However I can not get beyond the first couple of lines.
Code: Select all
$name = $_FILES['picture']['photoname'];
Code: Select all
list($width, $height, $typeb, $attr) = getimagesize($tmp_name); Code: Select all
<?php
// if something was posted, start the process...
if(isset($_POST['upload']))
{
// define the posted file into variables
$name = $_FILES['picture']['name'];
$tmp_name = $_FILES['picture']['tmp_name'];
$type = $_FILES['picture']['type'];
$size = $_FILES['picture']['size'];
// get the width & height of the file (we don't need the other stuff)
list($width, $height, $typeb, $attr) = getimagesize($tmp_name);
// if width is over 600 px or height is over 500 px, kill it
if($width>600 || $height>500)
{
echo $name . "'s dimensions exceed the 600x500 pixel limit.";
echo ?> <a href="form.html">Click here</a> to try again. <?php ;
die();
}
// if the mime type is anything other than what we specify below, kill it
if(!(
$type=='image/jpeg' ||
$type=='image/png' ||
$type=='image/gif'
)) {
echo $type . " is not an acceptable format.";
echo ?> <a href="form.html">Click here</a> to try again. <?php ;
die();
}
// if the file size is larger than 350 KB, kill it
if($size>'350000') {
echo $name . " is over 350KB. Please make it smaller.";
echo ?> <a href="form.html">Click here</a> to try again. <?php ;
die();
}
// if your server has magic quotes turned off, add slashes manually
if(!get_magic_quotes_gpc()){
$name = addslashes($name);
}
// open up the file and extract the data/content from it
$extract = fopen($tmp_name, 'r');
$content = fread($extract, $size);
$content = addslashes($content);
fclose($extract);
// connect to the database
mysql_select_db($database_recommendingpeople, $recommendingpeople);
$userid = $_SESSION['userid'];
// the query that will add this to the database
$addfile = "INSERT INTO businessdescription (photoname, photosize, phototype, photocontent ) ".
"VALUES ('$name', '$size', '$type', '$content') WHERE userid = '$userid' ";
mysql_query($addfile) or die(mysql_error());
// get the last inserted ID if we're going to display this image next
mysql_close();
echo "Successfully uploaded your picture!";
// we still have to close the original IF statement. If there was nothing posted, kill the page.
}else{die("No uploaded file present");
}
header( "Location: form.html");
// we still have to close the original IF statement. If there was nothing posted, kill the page.
}else{die("No uploaded file present");
}
?>
// display the image
<div align="center">
<strong><?php echo $name; ?><br>
</strong><img name="<?php echo $name; ?>" src="getpicture.php?fid=<?php echo $userid; ?>" alt="Unable to view image #<?php echo $userid; ?>">
<br>
</div>
<?php
// we still have to close the original IF statement. If there was nothing posted, kill the page.
}else{die("No uploaded file present");
}
?>