angelali

Here are the codes: <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { //Assigning variables $image = $_FILES['fileupload']['name']; $size = $_FILES['fileupload']['size']; $format = $_FILES['fileupload']['type']; $tmp_name = $_FILES['fileupload']['tmp_name']; //Check extensions and size $fileextension = strtolower(substr($image, strpos($image, '.') + 1)); $max = 204800; //Codes if (isset($image)) { if (empty($image)) { echo '<p class="error">Choose an image to upload!</p>'; } elseif ($fileextension !== 'jpg' && $fileextension !== 'jpeg' && $fileextension !== 'gif' && $fileextension !== 'png'){ echo '<p class="error">Only JPG, GIF and PNG are acceptable!</p>'; } elseif ($size > $max) { echo '<p class="error">Image must not exceed 200KB!</p>'; } elseif (file_exists("image/" .$image)) { echo '<p class="error">'.$image.' '.'already exists, choose another image or rename it to another name!'.'</p>'; } else { $location = 'image/'; move_uploaded_file($tmp_name, $location.$image); echo '<p class="success">Upload successful</p>'; echo '<p class="details">'.$image.'</p>'; } } } ?>

Hello guys, I have created a mini image hosting website. Well, I have successfully coded the file upload, including security to allow certain image extensions and size as a beginner in PHP. However, only one thing remains is the image link. You can view the website on this address http://mini-image-hosting.99k.org/ where it is currently hosting on a free web hosting account with a free sub-domain. Right now, only the image can be uploaded and is being stored in a directory. Nevertheless, I want that when the person uploads an image, he gets also the link, for example: http://mini-image-hosting.99k.org/xxx.jpg something like that. Can you help me for this?

You could explain as a human, not like a monkey!

You are rude dude... Get a life! Seriously! I was just asking how it functions, I have never said I am going to do it!

Hi, I want to know something on credit card processing. I do not have any problem here, but want to know how ca shopping website is processed! For example, a website is selling shoes online, where people will use either VISA or any credit card to buy, then the shoes will be delivered to the person's place. I want to know, how these credit cards are stored, I mean do these information are stored in the database, the website administrator will take the credit number etc...to get the money from the bank?

I tried it...but in vain..again the same thing happens.. For example, let say if the first name has numbers in the field, it will give an error, so I did this: if (filter_var($first, FILTER_VALIDATE_INT) || filter_var($last, FILTER_VALIDATE_INT)) { $first_name_error = "You cannot enter a number as either the first or last name!</p>'; return false; } Then in the HTML below the first name field: <p>Your first name: <span class="required">*</span></p> <p><input type="text" name="first" size="40" placeholder="Ex: Paul"/></p> <?php if(isset($first_name_error)) { echo '<p>' . $first_name_error . '</p>';}?> I hope I have done what you suggested..

For my third problem, even I declared the error messages in a variable, it is still appearing above. In fact, when it appears, it appears only the error message, but not the form now.. If possible, can you suggest me a good free web hosting to upload tmy script to show you all? All the free web hosting are telling after 12 hours my page will be propagated. I know a hosting called Zymic, but it does not accept the mail () function.

For the "Header" part in the code, I forgot to remove when pasting the code here in the forum. I already removed it some hours ago. And yes, it is not stored in database so mysql_real_escape is useless here I think, but I did include the htmlentitities. I included the <?php echo $_SERVER['PHP_SELF'];?> because I am on localhost... I will change it to a page "thankyou.php" later to redirect the user to a thank you page when I will put it online. Huhh, for my second problem, will SESSION ideal to it?

Hello, I have coded a contact form in PHP and I want to know, if according to you, it is secure! I am new in PHP, so I want some feedback from you. Moreover, I have also two problems based on the contact form. It is a bit complicated to explain, thus, I will break each of my problem one by one. FIRST:The first thing I want to know, is if my contact form secure according to you: The HTML with the PHP codes: <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { //Assigning variables to elements $first = htmlentities($_POST['first']); $last = htmlentities($_POST['last']); $sub = htmlentities($_POST['subject']); $email = htmlentities($_POST['email']); $web = htmlentities($_POST['website']); $heard = htmlentities($_POST['heard']); $comment = htmlentities($_POST['message']); $cap = htmlentities($_POST['captcha']); //Declaring the email address with body content $to = 'alithebestofall2010@gmail.com'; $body ="First name: '$first' \n\n Last name: '$last' \n\n Subject: '$sub' \n\n Email: '$email' \n\n Website: '$web' \n\n Heard from us: '$heard' \n\n Comments: '$comment'"; //Validate the forms if (empty($first) || empty($last) || empty($sub) || empty($email) || empty($comment) || empty($cap)) { echo '<p class="error">Required fields must be filled!</p>'; header ('refresh= 3; url= index.php'); return false; } elseif (filter_var($first, FILTER_VALIDATE_INT) || filter_var($last, FILTER_VALIDATE_INT)) { echo '<p class="error">You cannot enter a number as either the first or last name!</p>'; return false; } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) { echo '<p class="error">Incorrect email address!</p>'; return false; } elseif (!($cap === '12')){ echo '<p class="error">Invalid captcha, try again!</p>'; return false; } else { mail ($to, $sub, $body); echo '<p class="success">Thank you for contacting us!</p>'; } } ?> <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post"> <p>Your first name: <span class="required">*</span></p> <p><input type="text" name="first" size="40" placeholder="Ex: Paul"/></p> <p>Your last name: <span class="required">*</span></p> <p><input type="text" name="last" size="40" placeholder="Ex: Smith"/></p> <p>Subject: <span class="required">*</span></p> <p><input type="text" name="subject" size="40" placeholder="Ex: Contact"/></p> <p>Your email address: <span class="required">*</span></p> <p><input type="text" name="email" size="40" placeholder="Ex: example@xxx.com"/></p> <p>Website:</p> <p><input type="text" name="website" size="40" placeholder="Ex: http//:google.com"/></p> <p>Where you have heard us?: <span class="required">*</span></p> <p><select name="heard"> <option>Internet</option> <option>Newspapers</option> <option>Friends or relatives</option> <option>Others</option> </select></p> <p>Your message: <span class="required">*</span></p> <p><textarea cols="75" rows="20" name="message"></textarea></p> <p>Are you human? Sum this please: 5 + 7 = ?: <span class="required">*</span></p></p> <p><input type="text" name="captcha" size="10"/></p> <p><input type="submit" name="submit" value="Send" class="button"/> <input type="reset" value="Reset" class="button"/></p> </form> SECOND PROBLEM:If a user has made a mistake, he gets the error message so that he can correct! However, when a mistake in the form occurs, all the data the user has entered are disappeared! I want the data to keep appearing so that the user does not start over again to fill the form. THIRD: When the erro message is displayed to notify the user that he made a mistake when submitting the form, the message is displaying on the top of the page. I want it to appear below each respective field. How to do that? In JQuery it is simple, but in PHP, I am confusing!

Oh ok.. Thank you, already modified it! How to make this thread as solved?

YES, IT WORKS NOW YEAHHHHHH! :) It was because of that damn it 'dot'. Now it is working perfectly! It is deleting! THANK YOU ALL GUYS HERE WHO TOOK PATIENCE TO HELP ME! Thank you verily! Only the problem of duplicate field remains now to tackle! How to mark this thread as solved?

GEEZZZZZZ, yes, I have included the dot myself! DAMN! Any way, I will try to code it right now, and will tell you about it... I am a real nut!

Here are the codes with the INSERT one: <?php if ( $_SERVER['REQUEST_METHOD'] == "POST" ) { $ee = htmlentities($_POST['enter']); if (!preg_match('/^[^0-9][a-zA-Z0-9_]+([.][a-zA-Z0-9_]+)*[@][a-zA-Z0-9_]+([.][a-zA-Z0-9_]+)*[.][a-zA-Z]{2,4}$/',$ee) || empty($ee)){ echo '<p class="fail">Failed...Try again!</p>'; } else { @mysql_connect ('localhost', 'root', '') or die ('A problem has occurred, refresh the page and try again!'); @mysql_select_db ('links') or die ('A problem has occurred, refresh the page and try again!'); $query = "INSERT INTO email (id, emailaddress) VALUES('NULL', '.$ee')"; mysql_query($query); echo '<p class="success">Successfully subscribed!</p>'; } } } ?>

The website is not online. I am stil making it. I used the same INSERT codes to put the email address in the database. The INSERT part is on my codes above...

How to fix that? The 'dot' is in the fields by its own! That's why I have asked if this is normal! If you can help me... I am new in PHP, it was just on Last Sunday I have started learning it...

I got this Litebearer: Notice: Use of undefined constant mysql_num_rows - assumed 'mysql_num_rows' in C:\xampp\htdocs\softwareportfolio\index.php on line 59 THERE WAS AN ERROR: Duplicate entry 'alithebest@gmail.com' for key 'emailaddress' Still trying to figure out...

Litebearer, Nope, I tried it but in vain! I have tried many many methods, but in vain. I have noticed that several posts on this are on the net...but no good answers yet... I am asking myself if should I let it like this!

I am sorry if I have not understood your question! I am having a headache since some hours...thus I have read your answers a bit too quickly! Well, after verifying again, it seems the table 'emailaddress' which stores the email addresses of course, there is a 'dot' at the beginning of all email addresses in the field. For example, the email address 'alitheest@gmail.com' is like this in the field '.alithebest@gmail.com'. Is this normal or because of this it is not working? I included a screenshot of it...

After correcting about the $duplicate which you told me, I am not getting any error now! The only problem is I am not getting the message which says that the email address is already registered! It is still saving the email address.

Here is the query string it gave me: Query String is : DELETE FROM email WHERE emailaddress ='alithebest@gmail.com' The email address above is among one which is stored in the database. Concerning the space, do you mean if there are spaces the names of tables, fields?? If yes, then NO! My database name is 'links', the table is 'email' and the two fields are 'id' and 'emailaddress'.

Yes, I corrected the error of $duplicate. Again the problem still here.. Here the codes you stated to me to correct: <?php if ( $_SERVER['REQUEST_METHOD'] == "POST" ) { $ee = htmlentities($_POST['enter']); if (!preg_match('/^[^0-9][a-zA-Z0-9_]+([.][a-zA-Z0-9_]+)*[@][a-zA-Z0-9_]+([.][a-zA-Z0-9_]+)*[.][a-zA-Z]{2,4}$/',$ee) || empty($ee)){ echo '<p class="fail">Failed...Try again!</p>'; } else { @mysql_connect ('localhost', 'root', '') or die ('A problem has occurred, refresh the page and try again!'); @mysql_select_db ('links') or die ('A problem has occurred, refresh the page and try again!'); $duplicate = "SELECT * FROM `email` WHERE `emailaddress` = '.$ee.'"; $query = "INSERT INTO email (id, emailaddress) VALUES('NULL', '.$ee')"; $result = mysql_query($duplicate); if ( $result == false ) { echo "THERE WAS AN ERROR: " . mysql_error(); die(); } else { mysql_query($query); echo '<p class="success">Successfully subscribed!</p>'; } } } ?>

The errors reporting etc...are turned ON in my PHP.INI. I tried your codes, but it is giving me the query: Here are the codes after modifying what you said: <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { $email = $_POST['enter']; mysql_connect ('localhost', 'root', '') or die ('Error'); mysql_select_db ('links') or die ('Error'); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { echo "Not an email"; return false; } else { $query = "DELETE FROM email WHERE emailaddress ='$email'"; echo "Query String is : " . $query . "<br />"; mysql_query($query) or die("Mysql Query Error: " . mysql_error()); } } ?>

It gives me this: Unknown column 'emailaadress' in 'where clause' I forgot to mention that the emailaddress field is UNIQUE key

Yes, I know I must wrap "$email = $_POST['enter'];" to $email = mysql_real_ecape_string($_POST['enter']); But I did it quickly...to test if the functionality is good, but I do not know why it is not deleting! There is no space etc... I was shocked to see why it is not deleting. In fact, on many websites they are giving the same example! That's why I have posted this problem on some forums to know why it is not working!

I'm sorry, I am new here!