nickd_101

Hi, I've developed a website on a local PHP server, and have just uploaded it to my webspace. I have a script that resizes and uploads images to the server for display on various articles. However, when a user uploads an image file the following error is displayed: Warning: move_uploaded_file(images/user/johnny.JPG): failed to open stream: Permission denied in /home/onestops/public_html/add_property.php on line 131 Warning: move_uploaded_file(): Unable to move '/var/tmp/phpvK4cZK' to 'images/user/johnny.JPG' in /home/onestops/public_html/add_property.php on line 131 The corresponding code is: $imagedetails= "main"; $image_caption = $_POST['image_caption']; $image_username = $Property_ID; $image_tempname = $_FILES['image_filename']['name']; $today = date("Y-m-d"); //upload image and check for image type $ImageDir ="images/user/"; $ImageThumb = $ImageDir . "thumbs/"; $ImageName = $ImageDir . $image_tempname; if (move_uploaded_file($_FILES['image_filename']['tmp_name'], $ImageName)) { //get info about the image being uploaded list($width, $height, $type, $attr) = getimagesize($ImageName); Can anyone see any solutions to the problem, as i've had help from the space provider (startlogic) but i can't see any problem with the code? Thanks for the help, Nick

thanks very much for the help, i'll give it a try soon

Hi, I'm attempting to "secure" a form on my website. I want to stop people using XSS and running rogue code in the forms. I'm attempting to use an example i found in a book: <?php     $clean = array();     $html = array();     /* Filter Input ($name, $comment) */     $html['name'] = htmlentities($clean['name'], ENT_QUOTES, 'UTF-8');     $html['comment'] = htmlentities($clean['comment'], ENT_QUOTES, 'UTF-8');     echo "<p>{$html['name']} writes:<br />";     echo "<blockquote>{$html['comment']}</blockquote></p>";     ?> this works allowing me to stop some html use but not all. Also it just leaves a blank space. Is there anyway to extract the text that the user attempts to post?

Hi, Thanks for the help. Made the correct modifications and it all works perfectly.

Hi, I was looking for help with distinguishing between user types on my website. I currently have a table in my MySQL database containing users, and within that table the "type" of user is identified (either agent or purchaser). I then proceed to initiate a session as  normal, extracting the type column for each user as they login using $_SESSION['type']. This seems to function ok, when i use an echo, the PHP prints the user type out and it seems to work. However, i'm trying to restrict access to a page using an if statement so i have if((@$_SESSION['auth']) && ($_SESSION['type']='agent')) { //Show page content } else { //Don't show content } However, when i do this, the page restriction does not work. I've experiment with variations on the above code, and had success initially, but the $_SESSION['type'] actually appears to change itself when i modify the code on some occasions, e.g. I managed to get functionality as required when i used ...['type']!='purchaser' Any ideas as to the problem, or any suggestions as to an alternative method of distinguishing between member types. Thanks Nick

Hi, I'm just coming to final stages of creating a website which includes several forms (noticeboards, making listings, registration etc.) I've been testing the site on my PC with apache and remembering an article i read in a book, tried out some HTML code finding that it would function as normal. I'm just a bit worried as the forms could thus be used to initiate malicious code and seriously undermines security. Can anyone point me in the right direction to securing the forms. I'm using MySQL database Thanks, Nick

Thanks for the help. Worked perfectly!

Hi, I'm working on a script that will paginate results of a query submitted by a form. Basically, I have the query "SELECT * FROM property WHERE City ='$city' AND Rooms='$rooms' the two variables $rooms and $city are passed to the script from a preceding search form. Everything works ok until i seek to paginate the results, to reduce the pages sizes. I know where the problem is, it's just trying to get around it that's causing me problems! What's happening is once a user clicks to view the next page, I receive the error: Notice: Undefined index: City in C:\Server\Apache2\htdocs\Test2\search_basic.php on line 34 I understand that this is because the form is not used to pass the data onto the PHP script once i open the next page, so I added the following to my script if ($pageno != 1){ $city = $_GET['City']; $rooms = $_GET['Rooms']; } else { $city = $_REQUEST['City']; $rooms = $_REQUEST['Rooms']; } and made my page navigation links: <a href='search_basic.php?pageno=$nextpage?City=$city?Rooms=$rooms'>NEXT</a> I thought that this would then pass the values for City and Rooms on from the hyperlink back into the script, as it realises that the page number is no longer 1 (i've checked this using an echo). I think the problem in passing the values on, but i'm fairly new to PHP so i'm struggling to find a workaround Any ideas? Thanks for your assistance, Nick