I was wondering if anyone could make sence of this code from a tutorial I found. I've commented out the allowed types just because its a weak way to secure the script (from what I've read)
I tried to use this script before and got it to kinda work where it would upload the image and paste a link to it once it was complete, but the MySQL section never worked correctly
.
Its just the sheer number of if's thats driving me insane. If someone knows of a better snippet of code that uses the MySQL db to store the info I'd be willing to look into it.
On the other hand I don't know if its the "age" of the script or if its my host thats giving me issues with it.
Thanks for your time peoples...
d3.
I tried to use this script before and got it to kinda work where it would upload the image and paste a link to it once it was complete, but the MySQL section never worked correctly

Its just the sheer number of if's thats driving me insane. If someone knows of a better snippet of code that uses the MySQL db to store the info I'd be willing to look into it.
On the other hand I don't know if its the "age" of the script or if its my host thats giving me issues with it.
Thanks for your time peoples...
d3.
PHP Code:
$MAX_ALLOWED_FILE_SIZE = 1024000;
$DEST_DIR= 'files/';
$DEST_PATH = 'files/';
$DEST_URL= 'http://domain.com/image';
//$allowed_types = array("image/gif", "image/pjpeg", "image/x-png", "image/bmp");
$db_host = "localhost";
$db_user = "**";
$db_pass = "*******";
$db_name = "*************";
$errormessage = "Please enter file to be uploaded.";
$picfile_name = $_FILES['picfile']['name'];
$picfile_type = $_FILES['picfile']['type'];
$picfile_size = $_FILES['picfile']['size'];
$picfile_temp = $_FILES['picfile']['tmp_name'];
if ($MAX_ALLOWED_FILE_SIZE >= $picfile_size)
{
/*
if (in_array($picfile_type, $allowed_types))
{
*/
if (is_uploaded_file($_FILES['picfile']['tmp_name']))
{
if (file_exists($DEST_PATH . $picfile_name))
{
$unique_id = time();
$picfile_name = $unique_id . '_' . $picfile_name;
}
if (move_uploaded_file($picfile_temp, $DEST_PATH . $picfile_name))
{
$errormessage = "File uploaded as:
<b>" . DEST_URL . $picfile_name . "</b>";
if(mysql_connect($dbhost, $dbuser, $dbpass))
{
if(mysql_select_db($dbname))
{
$sql1 = "INSERT INTO uploads (whenuploaded, ipaddress, imageloc, imagesize, imagetype) VALUES (";
$sql1 .= "'" . date("Y-m-d H:i:s") . "',";
$sql1 .= "'" . $_SERVER['REMOTE_ADDR'] . "',";
$sql1 .= "'" . $DEST_DIR . $picfile_name . "')";
// $sql1 .= "" . $picfile_size . ",";
// $sql1 .= "'" . $picfile_type . "')";
if (!mysql_query($sql1))
{
$errormessage .= "<font color=red><b>Query failed [$sql1].</b></font>";
}
}
else
{
$errormessage .= "<font color=red><b>Could not select database.</b></font>";
}
}
else
{
$errormessage .= "<font color=red><b>Could not connect to database.</b></font>";
}
}
else
{
$errormessage = "<b><font color='red'>File upload failed for obscure reasons (error code: " . $_FILES['picfile']['error'] . ").</font></b>";
}
}
else
{
$errormessage = "<b><font color='red'>No file uploaded.</font></b>";
}
/*
}
else
{
$errormessage = "<b><font color='red'>Invalid file type.</font></b>";
}
*/
}
else
{
$errormessage = "<b><font color='red'>File too big (maximum size is " . $MAX_ALLOWED_FILE_SIZE . ").</font></b>";
}
$_REQUEST['form_submit'] = "";
Comment