Bubblychaz

Its fixed.. Thank you.

I couldnt find my php.ini file My webhost said error reporting is on

It isnt my code, It was partly made for me but the guy never finnished it all. All that is left to do is the delete function.. Sorry yes it should be delete_avatars

Okay sure. When i clikc on Delete in my form, It just returns the next page blank, But when you then go back to the list, the Id you just deleted is still there

My php script wont delete in selected id from the mysql database function code <?php function edit_avatar($_POST) { if ($_POST['delete'] == 1) { delete_item($_POST['id']); return 'deleted'; } $errors = check_required_fields($_POST); function delete_avatars($id) { $query = "DELETE FROM avatar_list WHERE id = '$id' LIMIT 1"; return mysql_query($query) or die(mysql_error()); } edit page code if (!empty($_GET['delete'])) { echo '<p style="color: green;">The avatar has been deleted.</p>'; } <td>Delete Avatar:</td> <td><input type="checkbox" name="delete" value="1" onclick="confirm_delete(this);"/><span style="color:red;">This cannot be undone!</span></td> Ive removed the rest of the code but delete bits

The upload form is a in staff folder which is a subdomain so staff.spardel.com the images folder is in the main domain which is spardel.com/images

I fixed it.. I think.. Im unsure if this is the correct way around it but I took $_SERVER['DOCUMENT_ROOT'] = "/home4/spardelc/"; off the addon.php and put it at the top of my script, But I also checked my file manager to see exactly what my root was called which and added this to the top of my script $_SERVER['DOCUMENT_ROOT'] = "/home4/spardelc/public_html/";

I think the issue is the $_SERVER['DOCUMENT_ROOT'] in my addon.php i have $ip=$_SERVER['REMOTE_ADDR']; $baseurl = "http://www.spardel.com"; $_SERVER['DOCUMENT_ROOT'] = "/home4/spardelc/"; Am I missing something?

How do I set up the error_reporting?

That added, But. didnt upload the image to the server? ---- Edit: I did some work on the script, the script is on a subdomain, I want it to upload the images to a folder in the main domain, So out of curiousity I made a folder in subdomain called images and that is where the images are now uploading too.

I cant see any images with the checks, only in the file destination of $baseurl/images/ $name = $_POST['name']; $madeby = $_POST['madeby']; $submitted = $_POST['submitted']; $filedunder = $_POST['filedunder']; $filedunder2 = $filedunder.'img'; $Image = $_FILES['Image']; $directoryName = "$baseurl/images/$filedunder"; $extension = strtolower(pathinfo($Image['name'], PATHINFO_EXTENSION)); if (!in_array($extension, array('jpg', 'jpeg', 'gif', 'png'))) { die("Statement here"); } if (!file_exists($directoryName)) { mkdir($directoryName, 0777); } $directoryName2 = "$baseurl/images/$filedunder"; if (!file_exists($directoryName2)) { mkdir($directoryName2, 0777); } if (strpos($_FILE['Image']['type'], 'image/') !== 0) { die(" Please only use image files"); } if ((!$name) OR (!$filedunder) OR (!$Image)) { die("Please dont leave blank info");} else { mysql_query("INSERT INTO $filedunder2 (madeby,name,date,submitted) VALUES ('$madeby','$name','$timestamp','$submitted')"); $insert_id = mysql_insert_id(); $image = $insert_id . "img.png"; mysql_query("UPDATE $filedunder2 SET url = '$baseurl/images/$filedunder/$image' WHERE id = '$insert_id' "); $file = $_FILES['Image']['tmp_name']; $dest = $_SERVER['DOCUMENT_ROOT'].'/images/'.$filedunder.'/'.$insert_id.'img.png'; copy($file, $dest); die("oooohhhhh It Added! <P> <B>Take note of this url, as Your uploads page is currently down!!!</b><P> <Textarea>www.spardel.com/images/$filedunder/$image</Textarea> "); }

Ok its now, (I didnt know what to put) $extension = strtolower(pathinfo($Image['name'], PATHINFO_EXTENSION)); if (!in_array($extension, array('jpg', 'jpeg', 'gif', 'png'))) { die("Statement here"); } Run the script and got please only use image files

I now have in coding print_r($_FILES); exit; $name = $_POST['name']; $madeby = $_POST['madeby']; $submitted = $_POST['submitted']; $filedunder = $_POST['filedunder']; $filedunder2 = $filedunder.'img'; $Image = $_FILES['Image']; $directoryName = "$baseurl/images/$filedunder"; $extension = strtolower(pathinfo($Image['name'], PATHINFO_EXTENSION)); if (!in_array($extension, array('jpg', 'jpeg', 'gif', 'png'))) { // ... } if (!file_exists($directoryName)) { mkdir($directoryName, 0777); } $directoryName2 = "$baseurl/images/$filedunder"; if (!file_exists($directoryName2)) { mkdir($directoryName2, 0777); } if (strpos($_FILE['Image']['type'], 'image/') !== 0) { die(" Please only use image files"); } if ((!$name) OR (!$filedunder) OR (!$Image)) { die("Please dont leave blank info");} else { mysql_query("INSERT INTO $filedunder2 (madeby,name,date,submitted) VALUES ('$madeby','$name','$timestamp','$submitted')"); $insert_id = mysql_insert_id(); $image = $insert_id . "img.png"; mysql_query("UPDATE $filedunder2 SET url = '$baseurl/images/$filedunder/$image' WHERE id = '$insert_id' "); $file = $_FILES['Image']['tmp_name']; $dest = $_SERVER['DOCUMENT_ROOT'].'/images/'.$filedunder.'/'.$insert_id.'img.png'; copy($file, $dest); die("oooohhhhh It Added! <P> <B>Take note of this url, as Your uploads page is currently down!!!</b><P> <Textarea>www.spardel.com/images/$filedunder/$image</Textarea> "); } and the print out is Array ( [image] => Array ( [name] => zebra.JPG [type] => image/jpeg [tmp_name] => /var/tmp/phpFbholc [error] => 0 [size] => 59038 ) )

Array ( [image] => Array ( [name] => zebra.JPG [type] => image/jpeg [tmp_name] => /var/tmp/phppBpmma [error] => 0 [size] => 59038 ) ) is printed now. How do I escape the insert to the database? How would I make it more secure?

Well just tested it as And Im still getting the please only use image files error.. Also what would I use instead of Die?

Ok Thanks. So I would do something like: if (!preg_match("$images/", $_FILES['Image']['type']) ) { die(" Please only use image files"); } replaced with if (strpos($_FILE['Image']['type'], 'images/') !== 0) { die(" Please only use image files"); } ? Or Am I misunderstanding?

Sorry this has confused me can you explain more please Where am I putting this? What it replaces? And What does it do? I am still learning

Okay done that, before changing the eregi the script would update the database but not upload the file... After changing both files and preg, It will still give the error please only use image file I removed this completely if (!preg_match("$images/", $_FILES['Image']['type']) ) { die(" Please only use image files"); } And it went through and said it added, though the image didnt upload, the script added the correct info to the database.

So I changed host today and now my image upload script isnt working.. can someone help please form is: then the action page is I dont know if it matters but, the form is on a subdomain and then upload directory is off the sub-domain $baseurl = "http://www.spardel.com/"; Once I upload an image I get "Please only use image files"

^^ This

Ive got 3 PHP scripts for my site, I want to turn into Apps. How do I go about this? Is it hard?

Im not sure if I did this right? $pagetitle = "Upload"; $name = $_POST['name']; $filedunder = $_POST['filedunder']; $filedunder2 = $filedunder.'img'; $Image = $_FILES['Image']; $directoryName = "$baseurl/images/$filedunder"; if (!file_exists($directoryName)) { mkdir($directoryName, 0777); } $directoryName2 = "$baseurl/images/$filedunder"; if (!file_exists($directoryName2)) { mkdir($directoryName2, 0777); } if($_SERVER['REQUEST_METHOD'] == 'POST'){ die(header("Location: $baseurl/slorg/upload.php?error=Please+do+not+leave+any+info+blank."));} // the request_method is tested since some of the possible errors leave the $_POST and $_FILES arrays empty // a post form was submitted, check if a file was successfully uploaded if(!empty($_FILES) && $_FILES['Image']['error'] == UPLOAD_ERR_OK){ // a file was successfully uploaded. mysql_query("INSERT INTO $filedunder2 (madeby,name,date,submitted) VALUES ('$username','$name','$timestamp','$username')"); $insert_id = mysql_insert_id(); $image = $insert_id . "img.png"; mysql_query("UPDATE $filedunder2 SET url = '$baseurl/images/$filedunder/$image' WHERE id = '$insert_id' "); $file = $_FILES['Image']['tmp_name']; $dest = $_SERVER['DOCUMENT_ROOT'].'/images/'.$filedunder.'/'.$insert_id.'img.png'; copy($file, $dest); header("Location: upload.php?error=Your+graphic+has+been+added!"); }

Doing this responded in Please do not leave any info blank.

Yes, It needs storing in a directory called Images and needs to be filled under the type of image (Banner, Background etc) and then in the database it needs noting which user uploaded it

Before I changed host this script worked fine. Infact it still works fine on my old host even though its the same script? I am so confused with this, Please help? It keeps coming back with the error its not an image file <?php include ($_SERVER['DOCUMENT_ROOT'].'/slorg/header.inc.php'); $pagetitle = "Upload"; $helpfaerie = mysql_fetch_array(mysql_query("SELECT * FROM helpfaerie WHERE page = 'upload'")); $helpfaerie2 = mysql_fetch_array(mysql_query("SELECT * FROM staff WHERE username = '$username'")); if ($helpfaerie2[helpfaerie] == 1) { echo "<div id=\"helpfaerie\" style=\"overflow: auto; position:fixed; bottom:0; right:0; \"><table width=\"200\" border=\"0\" cellspacing=\"0\" cellpadding=\"4\" style=\"border-top: 1pt solid black;border-bottom: 1pt solid black;border-left: 1pt solid black;border-right: 1pt solid black; background-color:#ffffff;\"> <tr> <td><center><img src=\"http://images.neopets.com/items/toy_faerie_psellia.gif\" border=\"0\"></center></td> </tr> <tr> <td><p>$helpfaerie[text]</p></td> </tr> <tr> <td style=\"text-align: right;\">[<a href=\"$baseurl/closehelp.pro.php\">x</a>]</td> </tr> </table></div>"; } ECHO <<<END <center> <FORM ACTION="upload.pro.php" enctype="multipart/form-data" METHOD=POST> <table width="366" border="0" cellspacing="0" cellpadding="0"> <tr> <td colspan="2"><center>Upload An Image</center></td> </tr> <tr> <td>Name of Graphic:</td> <td><input type="text" name="name"</td> </tr> <tr> <td>Filed Under:</td> <td><select name="filedunder"> <option "avatars">Avatar</option> <option "backgrounds">Background</option> <option "banners">Banner</option> <option "blinkies">Blinkie</option> <option "buttons">Button</option> <option "gallerys">Gallery Layout</option> <option "glitters">Glitter</option> <option "guides">Guide Image</option> <option "guilds">Guild Layout</option> <option "misc"> Miscellaneous</option> <option "nbhelp>NeoBoard Help</option> <option "petlookups">Pet Lookup</option> <option "petpages">PetPage Layout</option> <option "shields">Shield</option> <option "shops">Shop Layout</option> <option "tutorials">Tutorial Image</option> <option "userlookups">User Lookup</option> </select"></td> </tr> <tr> <td>Upload Image:</td> <td><input type="file" name="Image"></td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td colspan="2"><center><font size="-1"><i> <input type="submit" name="go" value="Add"> </i></font></center></td> </tr> </table></FORM> <p> </p></center> END; ?> Then the 2nd page <?php include ($_SERVER['DOCUMENT_ROOT'].'/slorg/addon.php'); include ($_SERVER['DOCUMENT_ROOT'].'/dblink.php'); $pagetitle = "Upload"; $name = $_POST['name']; $filedunder = $_POST['filedunder']; $filedunder2 = $filedunder.'img'; $Image = $_FILES['Image']; $directoryName = "$baseurl/images/$filedunder"; if (!file_exists($directoryName)) { mkdir($directoryName, 0777); } $directoryName2 = "$baseurl/images/$filedunder"; if (!file_exists($directoryName2)) { mkdir($directoryName2, 0777); } if (!eregi("image/", $_FILES['Image']['type'])) { die(header("Location: $baseurl/slorg/upload.php?error=Please+only+use+image+files.")); } if ((!$name) OR (!$filedunder) OR (!$Image)) { die(header("Location: $baseurl/slorg/upload.php?error=Please+do+not+leave+any+info+blank.")); } else { mysql_query("INSERT INTO $filedunder2 (madeby,name,date,submitted) VALUES ('$username','$name','$timestamp','$username')"); $insert_id = mysql_insert_id(); $image = $insert_id . "img.png"; mysql_query("UPDATE $filedunder2 SET url = '$baseurl/images/$filedunder/$image' WHERE id = '$insert_id' "); $file = $_FILES['Image']['tmp_name']; $dest = $_SERVER['DOCUMENT_ROOT'].'/images/'.$filedunder.'/'.$insert_id.'img.png'; copy($file, $dest); header("Location: upload.php?error=Your+graphic+has+been+added!"); } ?>