magcr23
-
Posts
80 -
Joined
-
Last visited
Everything posted by magcr23
-
That works fine, thx for the help mate
-
Thx, you helped a lot. But how can i protect that? because if i use foreach( mysqli_real_escape_string($_POST['premio']) as $premio){ echo $premio . '<br />'; $query1 = mysqli_query($con, "INSERT INTO premio (idPremio, premio, idArtesao) VALUES (DEFAULT, '$premio', '$id')"); } The insert won't work
-
Hi guys, i have that code (pag1.php): if(isset($_POST['btnQuantos'])){ $quant = limpa($_POST["quantos"]); $quantidade = $quant; echo '<form action="add.php" method="POST" ><br/>'; echo '<input type="hidden" name="txtID" id="txtID" value="'.$ln1['id'].'">'; for($i = 0; $i < $quantidade; $i++){ echo 'Premio ' . ($i + 1) . ' '; echo '<input type="text" name="premio" Placeholder="Prémio" /> <br/><br/>'; } echo '<input type="submit" name="btnPremio" id="btnPremio" value="Adicionar"><br/>'; echo '</form>'; } and that (add.php): $id = limpa($_POST['txtID']); $premio = limpa($_POST['premio']); echo $id; echo '<br/>'; echo '$premio'; The problem is that when i do echo '$premio' it only echo the last input, let's image that the user chosed 10 textbox, it will only echo the the last one. How can i make it echo all of them?
-
thx
-
So i have this security: check if it's an image, check if the file name already exist in the destiny folder. Is this enough? Or should i have more? If yes, wich?
-
Yes i can see what you meen, explode won't work. I want to only allow jpg and png files, so-->$allowed = array('image/jpeg', 'image/png'); is this enough? or there are more mime tipes? like jpe....
-
It's not a problem since i don't tried to do it. Why? Because to use getimagesize i need to allow the user to upload any file to my server. And if they can upload anything probably i will have problems in the future. So, what's the best option? Allow upload any file to then i can use getimagesize? Or try something like that: (it's just an idea, i'm not using it, that's a code for test, not to the website) $str = "AAA. BBB. CCC. DDD. EEE"; $exts = explode("." , $str); $contagem = count($exts); $a = $exts[$contagem-1]; //echo $a; if(!in_array($exts[$a], $allowed)){ ...
-
It wasn't realy an bug but a stupid thing... The allowed extencions were all on UPPER CASE: @$allowed = array('PNG','JPEG','JPG'); when it should be: @$allowed = array('PNG','JPEG','JPG', 'png', jpeg', 'jpg'); Since it don't was an error but an forgetfulness of extensions it had no errors, i wasted 13h searching for an inixistent bug. But scootstah, explode is not the best option, but i think i'll not be able to use mime from getimagesize, so i was wondering, if there's an way to explode the last ".", i think that would work...
-
I have an question, the gold in all verifications is to the user don't upload anything to my server right? But to use getimagesize the file need's to be on the server. (i have it on the code but it's not doing anything i belive). So, what should i do? Allow any file upload and then use getimagesize? Change $destination to the temporary folder? Or am i completly wrong and miss understod the function?? Btw: I've already found the bug that wasn't allowing the upload of some files.
-
No errors, it just don't create the image, everything works fine less the image creation. If the extension is lower case it works, if it's UPPER CASE it returns empty CroNiX i know that i'm hidding them, i've already fixed them, it's only hided because it need to receive data from other page, and if the user just write on url the link to that page it will give some errors. Already tried what you said, and it gives me an extension error.
-
Hi guys, I have this code: <head> <meta charset="utf-8"> </head> <body oncontextmenu="return false"> <?php include("conexao.php"); include("funcao.php"); @$id = limpa($_POST["id"]); @$preco = limpa($_POST["novopreco"]); @$descricao = mysql_real_escape_string($_POST["novodesc"]); @$data = date('Y-m-d'); //PASTA PARA MOVER OS FICHEIROS @$destination = "image/"; if(isset($_FILES['files2'])){ if(!empty($preco)){ // INSERIR DADOS NA BD $query2= "UPDATE casa SET preco = '$preco' WHERE id = '$id'"; mysqli_query($con, $query2); } if(!empty($descricao)){ // INSERIR DADOS NA BD $query2= "UPDATE casa SET descricao = '$descricao' WHERE id = '$id'"; mysqli_query($con, $query2); } foreach($_FILES['files2']['tmp_name'] as $key => $tmp_name){ //NOME DO FICHEIRO @$value = $_FILES['files2']['name'][$key]; //LISTA DE EXTENÇÕES PERMITIDAS @$allowed = array('PNG','JPEG','JPG'); //VER QUAL É A EXTENÇÃO @$exts = explode("." , $value); @$info = getimagesize($destination . $value); //SE A EXTENÇÃO DO FICHEIRO NÃO ESTIVER NA LISTA DAS PERMITIDAS if(@!in_array($exts[1], $allowed)){ //echo 'extensao invalida <br/>'; //print_r( 'Ficheiro-->' . $value . '<br/>Extencao-->' . @$exts[1] . '<br/>Apenas imagens sao permitidas'); }else{ //SE A EXTENÇÃO DO FICHEIRO ESTIVER NA LISTA DAS PERMITIDAS //echo 'Ficheiro valido<br/>'; $type = $_FILES['files2']['type'][$key]; $size = $_FILES['files2']['size'][$key]; $error = $_FILES['files2']['error'][$key]; $tmp_name = $_FILES['files2']['tmp_name'][$key]; /*-------------------------------------------------------------*/ //VARIAVEIS PARA ALTERAR NOME (adicionar um numero a frente(1,2,3,4,5...) $i = 1; $actual_name = pathinfo($value,PATHINFO_FILENAME); $original_name = $actual_name; $extension = pathinfo($value, PATHINFO_EXTENSION); /*-------------------------------------------------------------*/ //REDIMENSIONAR IMAGEM $uploadedfile = $tmp_name; if($extension=="jpg" || $extension=="jpeg" || $extension=="JPG" || $extension=="JPEG" ){ echo 'jpg -- '.$value; $src = imagecreatefromjpeg($uploadedfile); } if($extension=="png" || $extension=="PNG"){ echo 'png'; $src = imagecreatefrompng($uploadedfile); } list($width, $height) = getimagesize($uploadedfile); $newWidth = 500; $newHeight = ($width / $height) * $newWidth; // VERIFICAR SE É UMA IMAGEM VÁLIDA if($imageInfo = getimagesize($tmp_name)){ //MOVER FICHEIRO PARA PASTA DESTINO (image) if(file_exists("image/". $value)){ //SE O FICHEIRO JA EXISTE //echo 'existe<br/>'; while(file_exists('image/'.$actual_name.".".$extension)){ $actual_name = (string)$original_name.$i; $nome = $actual_name.".".$extension; $i++; } $tmp = imagecreatetruecolor($newWidth, $newHeight); imagecopyresampled($tmp, $src, 0,0,0,0, $newWidth, $newHeight, $width, $height); if($extension=="jpg" || $extension=="jpeg" || $extension=="JPG" || $extension=="JPEG" ){ imagejpeg($tmp, "image/". $nome, 100); } if($extension=="png" || $extension=="PNG"){ imagepng($tmp, "image/". $nome); } imagedestroy($src); imagedestroy($tmp); //move_uploaded_file($tmp_name,"image/".$nome); $query1 = mysqli_query($con, "INSERT INTO `imagem` (id, caminho, casa) VALUES (DEFAULT, '$nome', '$id')"); }else{ //SE O FICHEIRO NAO EXISTE //move_uploaded_file($tmp_name, "image/".$value); //CRIAR A IMAGEM $tmp = imagecreatetruecolor($newWidth, $newHeight); imagecopyresampled($tmp, $src, 0,0,0,0, $newWidth, $newHeight, $width, $height); if($extension=="jpg" || $extension=="jpeg" || $extension=="JPG" || $extension=="JPEG" ){ imagejpeg($tmp, "image/". $value, 100); } if($extension=="png" || $extension=="PNG"){ imagepng($tmp, "image/". $value); } imagedestroy($src); imagedestroy($tmp); // MOSTRA INFO DO FICHEIRO, SE FOR IMAGEM //print_r($imageInfo); $query1 = mysqli_query($con, "INSERT INTO `imagem` (id, caminho, casa) VALUES (DEFAULT, '$value', '$id')"); } } } } //header('Location: ver.php'); }else{ echo '<h1 style="color:red" align="center"><b>É necessario alterar algum condomínio!</b></h1>'; } include("fimConexao.php"); ?> </body> The problem is: If i try insert: jpg files --> it does JPG --> it don't The most awkward think is that i have the exact same code in other page and it works very well, in this page i get this error, why?
-
HTML have any function to resize images? I was wondering if i could something like that: if(imgWidth != 500) or (imgHeight != 450){ resize image to width=500 height=450 } HTML can do that? Or will i need to use any script or external software?
-
Yeah i've already fixed that xD I was copy and past from other files and i forgot to erase that xD
-
Bug fixed
-
I guys, i found a bug in the code. There's a link where you can see all my code--> http://justpaste.it/m6n5 When i upload multiple files, all the files get na same name. If i upload 1 file and there's a file already with that name it gets: name.jpg, name1.jpg, name2.jpg, name3.jpg... If i upload 2 files (even if there's no one with the same name) it will gets: file.jpg file.jpg file1.jpg file1.jpg file1.jpg file1.jpg file1.jpg file1.jpg ... it should be: file1.jpg file2.jpg file11.jpg file21.jpg file12.jpg file 22.jpg file13.jpg file 23.jpg ... What am i doing wrong?
-
Thx, you helped me a lot. Which verifications an upload image should have? 1-Check if it's an image 2-Check if the file already exist (if it's true i add a number on the name, like 1.jpg-->11.jpg) any more verifications? or security? (like mysql_real_scape)
-
Yeah you're right, i've already figured that out xD I did it with that code: foreach($_FILES['files2']['tmp_name'] as $key => $tmp_name){ $destination = "image/"; $value = $_FILES['files2']['name'][$key]; $allowed = array('PNG','JPEG','JPG'); $exts = explode("." , $value); $info = getimagesize($destination . $value); if(!in_array($exts[1], $allowed)){ echo 'extensao invalida <br/>'; print_r( 'Ficheiro-->' . $value . '-----' . $exts[1] . '-->'); print_r($allowed); }else{ print_r($info); echo '<br/> Ficheiro valido<br/>'; echo 'Ficheiro-->' . $value . '-----' . $exts[1] . '-->'; print_r ($allowed); move_uploaded_file($tmp_name, "image/{$_FILES['files2']['name'][$key]}"); } } Now i can check if the file is an image and then move it to the folder, thx
-
I changed to that: foreach ($_FILES['files2']['name'] as $key => $value){ move_uploaded_file($tmp_name, "image/{$_FILES['files2']['name'][$key]}"); $destination = "image/"; print_r(getimagesize("image/".$value)); } If the file exist in "image" folder it returns the array, but if it don't it returns failed to open stream. So i think that move_uploaded_file is not working... How can i fix it?
-
I have this code: foreach ($_FILES['files2']['name'] as $key => $value){ move_uploaded_file($tmp_name, "image/{$_FILES['files2']['name'][$key]}"); print_r(getimagesize($value)); } and that's the result: Notice: Undefined variable: tmp_name in C:\Users\TheMagcr23\Documents\usb\root\condominio\alterar.php on line 20 Warning: getimagesize(arrow.txt): failed to open stream: No such file or directory in C:\Users\TheMagcr23\Documents\usb\root\condominio\alterar.php on line 21 All it does is return the name of the file, what's happening?
-
i'm doing that: if(isset($_FILES['files2'])){ $query2= "UPDATE casa SET preco = '$preco' , descricao = '$descricao' WHERE id = '$id'"; mysqli_query($con, $query2); foreach($_FILES['files2']['tmp_name'] as $key => $tmp_name){ move_uploaded_file($tmp_name, "image/{$_FILES['files2']['name'][$key]}"); $aa = $_FILES['files2']['name'][$key]; $size = getimagesize($aa); //echo $size; if($size == "image/jpg" || $size == "image/png" || $size == "image/jpeg"){ $query1 = mysqli_query($con, "INSERT INTO `imagem` (id, caminho, casa) VALUES (DEFAULT, '$aa', '$id')"); } } } With that i think it should insert only files jpg, png and jpeg, but i can insert everything... What am i doing wrong?
-
I made it work with that: if(isset($_FILES['files'])){ $query2 = mysqli_query($con, "INSERT INTO `casa` (id, preco, descricao) VALUES (DEFAULT, '$preco', '$desc')"); if($query2 == true){ $abc = mysqli_query($con, "SELECT * FROM `casa` ORDER BY `id` DESC"); $ln1 = mysqli_fetch_assoc($abc); $n = $ln1['id']; } foreach($_FILES['files']['tmp_name'] as $key => $tmp_name){ //echo $_FILES['files']['name'][$key] . '<br/>'; move_uploaded_file($tmp_name, "image/{$_FILES['files']['name'][$key]}"); $aa = $_FILES['files']['name'][$key]; $query1 = mysqli_query($con, "INSERT INTO `imagem` (id, caminho, casa) VALUES (DEFAULT, '$aa', '$n')"); } But how can i make sure that the file is an image? And if the size are bigger than 500x300 how can i resize it?
-
I have something like that: if(isset($_FILES['files'])){ foreach($_FILES['files']['tmp_name'] as $key => $tmp_name){ //echo $_FILES['files']['name'][$key] . '<br/>'; move_uploaded_file($tmp_name, "uploaded_files/{$_FILES['files']['name'][$key]}"); $aa = $_FILES['files']['name'][$key]; $query1 = mysqli_query($con, "INSERT INTO `imagem` (id, caminho) VALUES (DEFAULT, '$aa')"); } } When i insert in "imagem" database ir works fine (if upload 2 it insert 2 data), but when i try to insert into "main" database it will inserto also 2 times, when it sould be only 1 with the id's of the images, that's what i can't do :s
-
I know upload the files, i just don't know how to implement mysql with that.
-
I guys, i have this code: form: <form method="POST" action="upload.php" enctype='multipart/form-data'> <input type="text" name="preco" id="preco" placeholder="Preço" required>€ <p> <p> <input type="file" name="myfile" id="myfile" required> <p> Descrição: <p> <textarea name="descricao" id="descricao" required></textarea> <script type="text/javascript"> CKEDITOR.replace( 'descricao' ); </script> <p> <input type="submit" name="btnADD" id="btnADD" value="Adicionar"> </form> code to insert path into database and and move image to the file: $preco = limpa($_POST["preco"]); $desc = mysql_real_escape_string($_POST["descricao"]); $name = $_FILES["myfile"]["name"]; $type = $_FILES["myfile"]["type"]; $size = $_FILES["myfile"]["size"]; $temp = $_FILES["myfile"]["tmp_name"]; $error = $_FILES["myfile"]["error"]; $i = 1; $actual_name = pathinfo($name,PATHINFO_FILENAME); $original_name = $actual_name; $extension = pathinfo($name, PATHINFO_EXTENSION); $nome = $actual_name.".".$extension; $caminho = $name; if($error > 0){ die("Erro"); } else{ if($type == "image/jpg" || $type == "image/png" || $type == "image/jpeg"){ if(file_exists('image/' . isset($_FILES[$name]['name']))){ while(file_exists('image/'.$actual_name.".".$extension)){ $actual_name = (string)$original_name.$i; $nome = $actual_name.".".$extension; $i++; } echo "O upload do ficheiro " . $nome . " deu certo."; //mover ficheiro para pasta image move_uploaded_file($temp,"image/".$nome); //inserir produto //inserir caminho do ficheiro na base dados $caminho2 = $nome; $query1 = mysqli_query($con, "INSERT INTO `imagem` (id, caminho) VALUES (DEFAULT, '$caminho2')"); $query2 = mysqli_query($con, "INSERT INTO `casa` (id, preco, descricao, caminhoImagem) VALUES (DEFAULT, '$preco', '$desc', '$caminho2')"); } else{ //mover ficheiro para pasta image move_uploaded_file($temp,"image/".$name); //inserir caminho do ficheiro na base dados $caminho = $name; $query3 = mysqli_query($con, "INSERT INTO `imagem` (id, caminho) VALUES (DEFAULT, '$caminho')"); $query4 = mysqli_query($con, "INSERT INTO `casa` (id, preco, descricao, caminhoImagem) VALUES (DEFAULT, '$preco', '$desc', '$caminho')"); } } else{ die("Tipo/tamanho nao suportado"); } } my data base: db main: id price description path db img: id path How can i modify that to be able to upload multiple files? I have the idea of give to the user 3 upload fields, and if they press a button it add another upload field. When press upload button it save all files in "db img" and in "db main" (path) it saves all id's from the images. Is that possible? How can i do it? Do i need to change my database?(i think my insert idea is a bad one, maybee would be better add or delete some fields) Btw: I know that if i use <input type="file" name="myfile" id="myfile" required multiple> i can select multiple files, but how can i insert them all to the db? i can only insert the last selected
-
Hi guys, i have this code: $u = mysqli_query($con, "SELECT * FROM `produtos` "); while($uu = mysqli_fetch_assoc ($u)){ $nome_Produto = $uu['nome']; $contagem = mysqli_query($con, "SELECT COUNT(*) as contagem FROM `carrinho` WHERE produto = '$nome_Produto' "); $i = mysqli_fetch_array($contagem); echo $nome_Produto . ' - ' . @$i[contagem] . '<br/>'; } That's the result: pc1 - 2 pc2 - 1 pc3 - 0 pc4 - 3 How can i order that by the number? I want this result: pc4 - 3 pc1 - 2 pc2 - 1 pc3 - 0