Jump to content

My First "Public File Upload" form... Feedback welcomed.

suttercain

By suttercain
in PHP Coding Help

Recommended Posts

suttercain Advanced Member

suttercain

Posted
Posted

Hi everyone,

 

I have built forms in the past for users, but this is my first attempt at allowing visitors to upload an image. The idea is that I have a comicbook database and if I don't already have an image on file for that issue, a visitor can upload one (and save me the time).

 

Would you be so kind to look at my code below and let me know if I am missing anything security wise. I check the size and also the type (jpg or gif only). I also have the file renamed to match the uniquie comicbook id.

 

Thank in advance.

 

<?php
include('../includes/get_connected.php');
if ($_FILES['titleSheet']['size'] < 1250000) {
	if ($_FILES['titleSheet']['type'] === "image/gif" || $_FILES['titleSheet']['type'] === "image/jpg" || $_FILES['titleSheet']['type'] === "image/jpeg") {
	$sqlImage = mysql_query("SELECT comic_id FROM comics WHERE comic_id = '".$_POST['id']."'") or die(mysql_error($connect));
	$image = mysql_fetch_row($sqlImage);
	$imageName = $image['0'];

	// PROCESS IMAGE
	$target_path = "../images/titleSheet/full/";
	$target_path = $target_path . basename( $_FILES['titleSheet']['tmp_name']); 
	$_FILES['titleSheet']['tmp_name'];

	//MOVE THE IMAGE TO THUMBNAILS
	move_uploaded_file($_FILES['titleSheet']['tmp_name'], $target_path);

	//EXPLODE TO RENAME IMAGE
	$fileName = $_FILES['titleSheet']['name'];
	$broken = explode(".", $fileName);
	rename("../images/titleSheet/full/".basename($_FILES['titleSheet']['tmp_name'])."", "../images/titleSheet/full/".$imageName."." .$broken[1]."");

	//Upload Image Name Into Table
	$image = $imageName."." .$broken[1];
	$comic_id = $_POST['id'];
	$insert = mysql_query("INSERT INTO titleSheet (comic_id, image) VALUES ('$comic_id', '$image')") or die(mysql_error());
	if ($insert) { header("Location: http://www.supermandatabase.com/comics/$comic_id"); }
	} else {
	echo "The image file must be in .gif, .jpg or .jpeg format.";
	$passed = FALSE;
	}
} else {
echo "The file was too large!"; 
}
?>

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.