Page 1 of 1
-= Upload PIC/Image =-
Posted: Wed Aug 11, 2004 10:27 am
by sguy
hi nooB here ..
i facin some prob in my college final project, do u guys hav similiar PHP code regarding pic/image uploading and store in a folder and the "PhotoID" store in MYSQL.
For example, when i login as "ABC" and i upload a pic. THen the uploaded PIC name will automatically store same as my login name. such as FLOWER.JPG => ABC.JPG
tHANKS IN ADVANCE! !
Posted: Wed Aug 11, 2004 10:45 am
by Getran
set the file grabber thing

to file and have the upload button...named upload name then do something like this:
Code: Select all
<?php
if ($upload)
{
if (checks on file type or sizes w/e)
{
echo "ERROR";
exit();
}
else
{
copy($file,"root/to/place/to/store/it");
rename($file, $username);
}
?>
something like that maybe ? i'm not sure...i'm a newbie to PHP still. I'm just doing what i can to help ppl out

Posted: Wed Aug 18, 2004 12:28 am
by sguy
i want to check the file whether is a picture format..
but i faced some problem...
thanx...
Warning: Wrong parameter count for move_uploaded_file() in c:\phpweb\uploading.php on line 14
Code: Select all
<?php
include "./common.inc";
$conn = db_connect('$db');
$uploaddir = './image/';
$uploadfile = $uploaddir . $_FILES['userfile']['name'];
print "<pre>";
$image_types = Array ("image/bmp",
"image/jpeg",
"image/pjpeg",
"image/gif",
"image/x-png");
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile, $image_types)) {
$name = $_FILES["userfile"]["name"];
$size = $_FILES["userfile"]["size"];
$type = $_FILES["userfile"]["type"];
$result=mysql_query("insert into pic (image_id, image_name, image_type, image_size) values ('','$name','$type','$size')");
print "File is valid, and was successfully uploaded. ";
print "Here's some more debugging info:\n";
print_r($_FILES);
} else {
echo"Invalid picture format or file larger than 100kb.<br/>";
print "Possible file upload attack! Here's some debugging info:\n";
print_r($_FILES);
}
print "</pre>";
?>
Posted: Wed Aug 18, 2004 10:46 am
by evilmonkey
Why don't you check for what type it is before moving it?
Code: Select all
<?php
//..
$image_info = @getimagesize($_FILES['userfile']['tmp_name'];
if (!is_int($image_info[2]) || $image_info[2] < 0 || $image_info[2] > 16) {
//the file is not a picture, display some error message
}
else {
//the file is a picture, so move it
move_uploaded_file($_FILES['userfile']['tmp_name'], "/home/path/to/your/folder/".$_FILES['userfile']['name']);
echo "it's all good";
//do your mysql
}
?>
As you can see, I used PHP's internal [php_man]getimagesize[/php_man] function, which returns (among other things) the type of image that it is. If something other than an image has been uploaded, getimagesize() will issue a warning (which is why I put an error supressant (@) in front of it), and $image_info[2] will not be an integer (hence the is_int() in the if statement). Look in the php manual for more details on getimagesize(). The reason I don't like using mime types (your way) is because a mime type can be easily spoofed, while this does a more in-depth check.
Good luck!
Posted: Thu Aug 19, 2004 12:10 am
by sguy
thank you for you all's comments...
i can upload the picture file to the folder..
izit possible to change the picture file name according the the login name?
for example, when i login using ABC, the original picture pic.jpg change to ABC.jpg
thanks...
Code: Select all
<?php
include "./common.inc";
$conn = db_connect('$db');
$uploaddir = './image/';
$uploadfile = $uploaddir . $_FILES['userfile']['name'];
print "<pre>";
$image_info = @getimagesize($_FILES['userfile']['tmp_name']);
if (!is_int($image_info[2]) || $image_info[2] < 0 || $image_info[2] > 16) {
echo"Invalid file";
}
else {
move_uploaded_file($_FILES['userfile']['tmp_name'], "./image/".$_FILES['userfile']['name']);
$pext = getFileExtension($imgfile_name);
$pext = strtolower($pext);
$imgfile_name="wailoon.$pext";
$final_filename = str_replace(" ", "_", $imgfile_name);
$newfile = $uploaddir . "/$final_filename";
$name = $_FILES["userfile"]["name"];
$size = $_FILES["userfile"]["size"];
$type = $_FILES["userfile"]["type"];
$result=mysql_query("insert into pic (image_id, image_name, image_type, image_size) values ('','$name','$type','$size')");
print "File is valid, and was successfully uploaded. ";
print "Here's some more debugging info:\n";
print_r($_FILES);
}
print "</pre>";
?>
Posted: Thu Aug 19, 2004 12:18 am
by feyd
the second argument to move_uploaded_file() is the destination name.. so just alter that to your user's name, or whatever you want..