php and mysql

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

corillo181
Forum Commoner
Posts: 76
Joined: Wed Apr 26, 2006 3:02 pm

Post by corillo181 »

jus tin case you see the problem while i keepp testing..i'll chekc in a few if i still can't read the file with this code

Code: Select all

<?php
$uploadDir = 'xml/';

if(isset($_POST['upload']))
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];

$filePath = $uploadDir . $fileName;

$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading file";
exit;
}

include 'config/db.php';


if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
} 

$query = "INSERT INTO images (name, size, type, path ) ".
"VALUES ('$fileName', '$fileSize', '$fileType', '$filePath')";

mysql_query($query) or die(mysql_error());


}
?>
corillo181
Forum Commoner
Posts: 76
Joined: Wed Apr 26, 2006 3:02 pm

Post by corillo181 »

yeah is that scrip alright.. it returns the pictures as 403-forbidden
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

What are the file permissions for the pictures? Should be world readable.

Instead of addslashes() for SQL queries for mysql - use mysql_real_escape_string() or its equivalent if using mysqli (MySQL4.1+).
corillo181
Forum Commoner
Posts: 76
Joined: Wed Apr 26, 2006 3:02 pm

Post by corillo181 »

i changed addlashes to mysql_real_escape_string and it still dont work.. still give the forbidden..
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Here's a good read for general awareness of securing file uploads...
http://shiflett.org/articles/security-corner-oct2004
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

mysql escape functions won't alter that - it simply adds more security than using addslashes alone which is limited and ignores character encoding.

Check file permissions - are they at least 644? I.e rw-r--r-- so that all users can at least read them and therefore access them online? If one of the settings is missing the read flag (r) it may be a problem, e.g. rw-r----- (no read permission for world)
corillo181
Forum Commoner
Posts: 76
Joined: Wed Apr 26, 2006 3:02 pm

Post by corillo181 »

how would i chekc that? yahoo is my server provider..so i can't see wich settings they got set up..
corillo181
Forum Commoner
Posts: 76
Joined: Wed Apr 26, 2006 3:02 pm

Post by corillo181 »

:| i changed the file permission to 777 with the FTP client and still when i upload something with tthat script it says is FORBIDDEN...

any one know whats wrogn with the uploading script..
corillo181
Forum Commoner
Posts: 76
Joined: Wed Apr 26, 2006 3:02 pm

Post by corillo181 »

well i found out the problem it had to be copy insted of move..

but now can someone tell me how do i work a file chekc in to this becuase i try few ways and still not workin..

Code: Select all

<?php
$uploaddir =  'xml/';
if(isset($_POST['ulfile']))
{
if($_SERVER['ulfile']['type'] == "image/gif"){
$filename = $_FILES['ulfile']['name'];
$tmpname = $_FILES['ulfile']['tmp_name'];
$filesize = $_FILES['ulfile']['size'];
$filetype = $_FILES['ulfile']['type'];
$filepath = $uploaddir . $filename;
$result=copy($tmpname, $filepath);
}
if(!$result){
echo"error uploading file";
exit;

}
}
?>
Post Reply