Uploading Image using PHP and mySQL
Uploading Image using PHP and mySQL
am 19.02.2008 00:43:04 von Nasreen Laghari
--0-628343493-1203378184=:56759
Content-Type: text/plain; charset=us-ascii
Hi All,
First of all A very big thank you to all of you for solving my Password() encryption problem.
Now I'm stuck on new problem which is image not uploading. I'm using the following code.
Regards
Nasreen
include ("header.php");
include ("dbconnect.php");
$submit=$_REQUEST["submit"] ;
$aname=$_REQUEST["aname"];
$aboutu=$_REQUEST["urself"];
$file=$_REQUEST["file"];
$url_provided = $_REQUEST["url_provided"];
echo($aname);
if ($submit == "Sign!")
{
function getImageFile($file){
$takeFile = fopen($file, "r");
$file = fread($takeFile, filesize($file));
fclose($takeFile);
return $file;
}
function getfileType( $name ){
$name = explode(".", $name);
$name = array_reverse($name);
$name = $name[0];
return $name;
}
$allowedImageTypes = array("gif","jpg","png");
if(empty($_FILES['image_file']['tmp_name'])){
echo "File not uploaded";
}
else {
$fileType = $_FILES['file']['name'];
if(in_array(getfileType($fileType), $allowedImageTypes)){
$fileContent = getImageFile($_FILES['file']['tmp_name']);
$uploadedImage = chunk_split(base64_encode($fileContent));
$query = "INSERT INTO artist (name,about_u,imgdata, profile_url) VALUES('$aname','$aboutu','$uploadedImage','$url_provided')" ;
$result = mysql_query($query);
if(mysql_affected_rows() > 0){
echo "Image has been inserted succesfully";
}
else {
echo "Image can not be inserted check your submission";
}
}
else {
echo "This is not a true image type";
}
}
}
?>
____________________________________________________________ ________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
--0-628343493-1203378184=:56759--
Re: Uploading Image using PHP and mySQL
am 19.02.2008 00:56:47 von dmagick
Nasreen Laghari wrote:
> Hi All,
>
> First of all A very big thank you to all of you for solving my Password() encryption problem.
>
> Now I'm stuck on new problem which is image not uploading. I'm using the following code.
Which bit breaks exactly? Nobody's going to read through 200 lines of code..
$query = "INSERT INTO artist (name,about_u,imgdata, profile_url)
VALUES('$aname','$aboutu','$uploadedImage','$url_provided')" ;
You have an sql injection problem here. Read up about that on the
phpsec.org site:
http://phpsec.org/projects/guide/3.html#3.2
and a really good basic guide here:
http://unixwiz.net/techtips/sql-injection.html
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: Uploading Image using PHP and mySQL
am 19.02.2008 16:42:06 von parasane
On Feb 18, 2008 6:56 PM, Chris wrote:
> Which bit breaks exactly? Nobody's going to read through 200 lines of code..
Normally, you're right.... but today I did just to be a jerk and
prove you wrong. ;-P
> Nasreen Laghari wrote:
> > Hi All,
> >
> > First of all A very big thank you to all of you for solving my Password() encryption problem.
> >
> > Now I'm stuck on new problem which is image not uploading. I'm using the following code.
[snip!]
$allowedImageTypes = array("gif","jpg","png");
if(empty($_FILES['image_file']['tmp_name'])){
echo "File not uploaded";
}
else {
$fileType = $_FILES['file']['name'];
if(in_array(getfileType($fileType), $allowedImageTypes)){
[snip!]
Nasreen,
The above code depends on two things:
a.) The getfiletype() response exactly matches at least one of
the entries in the array $allowedImageTypes
b.) The response and array entry are matched cAsE-sEnSiTiVeLy
If you're uploading an image that was created in Windows Paint,
for example, the extension will be CAPITALIZED (imagename.JPG) by
default. Try using a strtolower() in your getfiletype() function to
see if it clears things up.
>
>
> $query = "INSERT INTO artist (name,about_u,imgdata, profile_url)
> VALUES('$aname','$aboutu','$uploadedImage','$url_provided')" ;
>
> You have an sql injection problem here. Read up about that on the
> phpsec.org site:
>
> http://phpsec.org/projects/guide/3.html#3.2
>
> and a really good basic guide here:
>
> http://unixwiz.net/techtips/sql-injection.html
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Daniel P. Brown
Senior Unix Geek
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: Uploading Image using PHP and mySQL
am 19.02.2008 16:43:17 von parasane
On Feb 18, 2008 6:56 PM, Chris wrote:
> $query = "INSERT INTO artist (name,about_u,imgdata, profile_url)
> VALUES('$aname','$aboutu','$uploadedImage','$url_provided')" ;
>
> You have an sql injection problem here. Read up about that on the
> phpsec.org site:
>
> http://phpsec.org/projects/guide/3.html#3.2
>
> and a really good basic guide here:
>
> http://unixwiz.net/techtips/sql-injection.html
And in addition to the links Chris suggested, also RTFM on
mysql_real_escape_string(). It'll be your new best friend (unless
you're already using mysqli).
--
Daniel P. Brown
Senior Unix Geek
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php