']) && !empty($_SESSION['message']) )) echo ' <div class="alert alert-success"> ', $message, ' isset($_SESSION['message']) ? $_SESSION['message'] : '' <!-- .alert.alert-success --></div>'; ?> <div> Code (markup): If you're going to have a PHP code block, have a PHP code block and don't open/close PHP for no good reason. Really as others said, it needs a complete toss and start over from scratch -- the difference is, I just told you WHY. It's a laundry list of how not to write JavaScript, how not to write PHP, and how not to write HTML. You claim it works somewhere? I have SERIOUS doubts about that!
In Javascript you can't have multiple lines of code, strings, etc.. without some sort of newline identifier. In your case, change: document.getElementById('fileBrowser').click(); document.getElementById('filePath').value = document.getElementById('fileBrowser').value; Code (markup): To: document.getElementById('fileBrowser').click(); document.getElementById('filePath').value = document.getElementById('fileBrowser').value; Code (markup): Additionally, if you set visibility/display to false in CSS, most browsers (not sure why Chrome is letting you) will not let you trigger the click event as you want above for security purposes, else use a small hack to take the input out of the screen. Other hacks including setting the opacity to 0, size change, etc.. Change: <input type="file" id="fileBrowser" name="fileBrowser"style="visibility:hidden; display:none;" /> Code (markup): To: <input type="file" id="fileBrowser" name="fileBrowser"style="position:absolute; top:-100px;" /> Code (markup): This should fix the issue you have, however, I strongly suggest that you follow the above suggestions in making your code more efficent and secure.