Jump to content

Help with $HTTP_POST_FILES

genislav

By genislav
in PHP Coding Help

Recommended Posts

genislav Newbie

genislav

Posted
Posted

Hi there,

 

 

I`m editing my friend`s php code so I can add a new field with a new element. I`m putting exactly the same values but it does not seems to get the same result.

 

I have a  form to Upload 5 pictures and rename them according their ID number. On the first 5 pictures (pic_1,pic_2...,pic_5) it`s working perfectly but on the one I'm adding the name does not seems to change according his ID.

 

Here is the code :

$sql_f="select * from shops where id=$id";
$res_f=mysql_query($sql_f);
$row_f=mysql_fetch_assoc($res_f);


$pic_6=$row_f['pic_6'];

/////////////	
	if (isset($HTTP_POST_FILES['pic_6'])) {		
	if ($HTTP_POST_FILES['pic_6']['type'] == "image/gif") { $ext=".gif"; }
	if(($HTTP_POST_FILES['pic_6']['type'] == "image/pjpeg") or ($HTTP_POST_FILES['pic_6']['type'] == "image/jpeg")) { $ext=".jpg"; }		
	if ($HTTP_POST_FILES['pic_6']['name'] != "") {
		if (is_uploaded_file($HTTP_POST_FILES['pic_6']['tmp_name'])) {
			copy($HTTP_POST_FILES['pic_6']['tmp_name'], $cfg_pics_path."pic_6_shops".$next_id.$ext);				
			unlink($HTTP_POST_FILES['pic_6']['tmp_name']);
			$pic_6="pic_6_shops".$next_id.$ext;				
		} else {
			echo "Possible file upload attack: logo";
		}
	}		
}
/////////////////////////



$pic_1=$row_f['pic_1'];

/////////////	
	if (isset($HTTP_POST_FILES['pic_1'])) {		
	if ($HTTP_POST_FILES['pic_1']['type'] == "image/gif") { $ext=".gif"; }
	if(($HTTP_POST_FILES['pic_1']['type'] == "image/pjpeg") or ($HTTP_POST_FILES['pic_1']['type'] == "image/jpeg")) { $ext=".jpg"; }		
	if ($HTTP_POST_FILES['pic_1']['name'] != "") {
		if (is_uploaded_file($HTTP_POST_FILES['pic_1']['tmp_name'])) {
			copy($HTTP_POST_FILES['pic_1']['tmp_name'], $cfg_pics_path."pic_1_shops".$next_id.$ext);				
			unlink($HTTP_POST_FILES['pic_1']['tmp_name']);
			$pic_1="pic_1_shops".$next_id.$ext;				
		} else {
			echo "Possible file upload attack: logo";
		}
	}		
}
/////////////////////////

$pic_2=$row_f['pic_2'];
/////////////	
	if (isset($HTTP_POST_FILES['pic_2'])) {		
	if ($HTTP_POST_FILES['pic_2']['type'] == "image/gif") { $ext=".gif"; }
	if(($HTTP_POST_FILES['pic_2']['type'] == "image/pjpeg") or ($HTTP_POST_FILES['pic_2']['type'] == "image/jpeg")) { $ext=".jpg"; }		
	if ($HTTP_POST_FILES['pic_2']['name'] != "") {
		if (is_uploaded_file($HTTP_POST_FILES['pic_2']['tmp_name'])) {
			copy($HTTP_POST_FILES['pic_2']['tmp_name'], $cfg_pics_path."pic_2_shops".$next_id.$ext);				
			unlink($HTTP_POST_FILES['pic_2']['tmp_name']);
			$pic_2="pic_2_shops".$next_id.$ext;				
		} else {
			echo "Possible file upload attack: logo";
		}
	}		
}
/////////////////////////
$pic_3=$row_f['pic_3'];
/////////////	
	if (isset($HTTP_POST_FILES['pic_3'])) {		
	if ($HTTP_POST_FILES['pic_3']['type'] == "image/gif") { $ext=".gif"; }
	if(($HTTP_POST_FILES['pic_3']['type'] == "image/pjpeg") or ($HTTP_POST_FILES['pic_3']['type'] == "image/jpeg")) { $ext=".jpg"; }		
	if ($HTTP_POST_FILES['pic_3']['name'] != "") {
		if (is_uploaded_file($HTTP_POST_FILES['pic_3']['tmp_name'])) {
			copy($HTTP_POST_FILES['pic_3']['tmp_name'], $cfg_pics_path."pic_3_shops".$next_id.$ext);				
			unlink($HTTP_POST_FILES['pic_3']['tmp_name']);
			$pic_3="pic_3_shops".$next_id.$ext;				
		} else {
			echo "Possible file upload attack: logo";
		}
	}		
}
/////////////////////////
$pic_4=$row_f['pic_4'];
/////////////	
	if (isset($HTTP_POST_FILES['pic_4'])) {		
	if ($HTTP_POST_FILES['pic_4']['type'] == "image/gif") { $ext=".gif"; }
	if(($HTTP_POST_FILES['pic_4']['type'] == "image/pjpeg") or ($HTTP_POST_FILES['pic_4']['type'] == "image/jpeg")) { $ext=".jpg"; }		
	if ($HTTP_POST_FILES['pic_4']['name'] != "") {
		if (is_uploaded_file($HTTP_POST_FILES['pic_4']['tmp_name'])) {
			copy($HTTP_POST_FILES['pic_4']['tmp_name'], $cfg_pics_path."pic_4_shops".$next_id.$ext);				
			unlink($HTTP_POST_FILES['pic_4']['tmp_name']);
			$pic_4="pic_4_shops".$next_id.$ext;				
		} else {
			echo "Possible file upload attack: logo";
		}
	}		
}
/////////////////////////

$pic_5=$row_f['pic_5'];
/////////////	
	if (isset($HTTP_POST_FILES['pic_5'])) {		
	if ($HTTP_POST_FILES['pic_5']['type'] == "image/gif") { $ext=".gif"; }
	if(($HTTP_POST_FILES['pic_5']['type'] == "image/pjpeg") or ($HTTP_POST_FILES['pic_5']['type'] == "image/jpeg")) { $ext=".jpg"; }		
	if ($HTTP_POST_FILES['pic_5']['name'] != "") {
		if (is_uploaded_file($HTTP_POST_FILES['pic_5']['tmp_name'])) {
			copy($HTTP_POST_FILES['pic_5']['tmp_name'], $cfg_pics_path."pic_5_shops".$next_id.$ext);				
			unlink($HTTP_POST_FILES['pic_5']['tmp_name']);
			$pic_5="pic_5_shops".$next_id.$ext;					
		} else {
			echo "Possible file upload attack: logo";
		}
	}		
}
/////////////////////////





$SQL_U="UPDATE shops SET 
name_bg='$name_bg',name_en='$name_en',name_ru='$name_ru',new='$new',contacts_bg='$contacts_bg',contacts_en='$contacts_en',contacts_ru='$contacts_ru',pic_1='$pic_1',pic_2='$pic_2',pic_3='$pic_3',pic_4='$pic_4',pic_5='$pic_5',pic_6='$pic_6',town_id='$town_id'";
$SQL_U.=" WHERE id=$id";

$result_u=mysql_query($SQL_U) or die("Invalid query> $SQL_U");

 

Here is the result :

 

For pic_1/pic_2/..../pic_5, I have this in my MYSQL panel:

 

Full Texts

Rows pic_5

1 pic_5_shops.jpg

1 pic_5_shops1.jpg

1 pic_5_shops10.jpg

1 pic_5_shops12.jpg

1 pic_5_shops13.jpg

1 pic_5_shops14.jpg

1 pic_5_shops15.jpg

 

But for pic_6 I got just this :

 

Full Texts

Rows 25 1

pic_6 NULL pic_6_shops.jpg

 

The name of pic_6 does not change ???

 

Well where am I mistaking ?

Link to comment
https://forums.phpfreaks.com/topic/163348-help-with-http_post_files/
Share on other sites
JonnoTheDev Regular Member

JonnoTheDev

Posted
Posted

This code is horrid! It is a mass of duplication and if you are using php version > 4.1 you should not be using $HTTP_POST_FILES

 

You can do this using 1 block of code within a loop for all pictures. Finish the rest off:

<?php
// we will hold all filenames here
$picures = array();

for($x = 1; $x <= 6; $x++) {
	$fieldName = 'pic_'.$x;
	if(isset($_FILES[$fieldName])) {		
		switch($_FILES[$fieldName]['type']) {
			case "image/gif":
				$ext = ".gif";
			break;
			case "image/pjpeg":
			case "image/jpeg":
				$ext = ".jpg";
			break;
		}

		if(strlen($_FILES[$fieldName]['name'])) {
			if(is_uploaded_file($_FILES[$fieldName]['tmp_name'])) {
				// path and filename
				$filename = $fieldName."_shops".$next_id.$ext;
				$filePath = $cfg_pics_path.$filename
				copy($_FILES[$fieldName]['tmp_name'], $filePath);				
				unlink($_FILES[$fieldName]['tmp_name']);
				// add the picture to the array
				$picures[$x] = $filename;
			}
		}
	}
}

// loop through pictures and add to database
foreach($pictures as $num => $filename) {

}
?>

genislav Newbie

genislav

Posted
  • Author
Posted

Thanks a lot neil.johnson !

 

 

I implemented the code in my PHP but got the same result ...

 

I'm starting to think that I have mess up my MYSQL data... because the same problem occur on my previously working pic_1,pic_2,...,pic_5

 

So now I'm in big trouble ...

 

I don't know if someone here can help me but I'll be really grateful someone did.

 

The problem is that when ever I start the Upload script it saves the picture without the number .$next_id. at the end.

 

So no matter the object I'm uploading files to, they all get the same pictures ....

 

I'm sure that it's something small and insignificant but I'm in hell.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.