Page 1 of 1

-= Upload PIC/Image =-

Posted: Wed Aug 11, 2004 10:27 am
by sguy
Image


hi nooB here ..



i facin some prob in my college final project, do u guys hav similiar PHP code regarding pic/image uploading and store in a folder and the "PhotoID" store in MYSQL.


For example, when i login as "ABC" and i upload a pic. THen the uploaded PIC name will automatically store same as my login name. such as FLOWER.JPG => ABC.JPG

tHANKS IN ADVANCE! !

Posted: Wed Aug 11, 2004 10:45 am
by Getran
set the file grabber thing :P to file and have the upload button...named upload name then do something like this:

Code: Select all

<?php
if ($upload)
{
if (checks on file type or sizes w/e)
{
echo "ERROR";
exit();
}
else
{
copy($file,"root/to/place/to/store/it");
rename($file, $username);
}
?>
something like that maybe ? i'm not sure...i'm a newbie to PHP still. I'm just doing what i can to help ppl out :)

Posted: Wed Aug 18, 2004 12:28 am
by sguy
i want to check the file whether is a picture format..
but i faced some problem...
thanx...

Warning: Wrong parameter count for move_uploaded_file() in c:\phpweb\uploading.php on line 14

Code: Select all

<?php
include "./common.inc";
$conn = db_connect('$db');

$uploaddir = './image/';
$uploadfile = $uploaddir . $_FILES['userfile']['name'];

print "<pre>";
$image_types = Array ("image/bmp",
                        "image/jpeg",
                        "image/pjpeg",
                        "image/gif",
                        "image/x-png");
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile, $image_types)) {

  $name = $_FILES["userfile"]["name"];
  $size = $_FILES["userfile"]["size"];
  $type = $_FILES["userfile"]["type"];
	
	$result=mysql_query("insert into pic (image_id, image_name, image_type, image_size) values ('','$name','$type','$size')");

   	print "File is valid, and was successfully uploaded. ";
   	print "Here's some more debugging info:\n";
   	print_r($_FILES);

} else {
echo"Invalid picture format or file larger than 100kb.<br/>";
   print "Possible file upload attack!  Here's some debugging info:\n";
   print_r($_FILES);
}
print "</pre>";

?>

Posted: Wed Aug 18, 2004 10:46 am
by evilmonkey
Why don't you check for what type it is before moving it?

Code: Select all

<?php
//..
$image_info = @getimagesize($_FILES['userfile']['tmp_name'];
if (!is_int($image_info[2]) || $image_info[2] < 0 || $image_info[2] > 16) {
//the file is not a picture, display some error message 
}
else {
//the file is a picture, so move it
move_uploaded_file($_FILES['userfile']['tmp_name'], "/home/path/to/your/folder/".$_FILES['userfile']['name']);
echo "it's all good";
//do your mysql
}
?>
As you can see, I used PHP's internal [php_man]getimagesize[/php_man] function, which returns (among other things) the type of image that it is. If something other than an image has been uploaded, getimagesize() will issue a warning (which is why I put an error supressant (@) in front of it), and $image_info[2] will not be an integer (hence the is_int() in the if statement). Look in the php manual for more details on getimagesize(). The reason I don't like using mime types (your way) is because a mime type can be easily spoofed, while this does a more in-depth check.

Good luck!

Posted: Thu Aug 19, 2004 12:10 am
by sguy
thank you for you all's comments...
i can upload the picture file to the folder..
izit possible to change the picture file name according the the login name?
for example, when i login using ABC, the original picture pic.jpg change to ABC.jpg
thanks...

Code: Select all

<?php
include "./common.inc";
$conn = db_connect('$db');

$uploaddir = './image/';
$uploadfile = $uploaddir . $_FILES['userfile']['name'];

print "<pre>";

$image_info = @getimagesize($_FILES['userfile']['tmp_name']); 
if (!is_int($image_info[2]) || $image_info[2] < 0 || $image_info[2] > 16) { 

echo"Invalid file";
} 
else { 

move_uploaded_file($_FILES['userfile']['tmp_name'], "./image/".$_FILES['userfile']['name']); 

    $pext = getFileExtension($imgfile_name); 
    $pext = strtolower($pext); 

    $imgfile_name="wailoon.$pext";

    $final_filename = str_replace(" ", "_", $imgfile_name); 
    $newfile = $uploaddir . "/$final_filename"; 

  $name = $_FILES["userfile"]["name"];
  $size = $_FILES["userfile"]["size"];
  $type = $_FILES["userfile"]["type"];
	
	$result=mysql_query("insert into pic (image_id, image_name, image_type, image_size) values ('','$name','$type','$size')");

   	print "File is valid, and was successfully uploaded. ";
   	print "Here's some more debugging info:\n";
   	print_r($_FILES);
} 
print "</pre>";
?>

Posted: Thu Aug 19, 2004 12:18 am
by feyd
the second argument to move_uploaded_file() is the destination name.. so just alter that to your user's name, or whatever you want..