PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
corillo181
Forum Commoner
Posts: 76 Joined: Wed Apr 26, 2006 3:02 pm
Post
by corillo181 » Wed May 03, 2006 4:46 am
jus tin case you see the problem while i keepp testing..i'll chekc in a few if i still can't read the file with this code
Code: Select all
<?php
$uploadDir = 'xml/';
if(isset($_POST['upload']))
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$filePath = $uploadDir . $fileName;
$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading file";
exit;
}
include 'config/db.php';
if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}
$query = "INSERT INTO images (name, size, type, path ) ".
"VALUES ('$fileName', '$fileSize', '$fileType', '$filePath')";
mysql_query($query) or die(mysql_error());
}
?>
corillo181
Forum Commoner
Posts: 76 Joined: Wed Apr 26, 2006 3:02 pm
Post
by corillo181 » Wed May 03, 2006 4:51 am
yeah is that scrip alright.. it returns the pictures as 403-forbidden
Maugrim_The_Reaper
DevNet Master
Posts: 2704 Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland
Post
by Maugrim_The_Reaper » Wed May 03, 2006 5:21 am
What are the file permissions for the pictures? Should be world readable.
Instead of addslashes() for SQL queries for mysql - use mysql_real_escape_string() or its equivalent if using mysqli (MySQL4.1+).
corillo181
Forum Commoner
Posts: 76 Joined: Wed Apr 26, 2006 3:02 pm
Post
by corillo181 » Wed May 03, 2006 5:29 am
i changed addlashes to mysql_real_escape_string and it still dont work.. still give the forbidden..
Maugrim_The_Reaper
DevNet Master
Posts: 2704 Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland
Post
by Maugrim_The_Reaper » Wed May 03, 2006 6:15 am
mysql escape functions won't alter that - it simply adds more security than using addslashes alone which is limited and ignores character encoding.
Check file permissions - are they at least 644? I.e rw-r--r-- so that all users can at least read them and therefore access them online? If one of the settings is missing the read flag (r) it may be a problem, e.g. rw-r----- (no read permission for world)
corillo181
Forum Commoner
Posts: 76 Joined: Wed Apr 26, 2006 3:02 pm
Post
by corillo181 » Wed May 03, 2006 1:56 pm
how would i chekc that? yahoo is my server provider..so i can't see wich settings they got set up..
corillo181
Forum Commoner
Posts: 76 Joined: Wed Apr 26, 2006 3:02 pm
Post
by corillo181 » Wed May 03, 2006 6:18 pm
i changed the file permission to 777 with the FTP client and still when i upload something with tthat script it says is FORBIDDEN...
any one know whats wrogn with the uploading script..
corillo181
Forum Commoner
Posts: 76 Joined: Wed Apr 26, 2006 3:02 pm
Post
by corillo181 » Thu May 04, 2006 12:47 am
well i found out the problem it had to be copy insted of move..
but now can someone tell me how do i work a file chekc in to this becuase i try few ways and still not workin..
Code: Select all
<?php
$uploaddir = 'xml/';
if(isset($_POST['ulfile']))
{
if($_SERVER['ulfile']['type'] == "image/gif"){
$filename = $_FILES['ulfile']['name'];
$tmpname = $_FILES['ulfile']['tmp_name'];
$filesize = $_FILES['ulfile']['size'];
$filetype = $_FILES['ulfile']['type'];
$filepath = $uploaddir . $filename;
$result=copy($tmpname, $filepath);
}
if(!$result){
echo"error uploading file";
exit;
}
}
?>