dennismonsewicz

Ok I know the subject of this post sounds odd, but let me explain. I have built an upload script that people can upload files onto a server. I am wanting to be able to search the filename of the upload for odd characters such as, underscores, and be able to replace them with a dash. Any ideas on how to achieve this?

Hmmmm... well the problem with writing the .htaccess file is that we are running IIS not apache so I suppose the way around that would be: to have the files uploaded into a folder and have a PHP file that will check against login credentials?

Hmmm, Aight I will try that. But wouldn't a person be able to download the image(s) if he/she knew the direct path to the image?

Is there a way to dump the image into a Database?

Here is my code: Upload.php: <?php include "includes/header.php"; include "includes/sidebar.php"; $_SESSION['username'] = $_GET['username']; ?> <div class="maincontent"> <div class="maincontentheader"> <h2><?php echo ucwords($_SESSION['username']); ?>, use the form below to upload an image!</h2> </div> <form enctype="multipart/form-data" method="post" action="uploadfile.php?username=<?php echo $_SESSION['username']; ?>"> <input type="hidden" name="MAX_FILE_SIZE" value="200000000" /> <p><input name="userfile" type="file" id="userfile" /></p> <p><input type="submit" name="upload" id="upload" value=" Upload " /></p> </form> <div class="maincontentfooter"> </div> </div> <?php include "includes/footer.php"; ?> uploadfile.php: <?php include "includes/header.php"; include "includes/sidebar.php"; $_SESSION['username'] = $_POST['username']; ?> <div class="maincontent"> <div class="maincontentheader"> <h2><?php echo ucwords($_SESSION['username']); ?>, thank you for your upload!</h2> </div> <?php if(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0) { $fileName = $_FILES['userfile']['name']; $tmpName = $_FILES['userfile']['tmp_name']; $fileSize = $_FILES['userfile']['size']; $fileType = $_FILES['userfile']['type']; $fp = fopen($tmpName, 'r'); $content = fread($fp, filesize($tmpName)); $content = addslashes($content); fclose($fp); if(!get_magic_quotes_gpc()) { $fileName = addslashes($fileName); } include "includes/sql.php"; $query = "INSERT INTO uploads (username, name, size, type, content ) ". "VALUES ('" . $_SESSION['username'] . "', '$fileName', '$fileSize', '$fileType', '$content')"; mysql_query($query) or die('Error Message = ' . mysql_error()); echo "<p>File $fileName uploaded</p>"; } ?> <div class="maincontentfooter"> </div> </div> <?php include "includes/footer.php"; ?> Here is my SQL ERROR MESSAGE: Error Message = You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'R�ggdg�>��Xnn֗ ��>��&�ҩ���vť֝�j�}9"��\vq,c�]�k����Ei�����b�O��>�єz' at line 1 Now I have been able to upload two files into the database but for some reason it is a hit and miss with the upload. And my login credentials are dropped after the upload for some reason. Any ideas?

Found it! Thanks again!

In setting up the field for the timestamp in MySQL do i need to tell the timestamp field to auto_increment or will it do it on its own? I am using PHPmyadmin

Thanks for everyone's help!

aight thanks will do

Is there a way to create a current timestamp and record the timestamp into a database?

TOPIC SOLVED!

Ok I did that but it is still doing the same thing. Any other ideas?

When you say at the top where do you mean?

<div class="login"> <p>Please Login to Utilize Your Account</p> <form action="index.php" method="post" name="loginform"> <input type="text" id="username" name="username" /> <input type="password" id="password" name="password" style="clear: right;" /> <input type="image" src="images/loginbutton.jpg" style="width: 66px; height: 33px; float: right; margin-right: 7px;" /> </form> <div class="loginfooter" style="clear: both;"> </div> </div>

same screen without a message

Here is my code: <?php if($_POST) { //If the form has been submitted $host = "localhost"; $db_username = "username"; $db_password = "password"; $db_name = "dbname"; mysql_connect("$host","$db_username","$db_password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannt select db"); $username = stripslashes($_POST['username']); $password = stripslashes($_POST['password']); $sql = "select * from db_table where username = '$username' and password = '$password'"; $result = mysql_query($sql); $count = mysql_num_rows($result); if($count == 1) { session_register("username"); session_register("password"); session_start(); header("location: " . SITE_URL . "?username=" . $username . ""); } else { echo '<div class="login"> <p>Wrong username and password!</p> <form action="index.php" method="post" name="loginform"> <input type="text" id="username" name="username" /> <input type="password" id="password" name="password" style="clear: right;" /> <input type="image" src="images/loginbutton.jpg" style="width: 66px; height: 33px; float: right; margin-right: 7px;" /> </form> <div class="loginfooter" style="clear: both;"> </div> </div>'; } } else { //Else, no post data. Form hasn't been submitted if($_SESSION) { //Is the user logged in? YES! echo '<div class="login"> <p>Welcome, ' . ucwords($_SESSION['username']) . '</p> <p style="text-align: left; padding-left: 10px;"><a href="includes/logout.php">Logout?</a></p> <p style="text-align: left; padding-left: 10px;">View Profile</p> <p style="text-align: left; padding-left: 10px;">My Photos</p> <div class="loginfooter" style="clear: both;"> </div> </div>'; } else { //User isn't logged in echo '<div class="login"> <p>Please Login to Utilize Your Account</p> <form action="index.php" method="post" name="loginform"> <input type="text" id="username" name="username" /> <input type="password" id="password" name="password" style="clear: right;" /> <input type="image" src="images/loginbutton.jpg" style="width: 66px; height: 33px; float: right; margin-right: 7px;" /> </form> <div class="loginfooter" style="clear: both;"> </div> </div>'; } } ?> The username is passed to the URL but does not display the Welcome, $username, the script just keeps reshowing the login form Any ideas?

RHODESA YOUR A GENIOUS! I took the code out of the switch and placed in another file called excel.php and then linked over to it and it worked! There was something happening in the switch Everything works like a charm now! You ROCK!

I even had a coworker go to the exact link and on a windows machine using Office 03 and still is having the same problem

Ok... I clicked your link and was able to open it. I updated the PHP script, and still the same problem. I did notice this though: When I click on my link and try to open it, Excel displays this message: But when I click on your link it works and does not display the above message

Sure here is the code I am using: The following is my code in my switch case "export": include "../includes/db_login.php"; include "excelWriter.inc.php"; $excel=new ExcelWriter(); $myArr=array("Id","Product","Company","Description","Web Address","Last Used","Where product was last used","Is product active or inactive?"); $excel->writeLine($myArr); $query = "SELECT * FROM table_name"; $result = mysql_query($query); if(!$result){ die("Could not query the database: <br/>" . mysql_error()); } while($row = mysql_fetch_array($result, MYSQL_ASSOC)){ $id = $row['rowid']; $company = $row['company']; $product = $row['product']; $description = $row['description']; $web = $row['web']; $last = $row['last']; $used = $row['used']; $active = $row['active']; $myArr = array($id,$product,$company,$description,$web,$last,$used,$active); $excel->writeLine($myArr); } $excel->send('hr'); exit; } /* END SWITCH */ Here is the code I am using for my include: <?php class ExcelWriter{ var $data = null; var $filename = null; var $newRow = false; function ExcelWriter(){ } function writeLine($line_arr){ if(!is_array($line_arr)){ trigger_error("Error : Argument is not valid. Supply an valid Array.",E_USER_WARNING); return false; } $this->data .= " <tr>\n"; foreach($line_arr as $value) $this->data .= " <td class=xl24 width=64 >{$value}</td>\n"; $this->data .= " </tr>\n"; } function send($filename = null){ if($filename){ header ( "Expires: Mon, 1 Apr 1974 05:00:00 GMT" ); header ( "Last-Modified: " . gmdate("D,d M YH:i:s") . " GMT" ); header ( "Pragma: no-cache" ); header ( "Content-type: application/x-msexcel" ); header ( "Content-Disposition: attachment; filename={$filename}.xls" ); } print $this->GetHeader(); print $this->data; print $this->GetFooter(); if($filename) exit; } function GetHeader(){ ob_start(); ?> <html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns="http://www.w3.org/TR/REC-html40"> <head> <meta http-equiv=Content-Type content="text/html; charset=us-ascii"> <meta name=ProgId content=Excel.Sheet> <!--[if gte mso 9]><xml> <o:DocumentProperties> <o:LastAuthor>Sriram</o:LastAuthor> <o:LastSaved>2005-01-02T07:46:23Z</o:LastSaved> <o:Version>10.2625</o:Version> </o:DocumentProperties> <o:OfficeDocumentSettings> <o:DownloadComponents/> </o:OfficeDocumentSettings> </xml><![endif]--> <style> <!--table {mso-displayed-decimal-separator:"\."; mso-displayed-thousand-separator:"\,";} @page {margin:1.0in .75in 1.0in .75in; mso-header-margin:.5in; mso-footer-margin:.5in;} tr {mso-height-source:auto;} col {mso-width-source:auto;} br {mso-data-placement:same-cell;} .style0 {mso-number-format:General; text-align:general; vertical-align:bottom; white-space:nowrap; mso-rotate:0; mso-background-source:auto; mso-pattern:auto; color:windowtext; font-size:10.0pt; font-weight:400; font-style:normal; text-decoration:none; font-family:Arial; mso-generic-font-family:auto; mso-font-charset:0; border:none; mso-protection:locked visible; mso-style-name:Normal; mso-style-id:0;} td {mso-style-parent:style0; padding-top:1px; padding-right:1px; padding-left:1px; mso-ignore:padding; color:windowtext; font-size:10.0pt; font-weight:400; font-style:normal; text-decoration:none; font-family:Arial; mso-generic-font-family:auto; mso-font-charset:0; mso-number-format:General; text-align:general; vertical-align:bottom; border:none; mso-background-source:auto; mso-pattern:auto; mso-protection:locked visible; white-space:nowrap; mso-rotate:0;} .xl24 {mso-style-parent:style0; white-space:normal;} --> </style> <!--[if gte mso 9]><xml> <x:ExcelWorkbook> <x:ExcelWorksheets> <x:ExcelWorksheet> <x:Name>srirmam</x:Name> <x:WorksheetOptions> <x:Selected/> <x:ProtectContents>False</x:ProtectContents> <x:ProtectObjects>False</x:ProtectObjects> <x:ProtectScenarios>False</x:ProtectScenarios> </x:WorksheetOptions> </x:ExcelWorksheet> </x:ExcelWorksheets> <x:WindowHeight>10005</x:WindowHeight> <x:WindowWidth>10005</x:WindowWidth> <x:WindowTopX>120</x:WindowTopX> <x:WindowTopY>135</x:WindowTopY> <x:ProtectStructure>False</x:ProtectStructure> <x:ProtectWindows>False</x:ProtectWindows> </x:ExcelWorkbook> </xml><![endif]--> </head> <body link=blue vlink=purple> <table x:str border=0 cellpadding=0 cellspacing=0 style='border-collapse: collapse;table-layout:fixed;'> <?php return ob_get_clean(); } function GetFooter(){ return "</table></body></html>"; } } ?>

ok... so I commented out the first thing, to just get the headers to come through and it did not work. So something is wrong somewhere, obviously everything is spelled correctly. I am running this script inside of a switch with a case name of export.

Sorry about not getting back with everyone late yesterday. I left work and then a bad storm came through the area so no internet. I am at work now working on the script now. I will be in contact today. Thanks again for everyone's help!

Yep I am using the exact file you uploaded. It opens Excel but cannot open the XLS file spreadsheet itself. I have even tried on another computer and it cannot open the spreadsheet. Any thoughts?

I can run the example script. I am trying to run the modified script from rhodesa. I am going to probably have to revert back to the old one i guess

I have office 04 (MAC) But I sent it to a co worker who has office 03 (windows) and it still did not open