image upload.... take 2

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ATH0
Forum Newbie
Posts: 19
Joined: Mon Oct 03, 2005 12:39 pm

image upload.... take 2

Post by ATH0 »

feyd | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]


Im trying to upload an image ( with description, price .. ) on remote server...

The code for localhost:

Code: Select all

<form method="POST" action="" enctype="multipart/form-data">
<INPUT TYPE="hidden" NAME="MAX_FILE_SIZE" VALUE="10000">
<table>
<tr>
<td width="13%">Picture</td>
<td width="87%"><input type="file" name="imagefile" size="28"></td>
</tr>
<tr>
<td width="13%">Price:</td>
<td width="87%"><input type="text" name="cijena" size="28"></td>
</tr>
<tr>
<td width="13%">Description:</td>
<td width="87%"><textarea rows="5" name="txtDescription" cols="23"></textarea></td>
</tr>
</table>
<p align="center"><input type="submit" value="Submit" name="Submit"><input type="reset" value="Reset" name="B2"></p>
</form>
<? 
$cnxdb = mysql_connect("localhost", "", "") or die("Could not connect: " . mysql_error()); 
mysql_select_db("theBase");

if(isset( $Submit )) 
{ 
//If the Submitbutton was pressed do: 
if ( ($_FILES['imagefile']['type'] == "image/gif") || ($_FILES['imagefile']['type'] == "image/pjpeg") ){ 
copy ($_FILES['imagefile']['tmp_name'], "files/".$_FILES['imagefile']['name']) or die ("Could not copy....."); 

$strDescription = addslashes(nl2br($txtDescription));
$imagefile = $_FILES['imagefile']['name'];

$query = "INSERT INTO pictures (imageid, imeSlike, opis, cijena) VALUES ('', '$imagefile', '$strDescription', '$cijena')"; 
mysql_query($query, $cnxdb);

echo ""; 
echo "Name: ".$name.""; 
echo "Size: ".$_FILES['imagefile']['size'].""; 
echo "Type: ".$_FILES['imagefile']['type'].""; 
echo "Copy Done....";
}
else { 
echo ""; 
echo "Could Not Copy, Wrong Filetype (".$_FILES['imagefile']['name'].")"; 
} 
} 
?>
I get no error and no upload... blank screen... He?


feyd | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

your code is assuming register_globals is on, and that the submit button's value is always sent, both of which may not be the case.
ATH0
Forum Newbie
Posts: 19
Joined: Mon Oct 03, 2005 12:39 pm

Post by ATH0 »

both of which may not be the case.
And what do you suggest, accept to change the way for register_globals ?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

  1. turn error_reporting up to E_ALL or E_ALL|E_STRICT
  2. swap out the isset($Submit) line for

    Code: Select all

    if($_SERVER['REQUEST_METHOD'] == 'POST')
  3. do not rely on the mime-type sent from the browser to be correct. Since you are looking for images, use getimagesize() to determine both type and dimensional information about the image.
  4. it is recommended to use move_uploaded_file() instead of copy().
  5. using basename() on the "name" element, as IE (at least) sends full path information. At the worst, someone could send a malicious path that could overwrite a file outside the 'files' directory.
  6. You may experience added backslashes in the text description, this is due to using addslashes() on data that has already passed through a magic quotes handler. It's suggested to detect the magic quotes system and stripslashes() the data if on, before escaping (using mysql_real_escape_string() if possible)
ATH0
Forum Newbie
Posts: 19
Joined: Mon Oct 03, 2005 12:39 pm

Post by ATH0 »

Where does this come from ?
I choose the file and click submit and this is what i get after i have changed the suggested parts.
Warning: move_uploaded_file(files/bullet.gif) [function.move-uploaded-file]: failed to open stream: No such file or directory in C:\Apache2\Apache2\htdocs\test\upload.php on line 28
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

does the files directory exist? Is it writable by the script's user (not necessarily the user you have with the host)
ATH0
Forum Newbie
Posts: 19
Joined: Mon Oct 03, 2005 12:39 pm

Post by ATH0 »

1.) my syntax errror. Sorry!

2.) After submit and after successfull sending i still have empty db table. No uploaded image...
ATH0
Forum Newbie
Posts: 19
Joined: Mon Oct 03, 2005 12:39 pm

Post by ATH0 »

After testing syntax i still can make no real upload into db.
I get no errors, file is saved in temp dir but there is no upload into db.
Confirmation is displayed ( Succesfull transfer ).
I tested with gif, jpg , different file sizes ( from 10 - 500KB ) but the db table is still empty

Any logic solution or maybe do i miss something ?
Grond
Forum Newbie
Posts: 5
Joined: Tue Sep 13, 2005 11:22 am

Post by Grond »

do you have access to apache's error log???

on my system its at /etc/httpd/logs/error_log

so I would check it by using tail /etc/httpd/logs/error_log


if I don't see any errors on screen.

This is always good for more clues.
ATH0
Forum Newbie
Posts: 19
Joined: Mon Oct 03, 2005 12:39 pm

Post by ATH0 »

Apache/2.0.54 (Win32) PHP/5.0.5 configured -- resuming normal operations
Server built: Apr 16 2005 14:25:31
Parent: Created child process 1460
Child 1460: Child process is running
Child 1460: Acquired the start mutex.
Child 1460: Starting 250 worker threads.
Nothing what can point to error....
Post Reply