Help with $HTTP_POST_FILES

genislav · June 23, 2009

Hi there,

I`m editing my friend`s php code so I can add a new field with a new element. I`m putting exactly the same values but it does not seems to get the same result.

I have a form to Upload 5 pictures and rename them according their ID number. On the first 5 pictures (pic_1,pic_2...,pic_5) it`s working perfectly but on the one I'm adding the name does not seems to change according his ID.

Here is the code :

$sql_f="select * from shops where id=$id";
$res_f=mysql_query($sql_f);
$row_f=mysql_fetch_assoc($res_f);


$pic_6=$row_f['pic_6'];

/////////////	
	if (isset($HTTP_POST_FILES['pic_6'])) {		
	if ($HTTP_POST_FILES['pic_6']['type'] == "image/gif") { $ext=".gif"; }
	if(($HTTP_POST_FILES['pic_6']['type'] == "image/pjpeg") or ($HTTP_POST_FILES['pic_6']['type'] == "image/jpeg")) { $ext=".jpg"; }		
	if ($HTTP_POST_FILES['pic_6']['name'] != "") {
		if (is_uploaded_file($HTTP_POST_FILES['pic_6']['tmp_name'])) {
			copy($HTTP_POST_FILES['pic_6']['tmp_name'], $cfg_pics_path."pic_6_shops".$next_id.$ext);				
			unlink($HTTP_POST_FILES['pic_6']['tmp_name']);
			$pic_6="pic_6_shops".$next_id.$ext;				
		} else {
			echo "Possible file upload attack: logo";
		}
	}		
}
/////////////////////////



$pic_1=$row_f['pic_1'];

/////////////	
	if (isset($HTTP_POST_FILES['pic_1'])) {		
	if ($HTTP_POST_FILES['pic_1']['type'] == "image/gif") { $ext=".gif"; }
	if(($HTTP_POST_FILES['pic_1']['type'] == "image/pjpeg") or ($HTTP_POST_FILES['pic_1']['type'] == "image/jpeg")) { $ext=".jpg"; }		
	if ($HTTP_POST_FILES['pic_1']['name'] != "") {
		if (is_uploaded_file($HTTP_POST_FILES['pic_1']['tmp_name'])) {
			copy($HTTP_POST_FILES['pic_1']['tmp_name'], $cfg_pics_path."pic_1_shops".$next_id.$ext);				
			unlink($HTTP_POST_FILES['pic_1']['tmp_name']);
			$pic_1="pic_1_shops".$next_id.$ext;				
		} else {
			echo "Possible file upload attack: logo";
		}
	}		
}
/////////////////////////

$pic_2=$row_f['pic_2'];
/////////////	
	if (isset($HTTP_POST_FILES['pic_2'])) {		
	if ($HTTP_POST_FILES['pic_2']['type'] == "image/gif") { $ext=".gif"; }
	if(($HTTP_POST_FILES['pic_2']['type'] == "image/pjpeg") or ($HTTP_POST_FILES['pic_2']['type'] == "image/jpeg")) { $ext=".jpg"; }		
	if ($HTTP_POST_FILES['pic_2']['name'] != "") {
		if (is_uploaded_file($HTTP_POST_FILES['pic_2']['tmp_name'])) {
			copy($HTTP_POST_FILES['pic_2']['tmp_name'], $cfg_pics_path."pic_2_shops".$next_id.$ext);				
			unlink($HTTP_POST_FILES['pic_2']['tmp_name']);
			$pic_2="pic_2_shops".$next_id.$ext;				
		} else {
			echo "Possible file upload attack: logo";
		}
	}		
}
/////////////////////////
$pic_3=$row_f['pic_3'];
/////////////	
	if (isset($HTTP_POST_FILES['pic_3'])) {		
	if ($HTTP_POST_FILES['pic_3']['type'] == "image/gif") { $ext=".gif"; }
	if(($HTTP_POST_FILES['pic_3']['type'] == "image/pjpeg") or ($HTTP_POST_FILES['pic_3']['type'] == "image/jpeg")) { $ext=".jpg"; }		
	if ($HTTP_POST_FILES['pic_3']['name'] != "") {
		if (is_uploaded_file($HTTP_POST_FILES['pic_3']['tmp_name'])) {
			copy($HTTP_POST_FILES['pic_3']['tmp_name'], $cfg_pics_path."pic_3_shops".$next_id.$ext);				
			unlink($HTTP_POST_FILES['pic_3']['tmp_name']);
			$pic_3="pic_3_shops".$next_id.$ext;				
		} else {
			echo "Possible file upload attack: logo";
		}
	}		
}
/////////////////////////
$pic_4=$row_f['pic_4'];
/////////////	
	if (isset($HTTP_POST_FILES['pic_4'])) {		
	if ($HTTP_POST_FILES['pic_4']['type'] == "image/gif") { $ext=".gif"; }
	if(($HTTP_POST_FILES['pic_4']['type'] == "image/pjpeg") or ($HTTP_POST_FILES['pic_4']['type'] == "image/jpeg")) { $ext=".jpg"; }		
	if ($HTTP_POST_FILES['pic_4']['name'] != "") {
		if (is_uploaded_file($HTTP_POST_FILES['pic_4']['tmp_name'])) {
			copy($HTTP_POST_FILES['pic_4']['tmp_name'], $cfg_pics_path."pic_4_shops".$next_id.$ext);				
			unlink($HTTP_POST_FILES['pic_4']['tmp_name']);
			$pic_4="pic_4_shops".$next_id.$ext;				
		} else {
			echo "Possible file upload attack: logo";
		}
	}		
}
/////////////////////////

$pic_5=$row_f['pic_5'];
/////////////	
	if (isset($HTTP_POST_FILES['pic_5'])) {		
	if ($HTTP_POST_FILES['pic_5']['type'] == "image/gif") { $ext=".gif"; }
	if(($HTTP_POST_FILES['pic_5']['type'] == "image/pjpeg") or ($HTTP_POST_FILES['pic_5']['type'] == "image/jpeg")) { $ext=".jpg"; }		
	if ($HTTP_POST_FILES['pic_5']['name'] != "") {
		if (is_uploaded_file($HTTP_POST_FILES['pic_5']['tmp_name'])) {
			copy($HTTP_POST_FILES['pic_5']['tmp_name'], $cfg_pics_path."pic_5_shops".$next_id.$ext);				
			unlink($HTTP_POST_FILES['pic_5']['tmp_name']);
			$pic_5="pic_5_shops".$next_id.$ext;					
		} else {
			echo "Possible file upload attack: logo";
		}
	}		
}
/////////////////////////





$SQL_U="UPDATE shops SET 
name_bg='$name_bg',name_en='$name_en',name_ru='$name_ru',new='$new',contacts_bg='$contacts_bg',contacts_en='$contacts_en',contacts_ru='$contacts_ru',pic_1='$pic_1',pic_2='$pic_2',pic_3='$pic_3',pic_4='$pic_4',pic_5='$pic_5',pic_6='$pic_6',town_id='$town_id'";
$SQL_U.=" WHERE id=$id";

$result_u=mysql_query($SQL_U) or die("Invalid query> $SQL_U");

Here is the result :

For pic_1/pic_2/..../pic_5, I have this in my MYSQL panel:

Full Texts

Rows pic_5

1 pic_5_shops.jpg

1 pic_5_shops1.jpg

1 pic_5_shops10.jpg

1 pic_5_shops12.jpg

1 pic_5_shops13.jpg

1 pic_5_shops14.jpg

1 pic_5_shops15.jpg

But for pic_6 I got just this :

Full Texts

Rows 25 1

pic_6 NULL pic_6_shops.jpg

The name of pic_6 does not change ???

Well where am I mistaking ?

JonnoTheDev · June 23, 2009

This code is horrid! It is a mass of duplication and if you are using php version > 4.1 you should not be using $HTTP_POST_FILES

You can do this using 1 block of code within a loop for all pictures. Finish the rest off:

<?php
// we will hold all filenames here
$picures = array();

for($x = 1; $x <= 6; $x++) {
	$fieldName = 'pic_'.$x;
	if(isset($_FILES[$fieldName])) {		
		switch($_FILES[$fieldName]['type']) {
			case "image/gif":
				$ext = ".gif";
			break;
			case "image/pjpeg":
			case "image/jpeg":
				$ext = ".jpg";
			break;
		}

		if(strlen($_FILES[$fieldName]['name'])) {
			if(is_uploaded_file($_FILES[$fieldName]['tmp_name'])) {
				// path and filename
				$filename = $fieldName."_shops".$next_id.$ext;
				$filePath = $cfg_pics_path.$filename
				copy($_FILES[$fieldName]['tmp_name'], $filePath);				
				unlink($_FILES[$fieldName]['tmp_name']);
				// add the picture to the array
				$picures[$x] = $filename;
			}
		}
	}
}

// loop through pictures and add to database
foreach($pictures as $num => $filename) {

}
?>

genislav · June 23, 2009

Thanks a lot neil.johnson !

I implemented the code in my PHP but got the same result ...

I'm starting to think that I have mess up my MYSQL data... because the same problem occur on my previously working pic_1,pic_2,...,pic_5

So now I'm in big trouble ...

I don't know if someone here can help me but I'll be really grateful someone did.

The problem is that when ever I start the Upload script it saves the picture without the number .$next_id. at the end.

So no matter the object I'm uploading files to, they all get the same pictures ....

I'm sure that it's something small and insignificant but I'm in hell.

genislav · June 23, 2009

Any one? ???

Sign In

Help with $HTTP_POST_FILES

Recommended Posts

genislav

Link to comment

Share on other sites

JonnoTheDev

Link to comment

Share on other sites

genislav

Link to comment

Share on other sites

genislav

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information