justAnoob

i forgot to mention that I am with godaddy on a windows server with IIS7

I have an upload script which I can upload videos to my server. When I do a test upload, with a file size of 16mb, at about the 1 minute 40 second mark, i get the "Internal Error 500" message. From what I have read, my server is not giving me enough time to allow the script to finish. I have tried this in my script <?php set_time_limit(300); //this should be 3 minutes, right? ?> but it has no affect on keeping the script running. I think the script knows to keep running but the server is saying no. There has to be a way to allow the script to complete. Does anyone have a solution?

ah, i see thank you for your help.

you blew my head off with that one. Can you explain a little in depth?

my second post on this thread is showing the script which displays the info from the db.

making sure it is numeric, i understand that. i can take care of that. As far as the script that posts the comment. Here is what I got. Is is a small script. I always see these huge scripts on google that just insert info into a database. How much further can this be taken to make sure it is somewhat secure? Thanks for all the info <?php session_start(); include 'connection.php'; $comment = mysql_real_escape_string($_POST["comment"]); $posted_on = mysql_real_escape_string($_POST["posted_on"]); $username_id = mysql_real_escape_string($_SESSION['who']); $track_id = mysql_real_escape_string($_SESSION['track_id']); $sql = "INSERT INTO comments (comment, track_id, username_id, posted_on)VALUES('$comment','$track_id', '$username_id', '$posted_on')"; if (mysql_query($sql)) { $url = $_SESSION['url']; header("location:" . $url); } else { echo 'put error here'; } mysql_close(); ?>

so as long as mysql_real_escape_string is used when entered in the database, is this a fairly safe way to display the info? <?php include 'connection.php'; $trackid = mysql_real_escape_string($_GET['trackid']); $_SESSION['track_id'] = $trackid; $sql = 'SELECT imgpath FROM tracks WHERE id = ' . $trackid . ' LIMIT 1'; $result = mysql_query($sql); while($row = mysql_fetch_assoc($result)) { echo '<img src="' . $row['imgpath'] . '" />'; } mysql_close; ?>

I got a little form with a text area. a user can enter a comment and then it gets inserted into the database. right now on the i'm using mysql_real_escape_string($_POST['var']) and then to display it I'm using echo $row['var'] It works, but am I in danger of my db be destroyed? That way that I have it setup a user can type in something like a'a'a b"b"b" (10/10) and it gets entered into the db just like that then when it gets echoed, it looks just fine. Is this bad. What else should I be doing to secure these comment boxes of mine. btw, in mysql the column is set to TEXT, if that means anything. Thanks.

oh sorry gizmola, i will take a look at it. thanks.

So what would be the best captcha to use?

thanks.

I posted a threat about protecting against spam bots, where did it go? lol

I've noticed on a lot of websites where users can posts comments, or even in the forum sections of some sites, that there is a ton of spam. so much that is is almost impossible to post a comment that will be seen. What is the best way to keep spam bots away from posting all that &^$@%$^! (spam i mean)? From what I understand for a spam bot to work, the bot must first have registered on your site, as long as it is setup where only registered users can post a comment. So would just having a simple php captcha on the registration do the trick. Or are ther better alternatives to acheiving a spam free comments section and/or forum section?

ooppss, thanks.

just looking to get the 3 most recent records. can't seem to get this. see anything wrong? <?php $sql = mysql_query('SELECT id, category, track_name, username_id FROM tracks WHERE category = "supercross" ORDER BY DESC LIMIT 0, 3'); ?>

thanks for all the help. I'll do some research tomorrow. thanks again.

hey, that did the trick. what exactly does the ".." mean?

so the actual directory where the images should go is mylahstone/trackimages the directory is there on my server and the permissions are set to be writable. I'm very confused here.

the error is actually the directory mylahstone/trackimages/xxxxxx.jpg I changed that.

Here is the upload script. Like I said, on my other site it works just fine. Just on this site, it will not work. Here is on of the errors I'm getting. copy(userimages/trackimages/1264460369.jpg) [function.copy]: failed to open stream: No such file or directory (blah blah) line 57 <?php // this is my text field on my upload page // <input name="image" class="textbox" type="file" id="image" size="40" input="input" /> // yes, it is inside of a form with the right actions session_start(); include "connection.php"; $track_name = mysql_real_escape_string($_POST['track_name']); $description = mysql_real_escape_string($_POST['description']); $category = mysql_real_escape_string($_POST['category']); $created_on = mysql_real_escape_string($_POST['created_on']); define ("MAX_SIZE","1000"); function getExtension($str) { $i = strrpos($str,"."); if (!$i) { return ""; } $l = strlen($str) - $i; $ext = substr($str,$i+1,$l); return $ext; } $errors=0; if(isset($_POST['submit'])) { $image=$_FILES['image']['name']; if($image) { $filename = stripslashes($_FILES['image']['name']); $extension = getExtension($filename); $extension = strtolower($extension); if (($extension != "jpg") && ($extension != "jpeg")) { echo 'error'; $errors=1; exit(); } else { $size=filesize($_FILES['image']['tmp_name']); if ($size > MAX_SIZE*1024) { echo 'error'; $errors=1; exit(); } $tname = time(); $image_name=$tname.'.'.$extension; $newname="mylahstone/trackimages/".$image_name; // LINE 57 $copied = copy($_FILES['image']['tmp_name'], $newname); $image_thumb=$tname.'-thumb.'.$extension; $newthumbname="mylahstone/trackimages/".$image_thumb; $width = 100; $height = 100; list($width_orig, $height_orig) = getimagesize($newname); $ratio_orig = $width_orig/$height_orig; if ($width/$height > $ratio_orig) { $width = $height*$ratio_orig; } else { $height = $width/$ratio_orig; } $image_p = imagecreatetruecolor($width, $height); $image = imagecreatefromjpeg($newname); imagecopyresampled($image_p, $image, 0, 0, 0, 0, $width, $height, $width_orig, $height_orig); imagejpeg($image_p, $newthumbname, 100); imagedestroy($image); imagedestroy($image_p); if (!$copied) { echo 'error'; $errors=1; exit(); } } } } // if everything is good, post new item for the user $mysqlcategory = $category; $imgpath = $newname; $thumb = $newthumbname; $findit = $_SESSION['who']; $result=mysql_query("SELECT id FROM members WHERE username = '$findit'"); $row=mysql_fetch_assoc($result); $user_id = $row['id']; $sql = "INSERT INTO MY_TABLE(track_name, description, imgpath, thumb, category, user_id, created_on)VALUES('$track_name','$description', '$imgpath', '$thumb', '$mysqlcategory', '$user_id', '$created_on')"; mysql_query($sql) or die(mysql_error()); // go to confirmation page if upload is completed. if(isset($_POST['submit']) && !$errors) { unset($_SESSION['toobig']); unset($_SESSION['badformat']); unset($_SESSION['notcopy']); header("location: http://www.MYSITE.com/index.php"); exit(); } mysql_close(); ?>

yes, i'll post up some code after work.

I am having trouble uploading a picture to a directory on my server. First off, i have 2 domain names, domain 1 and domain 2 With domain 1 i have the exact same upload script that I am trying to make work with domain 2. Domain 1 works great. The problem with domain 2 is it cannot find the directory that i wish to upload the image to. $newname="userimages/trackimages/".$image_name; it is telling me that the directory does not exist. I know it is there and yes I did make the directory writable. Anyone know what is going on?

man dude i feel stupid right now, table length was set way too low. Solved, thanks everyone.

i took the encryted password from the database and entered it in the password field on the form. Then took out the md5 on the login script. Then when i log in, it works. It is something with the md5 on the login script.

no errors, i'm stumped why this won't work.