Page 1 of 1

Need help with uploading images and MySQL

Posted: Wed Nov 14, 2007 7:09 pm
by Bogey
What I want to do is have a form that uploads an image to a file (that works perfectly) and submits the URL and the Name into the database (that doesn't work) and than the script would create an individual page for the image (that works).

I chose to take the MySQL route on this one... why does the following NOT submit the $imageUrl into the database?

Code: Select all

<?php
  //setting the values
  $name = $_POST['file-name'];

  //The uploading code
  if (($_FILES["file"]["type"] == "image/gif")
  || ($_FILES["file"]["type"] == "image/jpeg")
  || ($_FILES["file"]["type"] == "image/pjpeg")
  || ($_FILES["file"]["type"] == "image/bmp")
  || ($_FILES["file"]["type"] == "image/png")
  && ($_FILES["file"]["size"] < 20000))
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    }
  else
    {
    echo "<p>Upload: " . $_FILES["file"]["name"] . "<br />";
    echo "Type: " . $_FILES["file"]["type"] . "<br />";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb</p>";

    if (file_exists("images/" . $_FILES["file"]["name"]))
      {
      echo $_FILES["file"]["name"] . " already exists. ";
      $error = true;
      }
    else
      {
      move_uploaded_file($_FILES["file"]["tmp_name"],
      "images/" . $_FILES["file"]["name"]);
      echo 'Stored in: ' . 'images/' . $_FILES["file"]["name"];
      $imageUrl = 'images/' . $_FILES["file"]["name"];
      $error = false;
      }
    }
  }
else
  {
  echo "<p>Invalid file</p>";
  $error = true;
  }

//Creating the file
if($error === false)
 {
  //MySQL connection
  mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
  //Database connection
  mysql_select_db($dbtable) or die(mysql_error());
  mysql_query('INSERT INTO imageSharing (`url`,`url`) VALUES ('$imageUrl','$name')');

//Creating the image file
$filename2 = 'pages/'. $_FILES["file"]["name"] .'.php';
$fp2 = fopen('"$filename2", "w");
fwrite($fp2, "
<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">
<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">
<head>
<title>". $name ."</title>
<meta name=\"keywords\" content=\"". $keywords .">\" />
<meta name=\"description\" content=\"". $name ."\" />
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />
<link rel=\"stylesheet\" href=\"../". $cssScript ."\" title=\"". $siteName .">\" media=\"screen\" type=\"text/css\" />
</head>
<body>
<div id=\"wrap\">
<div id=\"header\">". $header ."</div>
<div id=\"container\">
<div id=\"navigation\">
<a href=\"../Index.php\">Home</a>
<a href=\"../Submit.php\">Submit</a>
<a href=\"../Images.php\">Images</a>
<a href=\"../Search.php\">Search</a>
</div>
<div id=\"content\">
<img src=\"../". $imageUrl ."\" alt=\"". $name ."\" /><br /><p class=\"alt\">". $name ."</p>
</div>
</div>
<div id=\"footer\">". $footer ."</div>
</div>
</body>
</html>");
chmod("$filename2", 0755);
fclose($fp2);

//MySQL log off
mysql_close();
 }
else
 {
  print "There was an error.";
 }
?>
By the way... the values for $dbhost, $dbuser, $dbpass, and $dbtable are in a config file so you know up front :)

Posted: Thu Nov 15, 2007 10:27 am
by pickle
When you're inserting into imageSharing, you're trying to enter in 2 values for the `url` field. I'd guess you actually want 1 of them to be `name`.

Also, don't rely on $_FILES['type'] to be sure the file is an image - that stuff can be spoofed. Use getimagesize() instead.

Posted: Thu Nov 15, 2007 4:17 pm
by Bogey
So, how do I check it's image type and size with that code?

like this?

Code: Select all

$image = getimagesize($file);

Posted: Sat Nov 17, 2007 7:51 pm
by Bogey
Anyone?

Re: Need help with uploading images and MySQL

Posted: Sun Nov 18, 2007 8:51 am
by markusn00b
I would move things around a bit.

Code: Select all

<?php
  //setting the values
  $name = $_POST['file-name'];

  //The uploading code
  if (($_FILES["file"]["type"] == "image/gif")
  || ($_FILES["file"]["type"] == "image/jpeg")
  || ($_FILES["file"]["type"] == "image/pjpeg")
  || ($_FILES["file"]["type"] == "image/bmp")
  || ($_FILES["file"]["type"] == "image/png")
  && ($_FILES["file"]["size"] < 20000))
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    }
  else
    {
    echo "<p>Upload: " . $_FILES["file"]["name"] . "<br />";
    echo "Type: " . $_FILES["file"]["type"] . "<br />";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb</p>";

    if (file_exists("images/" . $_FILES["file"]["name"]))
      {
      echo $_FILES["file"]["name"] . " already exists. ";
      $error = true;
      }
    else
      {
      move_uploaded_file($_FILES["file"]["tmp_name"],
      "images/" . $_FILES["file"]["name"]);
      echo 'Stored in: ' . 'images/' . $_FILES["file"]["name"];
      $imageUrl = 'images/' . $_FILES["file"]["name"];
      $error = false;
          
      /************** put the database stuff and file creation here! *****************/
  //MySQL connection
  mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error());
  //Database connection
  mysql_select_db($dbtable) or die(mysql_error());
  mysql_query('INSERT INTO imageSharing (`url`,`url`) VALUES ('$imageUrl','$name')');

//Creating the image file
$filename2 = 'pages/'. $_FILES["file"]["name"] .'.php';
$fp2 = fopen('"$filename2", "w");
fwrite($fp2, "
<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">
<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">
<head>
<title>". $name ."</title>
<meta name=\"keywords\" content=\"". $keywords .">\" />
<meta name=\"description\" content=\"". $name ."\" />
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />
<link rel=\"stylesheet\" href=\"../". $cssScript ."\" title=\"". $siteName .">\" media=\"screen\" type=\"text/css\" />
</head>
<body>
<div id=\"wrap\">
<div id=\"header\">". $header ."</div>
<div id=\"container\">
<div id=\"navigation\">
<a href=\"../Index.php\">Home</a>
<a href=\"../Submit.php\">Submit</a>
<a href=\"../Images.php\">Images</a>
<a href=\"../Search.php\">Search</a>
</div>
<div id=\"content\">
<img src=\"../". $imageUrl ."\" alt=\"". $name ."\" /><br /><p class=\"alt\">". $name ."</p>
</div>
</div>
<div id=\"footer\">". $footer ."</div>
</div>
</body>
</html>");
chmod("$filename2", 0755);
fclose($fp2);

//MySQL log off
mysql_close();

/****************** end db stuff and file creation ****************/
      }
    }
  }
else
  {
  echo "<p>Invalid file</p>";
  }



/* you dont need this !!!
if($error === false)
 {

 }
*/



else
 {
  print "There was an error.";
 }
?>
Got rid of the $error = TRUE - unnecessary. Just stick it in where and when the file is validated and saved.

In your INSERT INTO you have two `url` columns selected. Change this. What else i saw is that in the mysql_select_db() you have entered $dbtable. From the looks of this you're selecting a table and not the database. Next, have you done any checks? i.e. testing with your mysql to make sure your connections are correct?

Further more, i'm oblivious as to why you are creating a new page for each image? That's just going to take up extra room!

This might suit you better:
create a dynamic php page that will pull the name of the image from the url and display it. eg.
url = http://yoursite.com/index.php?url=thisimage.jpg

Code: Select all

$filename = $_GET['url'];
echo "<img src='uploads/$filename' />";
See where i'm going with that?

Let me know!
echo

Posted: Sun Nov 18, 2007 10:38 am
by Mordred
You have serious problems by using the user-supplied file name in your code. An attacker can thus upload a PHP script, or an arbitrary file in - generally - a directory of his choosing. This is bad. Also, your MySQL code allows sql injection.