Viewing Topic: bs0d, and many
other masters,
please help. |
firers3 |
Subject: "bs0d, and many
other masters,
pleas..."
Posted: @ 4:07 am on Jul 04 2008 |
|
|
Member #: 714 Rank: user - (11) Since: 07/04/08 Posts: 11
|
Hi,
I am a new
learner for
PHP, I have
followed bs0d's
tutorial and
set up
membership
system
already:D. Now
I am following
the tutorial
"Uploading
Image Files
with PHP"
and create a
table
"Images&qu
ot; with id,
user_id,
image_name,
user_images .
With the code
from the
tutorial, I
have not
problem
uploading files
into a
designated
folder but I
really could
not figure out
why the
table("Ima
ges) in my
database is
always empty
and nothing can
be inserted
after I
uploaded a
file/photo. do
I missing
something or
something wrong
:| ? I will
attach my code
here anyone
please gives me
a hand. Thanks
lot.
Code:
if(isset($_POS
T['submit'])) {
//see if submit
button is
pressed.
}
//check if they
decided to
upload a
pic:
if($_FILES['use
rfile']['size']
> 1) {
$max_size =
"100000&qu
ot;;
$max_height =
"300"
;
$max_width =
"300"
;
$info =
getimagesize($_
FILES['userfile
']['tmp_name'])
;
//check
file-size (in
bytes):
if(filesize($_F
ILES['userfile'
]['size'] >
$_POST['MAX_FIL
E_SIZE']) ||
filesize($_FILE
S['userfile']['
size'] >
$max_size))
{
die("<B
R><BR>
Error: Upload
file size too
large:
(<b>"
; .
$_FILES['userfi
le']['size'] .
"</b>
;). Must not
exceed 100000
kb.");
}
//check the
extension.
$array =
explode(".
",
$_FILES['userfi
le']['name']);
$nr =
count($array);
$ext =
$array[$nr-1];<
br />
if(($ext
!="jpg&quo
t;) &&
($ext
!="jpeg&qu
ot;) &&
($ext
!="tiff&qu
ot;) &&
($ext
!="png&quo
t;))
die("<B
R><BR>
Error: file
extension
un-recognized.
Be sure your
image follows
the correct
extension
(.JPG, .TIFF or
.PNG)");
//CHECK TYPE:
(what the
browser
sent)
if(($_FILES['us
erfile']['type'
] !=
"image/jpe
g")
&&
($_FILES['userf
ile']['type']
!=
"image/pjp
eg")
&&
($_FILES['userf
ile']['type']
!=
"image/tif
f")
&&
($_FILES['userf
ile']['type']
!=
"image/png
")) {
die("<
BR><BR>
;Error: Upload
file type
un-recognized.
Only .JPG,
.TIFF or .PNG
images
allowed.")
;
}
//DOUBLE CHECK
TYPE: if image
MIME type from
GD
getimagesize()
-In case it was
a
FAKE!
if(($info['mime
'] !=
"image/jpe
g")
&&
($info['mime']
!=
"image/pjp
eg")
&&
($info['mime']
!=
"image/tif
f")
&&
($info['mime']
!=
"image/png
")) {
die("<
BR><BR>
;Error: Upload
file type
un-recognized.
Only .JPG .TIF
or .PNG images
allowed.")
;
}
//check file
size (length
& width)
if(($info[0]
>
$max_width) ||
($info[1]
>$max_height
)) {
die("<B
R><BR>
Error: Image
size error
(<b>"
; . $info[0] .
"</b>
; x
<b>"
. $info[1] .
"</b>
;). Must not
exceed ".
$max_height .
" x
".
$max_width
.".")
;
}
//rename file,
move it to
location.
if(is_uploaded_
file($_FILES['u
serfile']['tmp_
name'])) {
//get max
number of
images the user
has uploaded
$m =
mysql_query(&qu
ot;SELECT
max(user_images
) as
`total_images`
FROM `Images`
WHERE `user_id`
=
'".$_SESSI
ON['user_id'].&
quot;'");<
br />
if(!$m)
die('An Error
Occurred.');
$result
=
mysql_fetch_obj
ect($m);
if($result->
total_images
<= 0) {
$image_number =
1;
}
else {
$image_number =
$result->tot
al_images +
1;
}
//end if
$filename =
strtolower($_SE
SSION['username
']) .
$image_number;<
br />
$q =
mysql_query(&qu
ot;UPDATE
`Images` SET
user_images =
(".$filena
me.")
WHERE username
=
".$usernam
e."")
;
if(move_uploade
d_file($_FILES[
'userfile']['tm
p_name'] ,
$_SERVER['DOCUM
ENT_ROOT'].&quo
t;/incoming/&qu
ot;.$filename .
'.' . $ext))
{
echo("File
uploaded
successfully.&q
uot;);
} else {
echo("An
error occurred
while
uploading."
;);
}//end
upload
} //end
is_uploaded_fil
e
} else {
//display form
?>
<form
enctype="m
ultipart/form-d
ata"
action="&l
t;?
$_SERVER['PHP_S
ELF'];
?>"
method="po
st"
name="uplo
adImage"
/>
<input
type="hidd
en"
name="MAX_
FILE_SIZE"
value="100
000"
/>
<input
type="file
"
name="user
file"
size="35&q
uot; />
<input
type="subm
it"
name="subm
it"
value="Upl
oad
Image">
<? } //end
else
?>
|
Viewed: 23,485 Times | |  |
bs0d |
Subject: "re: bs0d, and
many other
masters, p..."
Posted: @ 8:00 pm on Jul 04 2008
|
|
|
 Member #: 1 Rank: Admin. - (1,510) Since: 02/06/05 Posts: 604 From: USA
|
In your query:
$q =
mysql_query(&q
uot;UPDATE
`Images` SET
user_images =
(".$filen
ame.")
WHERE username
=
".$userna
me."&quo
t;);
try this:
$q =
mysql_query(&q
uot;UPDATE
`Images` SET
user_images =
(".$filen
ame.")
WHERE username
=
".strtolo
wer($_SESSION[
'username']).
"");
|
Viewed: 23,472 Times | |  |
firers3 |
Subject: "re: bs0d, and
many other
masters, p..."
Posted: @ 2:07 am on Jul 05 2008
|
|
|
Member #: 714 Rank: user - (11) Since: 07/04/08 Posts: 11
|
Hi bs0d,
Thanks for
reply. I tried
your
suggestion,
still like
before. images
was uploaded to
the folder but
overwritten
again and
again. And
table
'Images'
still empty. I
am just stuck.
Hope to get
more
suggestions if
possible.
Thanks alot.
|
Viewed: 23,463 Times | |  |
bs0d |
Subject: "re: bs0d, and
many other
masters, p..."
Posted: @ 5:08 pm on Jul 05 2008
|
|
|
 Member #: 1 Rank: Admin. - (1,510) Since: 02/06/05 Posts: 604 From: USA
|
In an effort to
debug your
script, try to
print out
variables to
the screen
throughout the
script. This
will allow you
to see if any
variables are
not being set
and will help
identify the
area of the
script that
needs
attention.
|
Viewed: 23,448 Times | |  |
David1159 |
Subject: "re: bs0d, and
many other
masters, p..."
Posted: @ 4:21 am on Jul 06 2008
|
|
|
 Member #: 526 Rank: user - (81) Since: 12/27/07 Posts: 81 From: usa
|
Fixed it
and tested it,
here it is.
Works fine.
If you see a
smilie, it is
equals this )
Code:
FIND-
if(is_uploaded_
file($_FILES['
userfile']['t
mp_name'])) {
ADD AFTER-
//find if user
exists in image
table
$get =
mysql_query(&q
uot;SELECT
`user_id` FROM
`images` WHERE
`user_id` =
'".$_SES
SION['user_id
']."'&q
uot  ;
if(!$get)
die('An Error
Occurred.');
$get2
=
mysql_fetch_obj
ect($get);
if(!$get2) {
$insert =
mysql_query(&q
uot;INSERT INTO
`images`
(user_id)
VALUES
('".$_SE
SSION['user_id
']."')
"  ;
if(!$insert)
die("Erro
r while
inserting.&quo
t  ;
}
FIND-
$q =
mysql_query(&q
uot;UPDATE
`Images` SET
`user_images` =
(".$filen
ame."  WHERE
username =
".$userna
me "  ;
REPLACE WITH-
$q =
mysql_query(&q
uot;UPDATE
`images` SET
`user_images` =
(".$filen
ame."  WHERE
user_id =
'".$_SES
SION['user_id
']."'
"  ;
The first part-
If a user
doesn't exist
on this table,
it will insert
him into the
table. This is
why it wasn't
working, it
only updated a
table that had
no information
in.
The Second
Part-
The syntax in
your code is
wrong. You
have WHERE
username =
".$userna
me."&quo
t  ; is
incorrect.
There is no
username column
in the image
table and your
$variable is
wrong, it is
'".$some
thing."'
when your
working with
mysql_query.
Also you stated
to go to the
table Images,
it is called
images all
lowercase.
Edited at 06:06:19 am on 07/06/08
Coding is
simply CST...
Combining $hit
Together. We
make different
$hit to run in
unison
correctly. |
Viewed: 23,437 Times | |  |
bs0d |
Subject: "re: bs0d, and
many other
masters, p..."
Posted: @ 7:15 pm on Jul 06 2008
|
|
|
 Member #: 1 Rank: Admin. - (1,510) Since: 02/06/05 Posts: 604 From: USA
|
Good job,
David! A note
to everyone, if
you click the
checkbox in teh
reply form that
says,
"Disable
Smilies"
then you won't
get smilies in
your code. But
you have to do
this in your
initial reply.
It doesn't
work if you
edit the reply.
|
Viewed: 23,421 Times | |  |
barbs75 |
Subject: "re: bs0d, and
many other
masters, p..."
Posted: @ 8:52 am on Jul 07 2008
|
|
|
Member #: 652 Rank: user - (3) Since: 04/04/08 Posts: 3 From: Swindon, UK
|
Hey dude,
i have emailed
you back with
my script,
which i have
added thumbnail
generation
also, so feel
free to take a
look.
The only thing
i can see where
you have gone
wrong is with
your sql
statement.
Code:
$q =
mysql_query(&q
uot;UPDATE
`Images` SET
user_images =
(".$filen
ame.")
WHERE username
=
".$userna
me."&quo
t;); <
br />
that should be
like this:
Code:
$q =
mysql_query(&q
uot;UPDATE
`Images` SET
user_images =
'$filename'
WHERE username
=
'$username');
hope this
helps
Barbs
|
| Viewed: 23,411 Times | |  |
firers3 |
Subject: "re: bs0d, and
many other
masters, p..."
Posted: @ 4:41 am on Jul 08 2008
|
|
|
Member #: 714 Rank: user - (11) Since: 07/04/08 Posts: 11
|
barbs75
said...
<
i>
Hey dude,
i have emailed
you back with
my script,
which i have
added thumbnail
generation
also, so feel
free to take a
look.
The only thing
i can see where
you have gone
wrong is with
your sql
statement.
<BR><f
ont
size=1><u
>Code:</u
><BR>&
lt;div
name="div
_box"
class="di
vCode">
;$q =
mysql_query(&q
uot;UPDATE
`Images` SET
user_images =
(".$filen
ame." WHERE
username =
".$userna
me."&quo
t ;
that should be
like this:
<BR><f
ont
size=1><u
>Code:</u
><BR>&
lt;div
name="div
_box"
class="di
vCode">
;$q =
mysql_query(&q
uot;UPDATE
`Images` SET
user_images =
'$filename'
WHERE username
=
'$username');
hope this helps
Barbs
|
Viewed: 23,392 Times | |  |
firers3 |
Subject: "re: bs0d, and
many other
masters, p..."
Posted: @ 4:41 am on Jul 08 2008
|
|
|
Member #: 714 Rank: user - (11) Since: 07/04/08 Posts: 11
|
Hi David and
Barbs,
Thanks a lot
for reply. I
David's
suggestion did
help insert
info into
database but
image_name is
still 0 all the
time. I guess I
will keep
testing. For
Barbs, thank
you for sending
me the code.
But,
unfortunately,
I checked
through my
mailbox for
some reason, I
did not receive
your email.
Would you
please resent
it or post the
code here if
possible. It
shall be
greatly
appreciated. My
email address,
again, is
wangwuj [at]
mail [dot] ccsu
[dot] edu
By the way,
thanks bs0d for
providing
original
code.
*Email
edited by bs0d
for spam bot
protection.
Edited at 05:52:04 pm on 07/08/08
|
Viewed: 23,389 Times | |  |
David1159 |
Subject: "re: bs0d, and
many other
masters, p..."
Posted: @ 6:25 am on Jul 09 2008
|
|
|
 Member #: 526 Rank: user - (81) Since: 12/27/07 Posts: 81 From: usa
|
I think I know
what your
saying with the
0 image. Your
saying in your
folder
directory it
keeps saving as
0.jpg right?
This was my
code I used to
test it, it
counted up
images just
fine 0,1,2,3...
in my directory
and
database.
Code:
<?php
session_start()
;
//CONNECT TO
DB
if(isset($_POST
['submit']))
{ //see if
submit button
is pressed.
//check if they
decided to
upload a
pic:
if($_FILES['us
erfile']['siz
e'] > 1) {
$max_size =
100000;
$max_height =
300;
$max_width =
300;
$info =
getimagesize($_
FILES['userfil
e']['tmp_name
']);
//check
file-size (in
bytes):
if(($_FILES['u
serfile']['si
ze'] >
$_POST['MAX_FI
LE_SIZE']) ||
($_FILES['user
file']['size
'] >
$max_size))
{
die("<
BR><BR>
;Error: Upload
file size too
large:
(<b>&quo
t; .
$_FILES['userf
ile']['size'
] .
"</b&g
t;). Must not
exceed XX
kb.");
}
//check the
extension.
$array =
explode("
.",
$_FILES['userf
ile']['name'
]);
$nr =
count($array);
$ext =
$array[$nr-1];<
br />
if(($ext
!="jpg&q
uot;)
&&
($ext
!="jpeg&
quot;)
&&
($ext
!="png&q
uot;))
die("<
BR><BR>
;Error: file
extension
un-recognized.
Be sure your
image follows
the correct
extension (.JPG
or
.PNG)");<
br />
//CHECK TYPE:
(what the
browser
sent)
if(($_FILES['u
serfile']['ty
pe'] !=
"image/jp
eg")
&&
($_FILES['user
file']['type
'] !=
"image/pj
peg")
&&
($_FILES['user
file']['type
'] !=
"image/pn
g")) {
die("<
;BR><BR&g
t;Error: Upload
file type
un-recognized.
Only .JPG or
.PNG images
allowed."
);
}
//DOUBLE CHECK
TYPE: if image
MIME type from
GD
getimagesize()
-In case it was
a
FAKE!
if(($info['mim
e'] !=
"image/jp
eg")
&&
($info['mime'
] !=
"image/pj
peg")
&&
($info['mime'
] !=
"image/pn
g")) {
die("<
;BR><BR&g
t;Error: Upload
file type
un-recognized.
Only .JPG or
.PNG images
allowed."
);
}
//check file
size (length
& width)
if(($info[0]
>
$max_width) ||
($info[1]
>$max_height
)) {
die("<
BR><BR>
;Error: Image
size error
(<b>&quo
t; . $info[0] .
"</b&g
t; x
<b>"
; . $info[1] .
"</b&g
t;). Must not
exceed ".
$max_height .
" x
".
$max_width
."."
;);
}
//rename file,
move it to
location.
if(is_uploaded_
file($_FILES['
userfile']['t
mp_name']))
{
//find if user
exists in image
table
$get =
mysql_query(&q
uot;SELECT
`user_id` FROM
`images` WHERE
`user_id` =
'".$_SES
SION['user_id
']."'&q
uot;);
if(!$get)
die('An Error
Occurred.');
$get2
=
mysql_fetch_obj
ect($get);
if(!$get2) {
$insert =
mysql_query(&q
uot;INSERT INTO
`images`
(user_id)
VALUES
('".$_SE
SSION['user_id
']."')
");
if(!$insert)
die("Erro
r while
inserting.&quo
t;);
}
//get max
number of
images the user
has uploaded
$m =
mysql_query(&q
uot;SELECT
max(user_images
) as
`total_images`
FROM `images`
WHERE `user_id`
=
'".$_SES
SION['user_id
']."'&q
uot;);
if(!$m)
die('An Error
Occurred.');
$result
=
mysql_fetch_obj
ect($m);
if($result->
total_images
<= 0) {
$image_number =
1;
}
else {
$image_number =
$result->tot
al_images +
1;
}
//end if
$filename =
strtolower($_SE
SSION['usernam
e']) .
$image_number;<
br />
$q =
mysql_query(&q
uot;UPDATE
`images` SET
`user_images` =
(".$filen
ame.")
WHERE user_id =
'".$_SES
SION['user_id
']."'
");
if(move_uploade
d_file($_FILES[
'userfile'][
'tmp_name'] ,
$_SERVER['DOCU
MENT_ROOT'].&
quot;/k/"
.$filename .
'.' . $ext))
{
echo("Fil
e uploaded
successfully.&
quot;);
} else {
echo("An
error occurred
while
uploading.&quo
t;);
}//end
upload
}
}
} else {
//display form
?>
<form
enctype="
multipart/form-
data"
action="&
lt;?
$_SERVER['PHP_
SELF'];
?>"
method="p
ost"
name="upl
oadImage"
/>
<input
type="hid
den"
name="MAX
_FILE_SIZE&quo
t;
value="10
0000"
/>
<input
type="fil
e"
name="use
rfile"
size="35
" />
<input
type="sub
mit"
name="sub
mit"
value="Up
load
Image">
;
<? } //end
else ?>
Coding is
simply CST...
Combining $hit
Together. We
make different
$hit to run in
unison
correctly. |
Viewed: 23,371 Times | |  |
firers3 |
Subject: "re: bs0d, and
many other
masters, p..."
Posted: @ 8:34 pm on Jul 10 2008
|
|
|
Member #: 714 Rank: user - (11) Since: 07/04/08 Posts: 11
|
Thanks David,
one question,
shall I define
$user_id in
login page as
_session['user
_id'] in order
to insert it
into database
from the upload
page? it seems
it does not
automatically
carried in even
I have
session_start()
; on top of
webpage.
|
Viewed: 23,341 Times | |  |
Genius |
Subject: "re: bs0d, and
many other
masters, p..."
Posted: @ 10:24 pm on Jul 10 2008
|
|
|
 Member #: 582 Rank: user - (77) Since: 02/18/08 Posts: 76 From: kmmk
|
Edited at 12:21:02 am on 07/12/08
|
Viewed: 23,337 Times | |  |
firers3 |
Subject: "re: bs0d, and
many other
masters, p..."
Posted: @ 6:10 am on Jul 11 2008
|
|
|
Member #: 714 Rank: user - (11) Since: 07/04/08 Posts: 11
|
Thanks for
help. I
understand what
you posted and
altered my code
already. the
problem is like
before. I
don't know
what the hell
my code
happens. Here
is how the code
confuse me:
When I take
session_start()
off, the code
will save image
file in image
folder as
1.jpg, 2 jpg
and 3 jpg... by
which i see the
sequence and
also in the
table
"user_ima
ges"
column i see
number
increasing. but
I don't see
username or
user_id. being
added to the
uploaded image
files. However,
when I add
session_start()
on the very top
of html, after
uploaded image
files, I can
see username+1
or user_id+1 in
the folder
(depends how I
set in upload
page, I used
username rather
than user_id.)
but no matter
how many
pic/images I
upload, it
keeps overwrite
again and
again. and the
"user_ima
ges"
column is
always
"0"
. I guess it
sounds too
complicated. I
just post my
code here see
if anyone could
figure it out
if possible.
my login.php
works great. it
is like this
Code:
<?
ob_start();
session_start(
);
//connected to
data.
?>
<?
if(isset($_SESS
ION['username
']) &&
isset($_SESSION
['password'])
) {
//REDIRECT TO
USERS
PROFILE...
header("L
ocation:
http://www.logo
banquet.com&qu
ot;);
} //end if
logged in
//IF SUBMIT
BUTTON
PRESSED
if(isset($_POST
['submit']))
{
if(!$_POST['us
ername'])
die("Erro
r: You must
enter your
username before
logging
in.");
if(!$_POST['pa
ssword'])
die("Erro
r: You must
enter your
password before
logging
in.");
//set cookie
if checked
if(!empty($_POS
T['stay_in'])
) {
$joined
=''.$_POST['
username'].'[
]'.$_POST['pa
ssword'].'';
setcookie('log
in_cookie',
$joined,
2147483647,
'/',
'.www.logobanq
uet.com');
} //end
if
//verify
user...
$get_user =
mysql_query(&q
uot;SELECT *
FROM
`Member_info`
WHERE username
=
'".$_POS
T['username']
."' AND
password =
'".$_POS
T['password']
."'&quo
t;);
$q =
mysql_fetch_obj
ect($get_user);
if(!$q)
die("Logi
n Failure: An
error occured,
please verify
your username
and password
are
correct."
);
$gid =
mysql_query(&q
uot;SELECT
`user_id` FROM
`Member_info`
WHERE username
=
'".$_POS
T['username']
."' AND
password =
'".$_POS
T['password']
."'&quo
t;);
//set session
variables
$gidq =
mysql_fetch_obj
ect($gid);
//set session
variables
$_SESSION['log
ged_in'] =
1;
$_SESSION['use
rname'] =
$_POST['userna
me'];
$_SESSION['pas
sword'] =
$_POST['passwo
rd'];
$_SESSION['use
r_id'] =
$gidq;
session_write_c
lose();
header("L
ocation:
http://www.logo
banquet.com&qu
ot;);
} else {
//show login
form
?>
<form
name="log
in"
method="p
ost"
action="&
lt;?
$_SERVER['PHP_
SELF'];
?>">
;
<table>
<tr>
<td>Usern
ame:<input
type="tex
t"
id="usern
ame"
name="use
rname">
;</td>
</tr>
<tr>
<td>Passw
ord:<input
type="pas
sword"
id="passw
ord"
name="pas
sword">
;</td>
</tr>
<tr>
<td>Submi
t: <input
type="sub
mit"
value="Su
bmit"
name="sub
mit"
id="submi
t"><
;/td>
</tr>
<tr>
<td>Remem
ber? <input
type="che
ckbox"
name="sta
y_in[]"
checked="
yes">&
lt;/td>
</tr>
</table><
br />
</form>
<?
}//end else
?>
<?
//check
cookie
if
($_SESSION['lo
gged_in'] != 1
&&
isset($_COOKIE[
'login_cookie
']))
{
list($user,
$pass) =
explode('[]',
$_COOKIE['logi
n_cookie']);
$qu =
mysql_query(&q
uot;SELECT
`password` FROM
`Member_info`
WHERE
`username` =
'".addsl
ashes($user).&
quot;'")
;
if
(mysql_num_rows
($qu) == 1)
{
$passw
=
mysql_fetch_obj
ect($qu);
if
($passw->use
r_password ==
$pass) {
$_SESSION['log
ged_in'] =
1;
$_SESSION['use
rname'] =
$user;
$_SESSION['pas
sword'] =
$pass;
}
}
}
if(!isset($_SES
SION['username
']) &&
!isset($_SESSIO
N['password']
))
{
$_SESSION['log
ged_in'] =
0;
$user =
"Guest&q
uot;;
}
?>
Here is the
problematic
code for my
upload.php
Code:
<?
session_start()
;
ob_start();
//connect to
database.
?>
<?
if(isset($_POST
['submit']))
{ //see if
submit button
is pressed.
}
//check if they
decided to
upload a
pic:
if($_FILES['us
erfile']['siz
e'] > 1) {
$max_size =
"100000&
quot;;
$max_height =
"300&quo
t;;
$max_width =
"300&quo
t;;
$info =
getimagesize($_
FILES['userfil
e']['tmp_name
']);
//check
file-size (in
bytes):
if(filesize($_F
ILES['userfile
']['size']
>
$_POST['MAX_FI
LE_SIZE']) ||
filesize($_FILE
S['userfile']
['size'] >
$max_size))
{
die("<
BR><BR>
;Error: Upload
file size too
large:
(<b>&quo
t; .
$_FILES['userf
ile']['size'
] .
"</b&g
t;). Must not
exceed 100000
kb.");
}
//check the
extension.
$array =
explode("
.",
$_FILES['userf
ile']['name'
]);
$nr =
count($array);
$ext =
$array[$nr-1];<
br />
if(($ext
!="jpg&q
uot;)
&&
($ext
!="jpeg&
quot;)
&&
($ext
!="png&q
uot;))
die("<
BR><BR>
;Error: file
extension
un-recognized.
Be sure your
image follows
the correct
extension (.JPG
or
.PNG)");<
br />
//CHECK TYPE:
(what the
browser
sent)
if(($_FILES['u
serfile']['ty
pe'] !=
"image/jp
eg")
&&
($_FILES['user
file']['type
'] !=
"image/pj
peg")
&&
($_FILES['user
file']['type
'] !=
"image/pn
g")) {
die("<
;BR><BR&g
t;Error: Upload
file type
un-recognized.
Only .JPG or
.PNG images
allowed."
);
}
//DOUBLE CHECK
TYPE: if image
MIME type from
GD
getimagesize()
-In case it was
a
FAKE!
if(($info['mim
e'] !=
"image/jp
eg")
&&
($info['mime'
] !=
"image/pj
peg")
&&
($info['mime'
] !=
"image/pn
g")) {
die("<
;BR><BR&g
t;Error: Upload
file type
un-recognized.
Only .JPG or
.PNG images
allowed."
);
}
//check file
size (length
& width)
if(($info[0]
>
$max_width) ||
($info[1]
>$max_height
)) {
die("<
BR><BR>
;Error: Image
size error
(<b>&quo
t; . $info[0] .
"</b&g
t; x
<b>"
; . $info[1] .
"</b&g
t;). Must not
exceed ".
$max_height .
" x
".
$max_width
."."
;);
}
//rename file,
move it to
location.
if(is_uploaded_
file($_FILES['
userfile']['t
mp_name']))
{
$get =
mysql_query(&q
uot;SELECT
`username` FROM
`images` WHERE
`username` =
'".$_SES
SION['username
']."'&
quot;);
if(!$get)
die('An Error
Occurred.');
$get2 =
mysql_fetch_obj
ect($get);
if(!$get2) {
$insert =
mysql_query(&q
uot;INSERT INTO
`images`
(username)
VALUES
('".$_SE
SSION['usernam
e']."')
");
if(!$insert)
die("Erro
r while
inserting.&quo
t;);
}
//get max
number of
images the user
has uoaded
$m =
mysql_query(&q
uot;SELECT
max(user_images
) as
`total_images`
FROM `images`
WHERE
`username` =
'".$_SES
SION['username
']."'&
quot;);
if(!$m)
die('An Error
Occurred.');
$result
=
mysql_fetch_obj
ect($m);
if($result->
total_images
<= 0) {
$image_number =
1;
}
else {
$image_number =
$result->tot
al_images +
1;
}
//end if
$filename =
strtolower($_SE
SSION['usernam
e']) .
$image_number;<
br />
$q =
mysql_query(&q
uot;UPDATE
`images` SET
`user_images` =
(".$filen
ame.")
WHERE
'username' =
'".$_SES
SION['username
']."'
");
if(move_uploade
d_file($_FILES[
'userfile'][
'tmp_name'] ,
$_SERVER['DOCU
MENT_ROOT'].&
quot;/incoming/
".$filena
me . '.' .
$ext)) {
echo("Fil
e uploaded
successfully.&
quot;);
} else {
echo("An
error occurred
while
uploading.&quo
t;);
}//end
upload
} //end
is_uploaded_fil
e
} else {
//display form
?>
<form
enctype="
multipart/form-
data"
action="&
lt;?
$_SERVER['PHP_
SELF'];
?>"
method="p
ost"
name="upl
oadImage"
/>
<input
type="hid
den"
MAX_FILE_SIZE =
"100000&
quot; />
<input
type="fil
e"
name="use
rfile"
size="35
" />
<input
type="sub
mit"
name="sub
mit"
value="Up
load
Image">
;
<? } //end
else ?>
Many thanks! :)
|
Viewed: 23,314 Times | |  |
Genius |
Subject: "re: bs0d, and
many other
masters, p..."
Posted: @ 2:34 pm on Jul 11 2008
|
|
|
 Member #: 582 Rank: user - (77) Since: 02/18/08 Posts: 76 From: kmmk
|
Ok,
tested. Try
this:
Code:
<?php
session_start()
;
// Include
Database
Connection Here
//
Configuration -
Your Options
$filetypes =
array('.jpg',
'.gif','.bmp
','.png');
$max_filesize =
999999;
$upload_path =
'images/';
// If submitted
if(isset($_POST
['submit']))
{
// Name of the
original file
$filename =
$_FILES['image
']['name'];
// Check the
extension
$ext =
substr($filenam
e,
strpos($filenam
e,'.'),
strlen($filenam
e)-1);
// Check the
filetype
if(!in_array($e
xt,$filetypes))
die('The image
type is not
allowed.');
// Check the
filesize
if(filesize($_F
ILES['image']
['tmp_name'])
>
$max_filesize)
die('The image
is too
large.');
// Check upload
path
if(!is_writable
($upload_path))
die('Sorry,
script cannot
upload your
image for some
reason.<br
/>Please
contact the
admin.');
// SQL check
$get =
mysql_query(&q
uot;SELECT
`username` FROM
`images` WHERE
`username` =
'".$_SES
SION['username
']."'&
quot  ;
if(!$get)
die(mysql_error
());
$get2 =
mysql_fetch_obj
ect($get);
if(!$get2) {
$insert =
mysql_query(&q
uot;INSERT INTO
`images`
(username)
VALUES
('".$_SE
SSION['usernam
e']."')
"  ;
if(!$insert)
die(mysql_error
());
}
// Get max
number of
images the user
has uoaded
$m =
mysql_query(&q
uot;SELECT
max(user_images
) as
`total_images`
FROM `images`
WHERE
`username` =
'".$_SES
SION['username
']."'&
quot  ;
if(!$m)
die('An Error
Occurred.');
$result =
mysql_fetch_obj
ect($m);
if($result->
total_images
<= 0) {
$image_number =
1;
} else {
$image_number =
$result->tot
al_images + 1;
} //end if
// Rename file
$new_filename =
strtolower($_SE
SSION['usernam
e']) .
$image_number;
// Upload the
file
if(move_uploade
d_file($_FILES[
'image']['tm
p_name'],$uplo
ad_path
.$new_filename.
$ext)) {
$sql =
mysql_query(&q
uot;UPDATE
`images` SET
`user_images` =
'".$new_
filename.$ext.
"' WHERE
`username` =
'".$_SES
SION['username
']."'
"  ;
echo 'Your
image uploaded
successfully!'
;
} else {
echo 'There
was an error
during the file
upload. Please
try again.';
}
} else {
?>
<form
enctype="
multipart/form-
data"
action="&
lt;?
$_SERVER['PHP_
SELF'];
?>"
method="p
ost"
name="upl
oadImage"
/>
<input
type="hid
den"
MAX_FILE_SIZE =
"100000&
quot; />
<input
type="fil
e"
name="ima
ge"
size="35
" />
<input
type="sub
mit"
name="sub
mit"
value="Up
load
Image">
;
<?php }
?>
Change die() to
whatever u
like. Was
debugging with
mysql_error
while
testing.
PS: Bs0d: idk
y, but even
when i disable
smilies from
initial post
(before i edit)
those smilies
appear in the
code.
Edited at 01:55:32 pm on 07/12/08
|
Viewed: 23,286 Times | |  |
Viewing Page: 1 of 1 |
|