Ok - I've got the script below working, and appears to be using much of what has been suggested to me.
I also got it to rename the files, so there are no overridden files from customers.
Trouble is, it's not now inserting the data in the DB.
I have echoed out the Variables AFTER the mysql_query code, to see if it gets past it - and that all works.
I have echoed out the $newid, however, and that just produces "0".
Before I placed the file/image resizer into the script, the INSERT worked. Have I done something daft here??
Code: Select all
<?php
$userid=$_POST['userid'];
$catid=$_POST['catid'];
$catname=$_POST['catname'];
$subid=$_POST['subid'];
$subname=$_POST['subname'];
$title=$_POST['title'];
$subtitle=$_POST['subtitle'];
$description=$_POST['description'];
$condition=$_POST['condition'];
$video=$_POST['video'];
$method=$_POST['method'];
$today = (date('Y-m-d'));
$price = sprintf('%0.2f', preg_replace('/[^0-9.]/', '', $_POST['price']));
$pp=$_POST['pp'];
$pic=($_FILES['photo']['name']);
include "dbconn.php";
if ($pic == NULL)
{
if(get_magic_quotes_gpc()) {
$input = array(&$_GET, &$_POST, &$_COOKIE, &$_ENV, &$_SERVER);
while(list($k, $v) = each($input)) {
foreach($v as $key => $val) {
if(!is_array($val)) {
$input[$k][$key] = stripslashes($val);
continue;
}
$input[] =& $input[$k][$key];
}
}
unset($input);
}
$posted_description = (get_magic_quotes_gpc()) ? stripslashes($_POST['description']) : $_POST['description'];
$description=mysql_real_escape_string($posted_description);
$posted_title = (get_magic_quotes_gpc()) ? stripslashes($_POST['title']) : $_POST['title'];
$title=mysql_real_escape_string($posted_title);
$posted_subtitle = (get_magic_quotes_gpc()) ? stripslashes($_POST['subtitle']) : $_POST['subtitle'];
$subtitle=mysql_real_escape_string($posted_subtitle);
mysql_query("INSERT INTO products
(userid, catid, catname, subid, subname, title, subtitle, description, condition, video, method, price, pp, creationdate) VALUES
('$userid', '$catid', '$catname', '$subid', '$subname', '$title', '$subtitle', '$description', '$condition', '$video', '$method', '$price', '$pp', '$today')");
$newid = mysql_insert_id();
$result = mysql_query ("SELECT * FROM products WHERE id = '$newid'");
while ($row = mysql_fetch_object($result))
{
echo "<meta http-equiv='Refresh' content='0 ;URL=index.php?page=product&id=$row->id&menu=sub&c=$row->catid&cname=$row->catname&sname=$row->subname&head=$row->title&share=yes'>";
} mysql_free_result($result);
}
elseif ($pic != NULL)
{
error_reporting(0);
$change="";
$abc="";
define ("MAX_SIZE","400");
function getExtension($str) {
$i = strrpos($str,".");
if (!$i) { return ""; }
$l = strlen($str) - $i;
$ext = substr($str,$i+1,$l);
return $ext;
}
$errors=0;
if($_SERVER["REQUEST_METHOD"] == "POST")
{
$image =$_FILES["photo"]["name"];
$uploadedfile = $_FILES['photo']['tmp_name'];
if ($image)
{
$filename = stripslashes($_FILES['photo']['name']);
$extension = getExtension($_FILES['photo']['name']);
$extension = strtolower($extension);
if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif"))
{
$change='<div class="msgdiv">Unknown Image extension </div> ';
$errors=1;
}
else
{
$size=filesize($_FILES['photo']['tmp_name']);
if ($size > MAX_SIZE*1024)
{
$change='<div class="msgdiv">You have exceeded the size limit!</div> ';
$errors=1;
}
if($extension=="jpg" || $extension=="jpeg" )
{
$uploadedfile = $_FILES['photo']['tmp_name'];
$src = imagecreatefromjpeg($uploadedfile);
}
else if($extension=="png")
{
$uploadedfile = $_FILES['photo']['tmp_name'];
$src = imagecreatefrompng($uploadedfile);
}
else
{
$src = imagecreatefromgif($uploadedfile);
}
echo $scr;
list($width,$height)=getimagesize($uploadedfile);
$newwidth=400;
$newheight=($height/$width)*$newwidth;
$tmp=imagecreatetruecolor($newwidth,$newheight);
$newwidth1=130;
$newheight1=($height/$width)*$newwidth1;
$tmp1=imagecreatetruecolor($newwidth1,$newheight1);
imagecopyresampled($tmp,$src,0,0,0,0,$newwidth,$newheight,$width,$height);
imagecopyresampled($tmp1,$src,0,0,0,0,$newwidth1,$newheight1,$width,$height);
$pic=($_FILES['photo']['name']);
srand(time());
$random = (rand()%99999999);
$newname="$random"."$pic";
$filename = "images/productphotos/". $newname;
$filename1 = "images/productphotos/small/". $newname;
imagejpeg($tmp,$filename,100);
imagejpeg($tmp1,$filename1,100);
imagedestroy($src);
imagedestroy($tmp);
imagedestroy($tmp1);
}}
}
$posted_description = (get_magic_quotes_gpc()) ? stripslashes($_POST['description']) : $_POST['description'];
$description=mysql_real_escape_string($posted_description);
$posted_title = (get_magic_quotes_gpc()) ? stripslashes($_POST['title']) : $_POST['title'];
$title=mysql_real_escape_string($posted_title);
$posted_subtitle = (get_magic_quotes_gpc()) ? stripslashes($_POST['subtitle']) : $_POST['subtitle'];
$subtitle=mysql_real_escape_string($posted_subtitle);
mysql_query("INSERT INTO products
(userid, catid, catname, subid, subname, title, subtitle, description, condition, video, method, price, pp, photoprimary, creationdate) VALUES
('$userid', '$catid', '$catname', '$subid', '$subname', '$title', '$subtitle', '$description', '$condition', '$video', '$method', '$price', '$pp', '$newname', '$today')");
$newid = mysql_insert_id();
echo "$newid";
$result = mysql_query ("SELECT * FROM products WHERE id = '$newid'");
while ($row = mysql_fetch_object($result))
{
echo "<meta http-equiv='Refresh' content='0 ;URL=index.php?page=product&id=$row->id&menu=sub&c=$row->catid&cname=$row->catname&sname=$row->subname&head=$row->title&share=yes'>";
}
mysql_free_result($result);
}
mysql_close($sqlconn);
?>