Upload Images Script To Certain Directory

[Xtremer360]

Okay well it placed the showname and type in a new row in my table correctly however it didn't put an integer automatically in the id spot which is obviously the primary key and it didn't put the filename.extention in the showimage field in the table nor has it yet to place the image itself into the directory. It's like its still out in outerspace and not going into the folder.

[gaza165]

dont worry about the stuff going into the db yet

 

i am uploading stuff and it seems to be going into the correct folder

[Xtremer360]

Nevermind on it not posting the image into the folder. I had to correct the php.ini file and delete the part of the max size of what an image coudl be to upload.

[gaza165]

so is it working or not????

[Xtremer360]

It inserts the file into the correct folder yes.

 

Okay well it placed the showname and type in a new row in my table correctly however it didn't put an integer automatically in the id spot which is obviously the primary key and it didn't put the filename.extention in the showimage field in the table.

[gaza165]

have u set the id in your database table to auto_increment??

[Xtremer360]

yes I have.

[gaza165]

log into ur phpmyadmin and show me the structure of the table...

 

 

[Xtremer360]

Nevermind I forgot to but did now.

[gaza165]

clear the contents of ur images folder

[Xtremer360]

Why do you want me to clear all my images?

 

I have the id (autoincrement) field working properly now. So now the only thing that needs fixed is it taking the filename.extention part of the upload and placing that string into the database entry.

[gaza165]

ok heres what u need

 

change ur query too

 

$insert = "INSERT INTO shows (showname, type, showimage) VALUES ('".$_POST['showname']."','".$_POST['type']."','$target_path')";

[Xtremer360]

That part works however now of a sudden it won't put it in the folder.

[Xtremer360]

Nevermind it just took a while.

[gaza165]

LOL this is getting silly

 

 

also... you should reduce your uploader to only images or the file type you want them to upload becuase that means users can upload anything!!!

 

this leaves your site open for attacks and vunrability to your db

 

 

Gaz

[Xtremer360]

Okay problem is now every once in a while it just deletes the table. Why is that?

[gaza165]

because as i have just explained..... you should limit ur upload to the file types you want to uploade such as  .jpg  or  .gif otherwise some smart alick twat  a.k.a meeee

 

has just uploaded a file into your images folder that can delete any table i specify.... i can even delete the whole database if i wanted to....

 

this just shows how easy an attacker can destroy your website..

 

i am not that cruel thus why i have left ur database bar 1 table!!

 

Garry

 

 

[Xtremer360]

Okay now with my code how to limit the uploads to only .jpg files.

[gaza165]

from my knowledge, u need an array of file types and then an if function to check if your file type matches the file types in the array -

 

 

if not throw an error

[Xtremer360]

// break filename into parts

            $parts = explode ('.', $file);

            $ext = $parts[count ($parts) - 1];

            // check extension

            if ($ext == 'jpg' || $ext == 'jpeg' || $ext == 'png' || $ext == 'gif') {

               

 

What else am I missing?

[Xtremer360]

Also I would like to have a table underneath that form that displays all the records with the showname and an edit and delete option for editing each of those shows info. And also as soon as the form is submitted the page automattically adds that new show to the bottom of the list below.

 

Here is a copy of what I was going to add to the bottom of the script we worked on earlier today.

 

<?php

require ('database.php');

print '<center><h2><span style="color: #CC0000">Edit/Delete A Show</span></h2></center>';
print '<center><table width="50%" border="1">';

if(!isset($_GET['action']) && !isset($_POST['showname'])) {
//Define the query
$query = "SELECT * FROM shows";

if ($r = mysql_query ($query)){ // Run the query.
    if (mysql_num_rows($r) > 0)
    {

// Retrieve and print every record
        while ($row = mysql_fetch_array ($r)){
  print '<tr><td>'.$row['showname'].'</td><td><a href="addshowname.php?action=edit&id='.$row['id'].'">Edit</a></td><td><a href="addshowname.php?action=delete&id='.$row['id'].'">Delete</a></td></tr>';
}
}
    else
    {
        print "No Shows\n";
    }
} else {
die ('<p>Could not retrieve the data because <b>' . mysql_error() . '</b>. The query was '."$query.".'</p>');
} //End of query IF

print '</table></center>';
}

if($_GET['action'] == 'edit') {
$query = "SELECT * FROM shows WHERE id = '".$_GET['id']."'";
$res = mysql_fetch_array(mysql_query($query));
print('<form action="'.$_SERVER['PHP_SELF'].'" method="post" name="form1">');
print('<table border=1 cellpadding=5 cellspacing=0 width=350>');
print('<tr><td>Name of show:</td><td><input type="text" name="showname" value="'.$res['showname'].'"/></td></tr>');
print('<tr><th colspan=2><input type="hidden" name="id" value="'.$_GET['id'].'" /><input type="submit" value="Edit Show" /></th></tr></table></form></center>');
} 
if(isset($_POST['name'])) {
$query = "UPDATE shows SET showname = '".mysql_real_escape_string($_POST['showname'])."' WHERE id = '".$_POST['id']."'"; if(mysql_query($query)) {
  echo "Show updated.";
}
else {
  die('<p>The show could not update because <b>' . mysql_error() . '</b>. The query was '."$query.".'</p>');
}
}

if($_GET['action'] == 'delete') {
$query = "DELETE FROM shows WHERE id = '".$_GET['id']."'";
if(mysql_query($query)) {

echo "Deletion successful.";
}
else {
die ('<p>Could not delete post because ' . mysql_error() . '. The query was '."$query.".'</p>');
}
}

?>