Jump to content

noobie here, just need a little help

justAnoob

By justAnoob
in PHP Coding Help

 Share

Recommended Posts

justAnoob Advanced Member

justAnoob

Posted
Posted

Should there be a ";" at the end of the line that is marked below? Or are there other mistakes?

<?php
$host = "----------";
$username = "-------------";
$password = "-------------";
$db_name = "msimages";
$tbl_name = "UploadedFiles";

mysql_connect("$host", "$username", "$password") or die("Could not connect.");
mysql_select_db("$db_name") or die("Could not find database");

if (!empty($_POST['upload']))
{
foreach($_POST as $key => $value) 
	{
		$$key = $value;
	}
$connect->connect_db(mydatabase);  //  <----this line ???
if(isset($_POST['upload']) && $_FILES['upload_file']['size'] > 0)
{
	$fileName = $_FILES['upload_file']['name'];
	$tmpName = $_FILES['upload_file']['tmp_name'];
	$fileSize = $_FILES['upload_file']['size'];
	$fileType = $_FILES['upload_file']['type'];
	$fp= fopen($tmpName, 'r');
	$content = addslashes($content);
	fclose($fp);
}

if(!get_magic_quotes_gpc())
{
	$fileName = addslashes($fileName);
}
$query = "INSERT INTO UploadedFiles (name, size, type, content)VALUES('$fileName', '$fileSize', '$fileType', '$content')";
$result = mysql_query($query);
if (!$result)
{
	dberror (mysql_error(), $_SERVER['PHP_SELF'] );
	echo mysql_error();
}

header("Location: ------------.com");
exit;
}
?>

Link to comment
Share on other sites
Andy-H Advanced Member

Andy-H

Posted
Posted

Your database connection and selection is established already. I would delete that line of code and remove the quotes (") around your variables.


mysql_connect("$host", "$username", "$password") or die("Could not connect.");
mysql_select_db("$db_name") or die("Could not find database");

Link to comment
Share on other sites
Andy-H Advanced Member

Andy-H

Posted
Posted

Should there be a ";" at the end of the line that is marked below? Or are there other mistakes?

<?php
$host = "----------";
$username = "-------------";
$password = "-------------";
$db_name = "msimages";

mysql_connect($host, $username, $password) or die("Could not connect.");
mysql_select_db($db_name) or die("Could not find database");

if (!empty($_POST['upload']))
{

   extract($_POST);

   if(isset($_POST['upload']) && $_FILES['upload_file']['size'] > 0)
   {
      $fileName = $_FILES['upload_file']['name'];
      $tmpName = $_FILES['upload_file']['tmp_name'];
      $fileSize = $_FILES['upload_file']['size'];
      $fileType = $_FILES['upload_file']['type'];

      if ( file_exists($tmpName) )
      {
      $content = file_get_contents($tmpName);
      }
   }


      $fileName = mysql_real_escape_string($fileName);
      $fileSize = (int)$fileSize;
      $fileType = mysql_real_escape_string($fileType);
      $content  = mysql_real_escape_string($content);

   $query = "INSERT INTO UploadedFiles (name, size, type, content)
   VALUES
   ('$fileName', '$fileSize', '$fileType', '$content')";

   $result = mysql_query($query)or die (mysql_error());

   header("Location: ------------.com");
   exit;
}
?>

 

Try that?

Link to comment
Share on other sites
justAnoob Advanced Member

justAnoob

Posted
  • Author
Posted

Hey, thanks for the help. Much appreciated. I'm guessing that this still isn't all that secure of an upload script, but it is a start. Now I just need to only allow certain types of images(png gif jpg) and a max size limit. I guess it is time to start reading. Thanks again. If anyone else would like to add something,,,, feel free.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.