sid0972
-
Posts
50 -
Joined
-
Last visited
Posts posted by sid0972
-
-
This is the error
PHP Notice: Undefined index: valid_user in /var/www/work/fns/display_images.php on line 3 <img src="./uploads/" /> PHP Notice: Undefined offset: 1 in /var/www/work/fns/display_images.php on line 7 <img src="" />
i think its not accepting the session variable.
and i'll try hardcoding the username this time.
-
i have a script to allow each member to store images in a folder named after him, so that they are exclusive to that particular member only.
Now when i try to retrieve it, i get error.
any ideas what might be wrong here??
<?php session_start(); $pictures = glob("./uploads/".$_SESSION['valid_user']."/"); $no_pictures = count($pictures); for( $i = 0; $i <= $no_pictures; $i++) { echo "<img src=\"".$pictures[$i]."\" />\n"; } ?>
thanks
-
i solved it
i used this script and applied the same modification and everything works fine now
-
here is the script i am using
<?php session_start(); define ("MAX_SIZE","10000"); function getExtension($str) { $i = strrpos($str,"."); if (!$i) { return ""; } $l = strlen($str) - $i; $ext = substr($str,$i+1,$l); return $ext; } $errors=0; if(isset($_POST['Submit'])) { for($i=0; $i<count($_files['image']['name']);$i++) { $image=$_FILES['image']['name']; if ($image) { $filename = stripslashes($_FILES['image']['name']); $extension = getExtension($filename); $extension = strtolower($extension); if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) { echo '<h1>Unknown extension!</h1>'; $errors=1; } else { $size=filesize($_FILES['image']['tmp_name']); if ($size > MAX_SIZE*1024) { echo '<h1>You have exceeded the size limit!</h1>'; $errors=1; } $directoryPath = "images/".$_SESSION['valid_user']; if (is_dir($directoryPath)) { echo "exists<br>"; $image_name=time().'.'.$extension; $newname="/images/".$_SESSION['valid_user']."/".$image_name; } else { echo "not exists"; $directorypaths = "images/".$_SESSION['valid_user']; mkdir($directorypaths, 0755); $newname="/images/".$_SESSION['valid_user']."/".$image_name; } $copied = copy($_FILES['image']['tmp_name'], $newname); if (!$copied) { echo '<h1>Copy uunsuccessfull!</h1>'; echo "<a href=\"member.php\">Click</a>"; $errors=1; }}}}} if(isset($_POST['Submit']) && !$errors) { echo "<h1>File Uploaded Successfully! Try again!</h1>"; echo "<a href=\"member.php\">Click</a>"; } ?> <form name="newad" method="post" enctype="multipart/form-data" action="image_upload.php"> <table> <tr><td><input type="file" name="image"></td></tr> <tr><td><input name="Submit" type="submit" value="Upload image"></td></tr> </table> </form>
i copied this from somewhere and modified it a bit.
I want it to check if a directory of the name of current user is already in the /images folder, and if not, it should create a directory by the name of current user and save images in there.
So i added this part here
$directoryPath = "images/".$_SESSION['valid_user']; if (is_dir($directoryPath)) { echo "exists<br>"; $image_name=time().'.'.$extension; $newname="/images/".$_SESSION['valid_user']."/".$image_name; } else { echo "not exists"; $directorypaths = "images/".$_SESSION['valid_user']; mkdir($directorypaths, 0755); $newname="/images/".$_SESSION['valid_user']."/".$image_name; }
and i would take a guess that this part is not working.
Any help is appreciated.
-
i doubt OP's coming back now
-
cool its working now
thanks both of you
-
I just did
OK Here's the served-up-on-a-plate answer
Instead of VARCHAR(xx) use DECIMAL(8,3)
i thought it was a function of php
but kicken cleared it well and good.
-
till now my guess was this
/^\d+\.?\d{1,2,3}$/
It should accept a whole number, like 123456 or a decimal, like 123.456, but should allow MAX 3 decimal places.
but this isn't seem to be working.
what's wrong with it??
-
can i have an example please?
-
silly me
varchar() works fine.
thanks for looking though
-
i already have the particular column as float, and input is of the form 9999.999
i dont think if number_format's going to be of much help here.
What should i use??
-
so this is a path
and everything after google.com is a param
https://www.google.c...iw=1855&bih=968
right?
-
oh ok
is there any way i can tell if there's a problem with a regex, or i just have to look at it?
-
@christian f
can you tell me the difference between URL path and URL param??
does URL parameters include GET values??
-
nevermind i found it.
function check_system($input) { $expr = '/^[0-9a-zA-Z ]+$/'; if(preg_match($expr,$input)) { return true; } else { return false; } }
-
following is the regex to match several words,letters and spaces, but it seems i got it wrong.
$expr='/^[a-zA-Z0-9 ]*{2,36}$/'; if(preg_match($expr,$input)) { echo "good "; } else { echo "not good"; }
can anyone tell me Whats wrong?
-
thats more like it
thanks for this answer
-
i havent salted the passwords but have used sha1
will salt them, that i had in mind
what i was asking for was what,apart from mysql real escape string, should i use>??
stripslashes, pregs
what am i missing?
apart from cross scripting and os injection and other big types of attacks
-
thanks for the reply but both answers are above my head
link or a detailed explanation would be appreciated
-
as the title suggests, what steps do i need to take to give a website a reasonable amount of security?
i know about mysql_real_escape_string and have googled a bit regarding this topic.
what else do i need to do??
-
-
i know about the auto_increment field, was not using it cause it had to be primary....
anyways, i could store them alright, but how would i retrieve them???
consider there is a particular user, who has uploaded a photo.
Now, if someone comments on it, how would i know that "that" particular comment belongs to that photo ?
How would i assign id's to that thing?
-
so what am i doing is not the worst approach??
-
it is similar to posts on forums, or comments in wordpress.
What i was thinking, to have a table structure like this
username varchar,
actual_msg text,
post_id smallint
now when submitting the content to the database, i will run the query to increment the post_id, and hold it in a variable, say $var.
When it has been saved in the database, i will use the $var to fetch the message.
But, if a user submits the message and it is not submitted and the post_id is incremented, that row would remain empty.
And if a deadlock occurs, i dont know what will happen in that case.
Can anyone tell me what approach should i use?
Also, using locks in mysql is feasible?
[SOLVED] Fatal error: Cannot break/continue 1 level.....
in PHP Coding Help
Posted · Edited by sid0972
i get the same error, but the problem is that i dont have the bracket problem as iamz3r0 faced, i really have to use break.
and if i cant use break, what can i use?