Web Analytics Made Easy - StatCounter Upload script issues (code included) - CodingForum

Announcement

Collapse
No announcement yet.

Upload script issues (code included)

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Upload script issues (code included)

    I was wondering if anyone could make sence of this code from a tutorial I found. I've commented out the allowed types just because its a weak way to secure the script (from what I've read)

    I tried to use this script before and got it to kinda work where it would upload the image and paste a link to it once it was complete, but the MySQL section never worked correctly .

    Its just the sheer number of if's thats driving me insane. If someone knows of a better snippet of code that uses the MySQL db to store the info I'd be willing to look into it.

    On the other hand I don't know if its the "age" of the script or if its my host thats giving me issues with it.

    Thanks for your time peoples...

    d3.

    PHP Code:
    $MAX_ALLOWED_FILE_SIZE 1024000;
    $DEST_DIR=  'files/';
    $DEST_PATH 'files/';
    $DEST_URL'http://domain.com/image';
        
    //$allowed_types = array("image/gif", "image/pjpeg", "image/x-png", "image/bmp");
        
    $db_host "localhost";
    $db_user "**";
    $db_pass "*******";
    $db_name "*************";

    $errormessage "Please enter file to be uploaded.";

            $picfile_name $_FILES['picfile']['name'];
            $picfile_type $_FILES['picfile']['type'];
            $picfile_size $_FILES['picfile']['size'];
            $picfile_temp $_FILES['picfile']['tmp_name'];
            
        if (    $MAX_ALLOWED_FILE_SIZE >= $picfile_size)
        {
               /*
           if (in_array($picfile_type, $allowed_types))
        {
            */
                if (is_uploaded_file($_FILES['picfile']['tmp_name']))
            {

                if (    file_exists($DEST_PATH $picfile_name))
                {
                        $unique_id time();
                    $picfile_name $unique_id '_' $picfile_name;
                }
                        
                if (    move_uploaded_file($picfile_temp$DEST_PATH $picfile_name))
                {
                        $errormessage "File uploaded as:
    <b>"     DEST_URL $picfile_name "</b>";
                            
                    if(    mysql_connect($dbhost$dbuser$dbpass))
                {
                    if(    mysql_select_db($dbname))
                    {
                        $sql1 "INSERT INTO uploads (whenuploaded, ipaddress, imageloc, imagesize, imagetype) VALUES (";
                        $sql1 .= "'" date("Y-m-d H:i:s") . "',";
                        $sql1 .= "'" $_SERVER['REMOTE_ADDR'] . "',";
                        $sql1 .= "'" $DEST_DIR $picfile_name "')";
    //                $sql1 .= "" . $picfile_size . ",";
    //                $sql1 .= "'" . $picfile_type . "')";
                                    
                        if (!mysql_query($sql1))
                    {
                            $errormessage .= "<font color=red><b>Query failed [$sql1].</b></font>";
                    }
                    }
                    else
                    {
                            $errormessage .= "<font color=red><b>Could not select database.</b></font>";
                    }
                }
                else
                {
                        $errormessage .= "<font color=red><b>Could not connect to database.</b></font>";
                }
                }
                else
                {
                    $errormessage "<b><font color='red'>File upload failed for obscure reasons (error code: " $_FILES['picfile']['error'] . ").</font></b>";
                }
            }
            else
            {
                    $errormessage "<b><font color='red'>No file uploaded.</font></b>";
            }
                /*
            }
            else
            {
            $errormessage = "<b><font color='red'>Invalid file type.</font></b>";
            }
            */
            }
        else
        {
                $errormessage "<b><font color='red'>File too big (maximum size is " $MAX_ALLOWED_FILE_SIZE .    ").</font></b>";
        }
            $_REQUEST['form_submit'] = ""
    Last edited by deethree; Aug 1, 2005, 03:38 PM.
    Tags: None
  • #2
    The error lies in your SQL statement. There are 2 lines of code commented out that are required to make the query valid.

    Either you uncomment these lines or you must rewrite the SQL statement like this:
    PHP Code:
    $sql1 'INSERT INTO uploads (whenuploaded, ipaddress, imageloc) VALUES (';
    $sql1 .= '"'.date('Y-m-d H:i:s').'",';
    $sql1 .= '"'.$_SERVER['REMOTE_ADDR'].'",';
    $sql1 .= '"'.$DEST_DIR.$picfile_name.'")'
    dumpfi

    PS: I don't know what you have to carp at the script. It's easy to read and pretty straightforward IMHO.
    "Failure is not an option. It comes bundled with the software."
    ....../)/)..(\__/).(\(\................../)_/)......
    .....(-.-).(='.'=).(-.-)................(o.O)...../<)
    ....(.).(.)("}_("}(.)(.)...............(.)_(.))¯/.
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Little did the bunnies suspect that one of them was a psychotic mass murderer with a 6 ft. axe.

    Comment

    • #3
      It is straight forward just not laid out well.

      I printed it out and re did a few things, I'll repost the working version after I reagust a few more things.

      d3.

      Comment

      Previous template Next
      Working...
      X