Jump to content

Recommended Posts

::)

page1.php

<?

$con=mysql_connect("localhost","root","");

mysql_select_db("databasename",$con);

$id=$_GET["var"];

echo $id;

 

?>

 

 

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<title>Untitled Document</title><link href="css/admin_style.css" rel="stylesheet" type="text/css" />

 

<script type="text/javascript" src="script.js"></script>

 

</head>

 

<body>

 

 

<form action="page2.php"  name="form1" method="post" enctype="multipart/form-data" onSubmit="return validate_empty(this.form);">

<p> </p>

<p> </p>

<p> </p>

<p> </p>

<p> </p>

<div align="center">

  <table width="744" border="0" cellpadding="0" cellspacing="0" >

    <!--DWLayoutTable-->

    <tr>  <?php if($_GET["var"]) {

 

$qryAnnouncement=mysql_query("select * from post_add_picture where add_id ='$_GET[var]'");

 

while($row=mysql_fetch_array($qryAnnouncement)){

?>

   

  <td > File Upload<span style="color:red"> *</span><br />

<input name="file[]" type="file" class="Textfield"  size="42" style="border:1px solid #c2c2c2"/></td>

      </tr><tr><td><? echo $row["ad_picture"]; ?></td></tr>

</td> <?

  }

 

 

 

  ?><?

  $tsv  = array();

$html = array();

$sql = mysql_query("select * from post_add_picture where add_id ='$_GET[var]'");

  while ($rowqw = mysql_fetch_array($sql))

  {

  $value[] = $rowqw["ad_picture"];

  //echo $value;

  $tsv  = implode(",", $value); 

  }

 

 

  ?><?php echo $tsv;?> <input type="hidden" name="new[]" value="<?php echo $tsv;?>" />

                        <input type="hidden" name="id" value="<?php echo $id;?>" />

                        <input type="hidden" name="edit" value="edit" />

  <input type="submit" name="announce_submit" value="Update"  />

      <td width="10" height="96"> </td>

      <td width="316"></td>

      <td width="5">name</td>

      <td width="168"> </td>

      <td width="150"> </td>

      <td width="95"> </td>

      </tr><? }?>

 

    </table>

  <!--   

  <table width="100%" border="0" cellpadding="0" cellspacing="0" id="product"class="maintxt" >

      <tr>

  <td > File Upload<span style="color:red"> *</span><br />

<input name="file[]" type="file" class="Textfield"  size="42"  style="border:1px solid #c2c2c2"/></td>

  <td height="24" colspan="2" align="right" ><input name="increment" type="button" class="mtxt" id="increment" onClick="insert_row('product')" value="Add"/>    

  <input name="decrement" type="button" class="mtxt" id="decrement" onClick="removeRowFromTable('product')" value="Remove"/></td>

  <td> </td>

      <td> </td>

      <td> </td>

      <td> </td>

    <tr>-->

     

      <td colspan="2" valign="top"></td>

      <td colspan="2" valign="top">

        <label>

         

        </label>      </td>

   

 

    </table>

   

   

<table width="100%" border="0" cellpadding="0" cellspacing="0" class="maintxt" id="product">

      <tr>

 

  <td > File Upload<span style="color:red"> *</span><br />

<input name="file[]" type="file" class="Textfield" id="prod_image[]" size="42" style="border:1px solid #c2c2c2"/></td>

      </tr>

<tr>

  <td height="24" colspan="2" align="right" ><input name="increment" type="button" class="mtxt" id="increment" onClick="insert_row('product')" value="Add"/>    

  <input name="decrement" type="button" class="mtxt" id="decrement" onClick="removeRowFromTable('product')" value="Remove"/></td><td >

  <td> </td>

      <td> </td>

      <td> </td>

      <td> </td>

      </tr>

    <tr> 

    </table>

<?

  if(!$_GET["var"])

  {?>

    <tr>  <td >

          <label>

          <div align="center">

            <input type="submit" name="Insert" value="Insert" />

        </div>          </label>    </td> <?

}?></td></tr>

 

 

     

 

 

 

</div></form>

</body>

</html>

-----------------

page2.php

 

<?

$con=mysql_connect("localhost","root","");

mysql_select_db("databasename",$con);

 

$addid=$_POST["add_id"];

 

 

 

 

$fileName=$_FILES['file']['name'];

 

 

while(list($key,$value) = each($_FILES['file']['name']))

{

$folder="/uploads/";

$fil = $value;

$add = $folder.$fil;

             

copy($_FILES['file']['tmp_name'][$key], $add);

 

 

}

 

if($_POST['edit'])

{

$addid=$_POST["id"];

 

$folder="/uploads/";

$filess=implode(",",$_POST['new']);

 

$a = explode(",",$filess);

 

 

foreach($a as $key=>$value)

{

unlink("/uploads/".$value);

 

$image_name=move_uploaded_file($_FILES['new']['tmp_name'],$folder.$_FILES['new']['name']);

}

 

 

$image_name=$_POST['new'];

 

$qry="update post_add_picture set ad_picture='$image_name'where id='$addid'";

  }

 

else{

 

 

while(list($key,$value) = each($_FILES['file']['name']))

{

 

if(!empty($value))

{   

    $folder="/uploads/";

$filename = $value;

$add = $folder.$filename;

echo $add;               

copy($_FILES['file']['tmp_name'][$key], $add);

 

}

}

$fileName = $_FILES['file']['name'];

$file=implode(",",$fileName);

for($i=0;$i<count($fileName);$i++)

    { 

$fileName[$i];

$picture = $newfile;

$size = $_POST[pic_size];

mysql_query("INSERT INTO post_add_picture(add_id,ad_picture,pic_size,created_date)VALUES('$addid','$fileName[$i]','$size', CURDATE())");

}

 

 

 

?>

 

 

<html><body><table><?php

$qryAnnouncement=mysql_query("select * from post_add_picture ");

while($row=mysql_fetch_array($qryAnnouncement))

{

?><tr><td><? echo $row["ad_picture"];?></td></tr><tr><td>

<a href="tas.php?var=<? echo $row["add_id"];?>">go</a></td></tr>

<?

}

 

?></table>

 

</body>

</html>

 

<?

}

?>

---------------------------

script.js

 

var glob;

glob = 1;

function insert_row(tablename)

{

 

var the_table = document.getElementById(tablename);

var new_row_index = the_table.rows.length;

glob = glob + 1;

the_table.insertRow(new_row_index);

the_table.rows[new_row_index].insertCell(0);

the_table.rows[new_row_index].cells[0].innerHTML =(the_table.rows[0].innerHTML);

}

 

function removeRowFromTable(tblSample)

{

  var tbl = document.getElementById(tblSample);

  var lastRow = tbl.rows.length;

  if (lastRow > 1) tbl.deleteRow(lastRow - 1);

}

 

 

  • 4 weeks later...

You must be an incredibly trusting indvidual, but you should probably go ahead and sanitize your input on your SQL calls and file uploads.  Even if this code is going to be in a "secure" part of your website, you shouldn't leave the keys in the ignition, so to speak. 

 

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.