noobie here, just need a little help

[justAnoob]

Should there be a ";" at the end of the line that is marked below? Or are there other mistakes?

<?php
$host = "----------";
$username = "-------------";
$password = "-------------";
$db_name = "msimages";
$tbl_name = "UploadedFiles";

mysql_connect("$host", "$username", "$password") or die("Could not connect.");
mysql_select_db("$db_name") or die("Could not find database");

if (!empty($_POST['upload']))
{
foreach($_POST as $key => $value) 
	{
		$$key = $value;
	}
$connect->connect_db(mydatabase);  //  <----this line ???
if(isset($_POST['upload']) && $_FILES['upload_file']['size'] > 0)
{
	$fileName = $_FILES['upload_file']['name'];
	$tmpName = $_FILES['upload_file']['tmp_name'];
	$fileSize = $_FILES['upload_file']['size'];
	$fileType = $_FILES['upload_file']['type'];
	$fp= fopen($tmpName, 'r');
	$content = addslashes($content);
	fclose($fp);
}

if(!get_magic_quotes_gpc())
{
	$fileName = addslashes($fileName);
}
$query = "INSERT INTO UploadedFiles (name, size, type, content)VALUES('$fileName', '$fileSize', '$fileType', '$content')";
$result = mysql_query($query);
if (!$result)
{
	dberror (mysql_error(), $_SERVER['PHP_SELF'] );
	echo mysql_error();
}

header("Location: ------------.com");
exit;
}
?>

[Philip]

Yup, there needs to be a ;... however, where is "mydatabase" coming from?

[trq]

however, where is "mydatabase" coming from?

 

While were at it. Where is $connect coming from?

[justAnoob]

Well, good question. Guess I have some more work to do. LoL.

[Andy-H]

Your database connection and selection is established already. I would delete that line of code and remove the quotes (") around your variables.

mysql_connect("$host", "$username", "$password") or die("Could not connect.");
mysql_select_db("$db_name") or die("Could not find database");

[Andy-H]

Should there be a ";" at the end of the line that is marked below? Or are there other mistakes?

<?php
$host = "----------";
$username = "-------------";
$password = "-------------";
$db_name = "msimages";

mysql_connect($host, $username, $password) or die("Could not connect.");
mysql_select_db($db_name) or die("Could not find database");

if (!empty($_POST['upload']))
{

   extract($_POST);

   if(isset($_POST['upload']) && $_FILES['upload_file']['size'] > 0)
   {
      $fileName = $_FILES['upload_file']['name'];
      $tmpName = $_FILES['upload_file']['tmp_name'];
      $fileSize = $_FILES['upload_file']['size'];
      $fileType = $_FILES['upload_file']['type'];

      if ( file_exists($tmpName) )
      {
      $content = file_get_contents($tmpName);
      }
   }


      $fileName = mysql_real_escape_string($fileName);
      $fileSize = (int)$fileSize;
      $fileType = mysql_real_escape_string($fileType);
      $content  = mysql_real_escape_string($content);

   $query = "INSERT INTO UploadedFiles (name, size, type, content)
   VALUES
   ('$fileName', '$fileSize', '$fileType', '$content')";

   $result = mysql_query($query)or die (mysql_error());

   header("Location: ------------.com");
   exit;
}
?>

 

Try that?

[justAnoob]

Hey, thanks for the help. Much appreciated. I'm guessing that this still isn't all that secure of an upload script, but it is a start. Now I just need to only allow certain types of images(png gif jpg) and a max size limit. I guess it is time to start reading. Thanks again. If anyone else would like to add something,,,, feel free.