adding a timestamp

mrsaywho · March 14, 2012

How would I go about adding a timestamp to my image uploads so I don't erase image files with the same name? Also, what would be the correct use of the mysql_escape_string

<?php

require_once('storescripts/connect.php');

mysql_select_db($database_phpimage,$phpimage);

$uploadDir = 'upload/';

if(isset($_POST['upload' . $config]))

{

foreach ($_FILES as $file)

{

$fileName = $file['name'];

$tmpName = $file['tmp_name'];

$fileSize = $file['size'];

$fileType = $file['type'];

if($fileName==""){

$filePath = 'upload/';

}

else{

$filePath = $uploadDir . $fileName;

}

$filePath = str_replace(" ", "_", $filePath);

$result = move_uploaded_file($tmpName, $filePath);

if(!get_magic_quotes_gpc())

{

$fileName = addslashes($fileName);

$filePath = addslashes($filePath);

}

$fileinsert[]=$filePath;

}

$mid = mysql_real_escape_string(trim($_POST['mid']));

$cat = mysql_real_escape_string(trim($_POST['cat']));

$item = mysql_real_escape_string(trim($_POST['item']));

$price = mysql_real_escape_string(trim($_POST['price']));

$about = mysql_real_escape_string(trim($_POST['about']));

$fields = array();

$values = array();

$updateVals = array();

for($i=1; $i<=4; $i++)

{

$fields[$i] = 'name'.$i;

$values[$i] = mysql_real_escape_string(basename(trim($_FILES[$fields[$i]]['name'])));

if($values[$i] != '')

{

$updateVals[] = "{$fields[$i]} = '{$values[$i]}'";

}

$updateNames = '';

if(count($updateVals))

{

$updateNames = ", " . implode(', ', $updateVals);

}

$update = "INSERT INTO image

(mid, cid, item, price, about, name1, name2, name3, name4)

VALUES

('$mid', '$cat', '$item', '$price', '$about', '$values[1]', '$values[2]', '$values[3]', '$values[4]')

ON DUPLICATE KEY UPDATE

cid = '$cat', item = '$item', price = '$price', about = '$about' $updateNames";

$result = mysql_query($update) or die (mysql_error());

$id = mysql_insert_id();

?>

<p style="font-size:35px; font-family:Arial, Helvetica, sans-serif; color:#255E67; margin-left:25px;">Your Item Has Been Uploaded!</p>

setTimeout('ourRedirect()', 2000)

function ourRedirect() {

location.href='protator_php.php?mid=<?php echo $id ?>'

}

</script>

Muddy_Funster · March 14, 2012

your using mysql_real_escape_string() properly already. mas for a timestamp, It's been a while but I'm sure it's just something like :

$filename .= time();

although you would need to do that before you add the extension obviously...

What I found easier to manage (and I suppose more secure as well) was to use a substring of a md5 encrytipted time :

$filename .= "_" . strtolower(substr(md5(time)), 0, 4));

I found it more manageable for generating unique codes for delivery notes.

mrsaywho · March 14, 2012

wow really...

$filename .= "_" . strtolower(substr(md5(time)), 0, 4));

I can't find a way to fit it in the code without an error.

and i can't get the timestamp to work either

Muddy_Funster · March 14, 2012

yeah, I missed out the function brackets for time() in that last one there. I just ran the following code:

<?php
$filename = "myfile";
$filename .= "_" . strtolower(substr(md5(time()), 0, 4));
$filename .= ".jpg";
echo $filename;
?>

and got as a result :

myfile_9e97.jpg

let me know if that helps

mrsaywho · March 14, 2012

I think my problem is that I don't know where exactly to insert it into my code. The code runs fine but it won't add that unique identifier

Muddy_Funster · March 14, 2012

try here:

$fileName = $file['name'];
$fileName .= "_" . strtolower(substr(md5(time()), 0, 4));
$tmpName = $file['tmp_name'];
$fileSize = $file['size'];
$fileType = $file['type'];

mrsaywho · March 14, 2012

no well the problem isn't getting it into my file folder but getting it into mysql...... its the multiple uploads that i don't even understand what the code means.

<?php

require_once('storescripts/connect.php');

mysql_select_db($database_phpimage,$phpimage);

$penis = strtolower(substr(md5(time()), 0, 4));

$uploadDir = 'upload/';

if(isset($_POST['upload' . $config]))

{

foreach ($_FILES as $file)

{

$fileName = $file['name'];

$tmpName = $file['tmp_name'];

$fileSize = $file['size'];

$fileType = $file['type'];

if($fileName==""){

$filePath = 'upload/';

}

else{

$filePath = $uploadDir . $penis . $fileName;

}

$filePath = str_replace(" ", "_", $filePath);

$result = move_uploaded_file($tmpName, $filePath);

if(!get_magic_quotes_gpc())

{

$fileName = addslashes($fileName);

$filePath = addslashes($filePath);

}

$fileinsert[]=$filePath;

}

$mid = mysql_real_escape_string(trim($_POST['mid']));

$cat = mysql_real_escape_string(trim($_POST['cat']));

$item = mysql_real_escape_string(trim($_POST['item']));

$price = mysql_real_escape_string(trim($_POST['price']));

$about = mysql_real_escape_string(trim($_POST['about']));

$fields = array();

$values = array();

$updateVals = array();

for($i=1; $i<=4; $i++)

{

$fields[$i] = 'name'.$i;

$values[$i] = mysql_real_escape_string(basename(trim($_FILES[$fields[$i]]['name'])));

if($values[$i] != '')

{

$updateVals[] = "{$fields[$i]} = '{$values[$i]}'";

}

$updateNames = '';

if(count($updateVals))

{

$updateNames = ", " . implode(', ', $updateVals);

}

$update = "INSERT INTO image

(mid, cid, item, price, about, name1, name2, name3, name4)

VALUES

('$mid', '$cat', '$item', '$price', '$about', '$values[1]', '$values[2]', '$values[3]', '$values[4]')

ON DUPLICATE KEY UPDATE

cid = '$cat', item = '$item', price = '$price', about = '$about' $updateNames";

$result = mysql_query($update) or die (mysql_error());

$id = mysql_insert_id();

?>

<p style="font-size:35px; font-family:Arial, Helvetica, sans-serif; color:#255E67; margin-left:25px;">Your Item Has Been Uploaded!</p>

setTimeout('ourRedirect()', 2000)

function ourRedirect() {

location.href='protator_php.php?mid=<?php echo $id ?>'

}

</script>

Muddy_Funster · March 14, 2012

you would be looking to make some changes in and around here:

for($i=1; $i<=4; $i++)
{
    $fields[$i] = 'name'.$i;
    $values[$i] = mysql_real_escape_string(basename(trim($_FILES[$fields[$i]]['name'])));
    if($values[$i] != '')
    {
        $updateVals[] = "{$fields[$i]} = '{$values[$i]}'";
    }
}

but if you don't have a clue what the code is doing I'm going to have say that you need to learn before you start editing it. Check the php manual site for $_FILES() and associated information.

p.s. could you please use

or [ code ] [/code ] BBtags when posting actual code as it makes it much easier to read.

mrsaywho · March 14, 2012

yea its too difficult

Pikachu2000 · March 14, 2012

When posting code, enclose it within the forum's

 . . .

BBCode tags.

Muddy_Funster · March 14, 2012

yea its too difficult

sorry, what's too difficult?

mrsaywho · March 15, 2012

its to difficult to figure this out. i have been at it for 24 hours or so. but thats to this board and people like you I can see the code better and understand more. I just don't understand why i can't take the same value i passed to to folder (i believe its $filePath) and pass it to the database.

kicken · March 15, 2012

What I found easier to manage (and I suppose more secure as well) was to use a substring of a md5 encrytipted time

That code would be no better than just using a timestamp directly in the name really. If two people uploaded a same-named image during the same second, you'd still generate the same final name for each. You need some kind of randomness to prevent this. I prefer to simply use the uniqid function for this. As an additional safeguard you'd want to include the code in a loop checking if a filename exists.

based on the OP's code:

foreach ($_FILES as $file)
{

$fileName = $file['name'];
$tmpName = $file['tmp_name'];
$fileSize = $file['size'];
$fileType = $file['type'];

if ($fileName != ""){
	$filePath = $uploadDir;
	$fileName = str_replace(" ", "_", $fileName);

	//Split the name into the base name and extension
	$pathInfo = pathinfo($fileName);
	$fileName_base = $pathInfo['filename'];
	$fileName_ext = $pathInfo['extension'];

	//now we re-assemble the file name, sticking the output of uniqid into it
	//and keep doing this in a loop until we generate a name that 
	//does not already exist (most likely we will get that first try)
	do {
	   $fileName = $fileName_base . uniqid() . '.' . $fileName_ext;
	} while (file_exists($filePath.$fileName));

	$result = move_uploaded_file($tmpName, $filePath.$fileName);
}
}

mrsaywho · March 15, 2012

where exactly would you put this? above the

if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}
$fileinsert[]=$filePath;
}
}

and replace everything after

if(isset($_POST['upload' . $config]))
{

Muddy_Funster · March 15, 2012

That code would be no better than just using a timestamp directly in the name really. If two people uploaded a same-named image during the same second, you'd still generate the same final name for each.

...

nah, my systems for a company dispatch note generator, the time's only appended at the end, there are other factors used to build the id, including operator prefix and last 5 digits of IP, there is also a delay after each slip is generated for printing. The md5 was only really flung on there so no one could make sense of the file id when it was shipped on the dispatch slip, it's readable through a barcode into the company system, but other than that it's useless to human interpretation - that was why I had the more secure written in brackets.

mrsaywho · March 17, 2012

Ok so i am getting an sql error from editing my mysql table with this query below. It is throwing in an extra equal sign right before the last value in the query $udateNames. I want a timestamp value in mysql when i edit just one picture at a time. Almost there..... Here is the error i printed

INSERT INTO image (mid, cid, item, price, about, name1, name2, name3, name4) VALUES ('167', 'hats', 'zzz', 'zz', 'zz', '4f64105aad275.jpg', '', '', '') ON DUPLICATE KEY UPDATE cid = 'hats', item = 'zzz', price = 'zz', about = 'zz' , = '4f64105aad275.jpg'

and here is the sql error

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= '4f6411fb6dfb2.png'' at line 6

Here is the php:

    <?php

require_once('storescripts/connect.php');
mysql_select_db($database_phpimage,$phpimage);
$uploadDir = 'upload/';
if(isset($_POST['upload']))
{


foreach ($_FILES as $file)
{

    $fileName = $file['name'];
    $tmpName = $file['tmp_name'];
    $fileSize = $file['size'];
    $fileType = $file['type'];

    if ($fileName != ""){
        $filePath = $uploadDir;
        $fileName = str_replace(" ", "_", $fileName);

        //Split the name into the base name and extension
        $pathInfo = pathinfo($fileName);
        $fileName_base = $pathInfo['fileName'];
        $fileName_ext = $pathInfo['extension'];

        //now we re-assemble the file name, sticking the output of uniqid into it
        //and keep doing this in a loop until we generate a name that 
        //does not already exist (most likely we will get that first try)
        do {
           $fileName = $fileName_base . uniqid() . '.' . $fileName_ext;
        } while (file_exists($filePath.$fileName));

        $file_names [] = $fileName;

        $result = move_uploaded_file($tmpName, $filePath.$fileName);
    }


if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}
$fileinsert[] = $filePath;
}
}

$mid   = mysql_real_escape_string(trim($_POST['mid']));
$cat   = mysql_real_escape_string(trim($_POST['cat']));
$item  = mysql_real_escape_string(trim($_POST['item']));
$price = mysql_real_escape_string(trim($_POST['price']));
$about = mysql_real_escape_string(trim($_POST['about']));

$fields = array();
$values = array();
$updateVals = array();
for($i = 0; $i < 4; $i++)
{
    $values[$i] = isset($file_names[$i]) ? mysql_real_escape_string($file_names[$i]) : '';

    if($values[$i] != '')
    {
        $updateVals[] = "{$fields[$i]} = '{$values[$i]}'";
    }

}
$updateNames = '';
if(count($updateVals))
{
    $updateNames = ", " . implode(', ', $updateVals);
}

$update = "INSERT INTO image
               (mid, cid, item, price, about, name1, name2, name3, name4)
           VALUES
               ('$mid', '$cat', '$item', '$price', '$about', '$values[0]', '$values[1]', '$values[2]', '$values[3]')
           ON DUPLICATE KEY UPDATE
                cid = '$cat', item = '$item', price = '$price', about = '$about' $updateNames";
$result = mysql_query($update) or die (mysql_error());

Muddy_Funster · March 19, 2012

you are not assigning the contents of the $updateNames variable to a field. that's why you are getting the error. you either need to tell the query what field you want that information in, or leafe the variable out of that part of the query. :

           ON DUPLICATE KEY UPDATE
                cid = '$cat', item = '$item', price = '$price', about = '$about' $updateNames";//<<<--problem line here

Sign In

adding a timestamp

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information