Page 1 of 1

image upload.... take 2

Posted: Tue Oct 18, 2005 5:03 am
by ATH0
feyd | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]


Im trying to upload an image ( with description, price .. ) on remote server...

The code for localhost:

Code: Select all

<form method="POST" action="" enctype="multipart/form-data">
<INPUT TYPE="hidden" NAME="MAX_FILE_SIZE" VALUE="10000">
<table>
<tr>
<td width="13%">Picture</td>
<td width="87%"><input type="file" name="imagefile" size="28"></td>
</tr>
<tr>
<td width="13%">Price:</td>
<td width="87%"><input type="text" name="cijena" size="28"></td>
</tr>
<tr>
<td width="13%">Description:</td>
<td width="87%"><textarea rows="5" name="txtDescription" cols="23"></textarea></td>
</tr>
</table>
<p align="center"><input type="submit" value="Submit" name="Submit"><input type="reset" value="Reset" name="B2"></p>
</form>
<? 
$cnxdb = mysql_connect("localhost", "", "") or die("Could not connect: " . mysql_error()); 
mysql_select_db("theBase");

if(isset( $Submit )) 
{ 
//If the Submitbutton was pressed do: 
if ( ($_FILES['imagefile']['type'] == "image/gif") || ($_FILES['imagefile']['type'] == "image/pjpeg") ){ 
copy ($_FILES['imagefile']['tmp_name'], "files/".$_FILES['imagefile']['name']) or die ("Could not copy....."); 

$strDescription = addslashes(nl2br($txtDescription));
$imagefile = $_FILES['imagefile']['name'];

$query = "INSERT INTO pictures (imageid, imeSlike, opis, cijena) VALUES ('', '$imagefile', '$strDescription', '$cijena')"; 
mysql_query($query, $cnxdb);

echo ""; 
echo "Name: ".$name.""; 
echo "Size: ".$_FILES['imagefile']['size'].""; 
echo "Type: ".$_FILES['imagefile']['type'].""; 
echo "Copy Done....";
}
else { 
echo ""; 
echo "Could Not Copy, Wrong Filetype (".$_FILES['imagefile']['name'].")"; 
} 
} 
?>
I get no error and no upload... blank screen... He?


feyd | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]

Posted: Tue Oct 18, 2005 6:01 am
by feyd
your code is assuming register_globals is on, and that the submit button's value is always sent, both of which may not be the case.

Posted: Tue Oct 18, 2005 7:49 am
by ATH0
both of which may not be the case.
And what do you suggest, accept to change the way for register_globals ?

Posted: Tue Oct 18, 2005 8:02 am
by feyd
  1. turn error_reporting up to E_ALL or E_ALL|E_STRICT
  2. swap out the isset($Submit) line for

    Code: Select all

    if($_SERVER['REQUEST_METHOD'] == 'POST')
  3. do not rely on the mime-type sent from the browser to be correct. Since you are looking for images, use getimagesize() to determine both type and dimensional information about the image.
  4. it is recommended to use move_uploaded_file() instead of copy().
  5. using basename() on the "name" element, as IE (at least) sends full path information. At the worst, someone could send a malicious path that could overwrite a file outside the 'files' directory.
  6. You may experience added backslashes in the text description, this is due to using addslashes() on data that has already passed through a magic quotes handler. It's suggested to detect the magic quotes system and stripslashes() the data if on, before escaping (using mysql_real_escape_string() if possible)

Posted: Wed Oct 19, 2005 8:56 am
by ATH0
Where does this come from ?
I choose the file and click submit and this is what i get after i have changed the suggested parts.
Warning: move_uploaded_file(files/bullet.gif) [function.move-uploaded-file]: failed to open stream: No such file or directory in C:\Apache2\Apache2\htdocs\test\upload.php on line 28

Posted: Wed Oct 19, 2005 8:58 am
by feyd
does the files directory exist? Is it writable by the script's user (not necessarily the user you have with the host)

Posted: Wed Oct 19, 2005 9:33 am
by ATH0
1.) my syntax errror. Sorry!

2.) After submit and after successfull sending i still have empty db table. No uploaded image...

Posted: Thu Oct 20, 2005 7:21 am
by ATH0
After testing syntax i still can make no real upload into db.
I get no errors, file is saved in temp dir but there is no upload into db.
Confirmation is displayed ( Succesfull transfer ).
I tested with gif, jpg , different file sizes ( from 10 - 500KB ) but the db table is still empty

Any logic solution or maybe do i miss something ?

Posted: Thu Oct 20, 2005 9:53 am
by Grond
do you have access to apache's error log???

on my system its at /etc/httpd/logs/error_log

so I would check it by using tail /etc/httpd/logs/error_log


if I don't see any errors on screen.

This is always good for more clues.

Posted: Thu Oct 20, 2005 1:50 pm
by ATH0
Apache/2.0.54 (Win32) PHP/5.0.5 configured -- resuming normal operations
Server built: Apr 16 2005 14:25:31
Parent: Created child process 1460
Child 1460: Child process is running
Child 1460: Acquired the start mutex.
Child 1460: Starting 250 worker threads.
Nothing what can point to error....