Please login or register.

Login with username, password and session length
Advanced search  

News:

You need/want an older version of sNews ? Download an older/unsupported version here.

Author Topic: PHP please help! uploading image to folder..  (Read 2438 times)

Tjobbe

  • Full Member
  • ***
  • Karma: 0
  • Posts: 112
    • http://www.farstyle.com
PHP please help! uploading image to folder..
« on: September 29, 2006, 06:02:42 pm »

hey guys, I'm stuck!

I created a simple script thta added a title and content to a mysql database. I want to also upload an image to a specific folder, but I keep tripping up on it, if anyone could look at these files and maybe help me out, id be really gratefull!

index
Code: [Select]



New Document








Title:



Content:






   
   
    Send this file:





store_image
Code: [Select]

include "dbconnect.php";

$uploaddir = 'images/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
   echo "File is valid, and was successfully uploaded.\n";

$title=$_POST['title'];
$content=$_POST['content'];
$category=$_POST['category'];
$filenameurl= basename($_FILES['userfile']['name']);   //gets the base name

$sqlquery = "INSERT INTO $category VALUES(id,'$title','$content',NOW(),'$filenameurl'");  //$filename now in database

$results = mysql_query($sqlquery) or die(mysql_error());

} else {
   echo "Possible file upload attack!\n";
}
echo "
";
?>
database
Code: [Select]
-- phpMyAdmin SQL Dump
-- version 2.9.0-rc1
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Sep 29, 2006 at 05:02 PM
-- Server version: 5.0.24
-- PHP Version: 5.1.4
--
-- Database: `testing`
--

-- --------------------------------------------------------

--
-- Table structure for table `blog`
--

CREATE TABLE `blog` (
  `id` int(11) NOT NULL auto_increment,
  `title` text NOT NULL,
  `content` text NOT NULL,
  `date` datetime NOT NULL,
  `filenameurl` varchar(55) NOT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;

--
-- Dumping data for table `blog`
--

INSERT INTO `blog` (`id`, `title`, `content`, `date`, `filenameurl`) VALUES
(2, 'ghmghm', 'gchmndghmg', '2006-09-29 12:04:30', '');
Logged

Keyrocks

  • Doug
  • ULTIMATE member
  • ******
  • Karma: 449
  • Posts: 6020
  • Semantically Challenged
    • snews.ca
PHP please help! uploading image to folder..
« Reply #1 on: September 29, 2006, 07:34:11 pm »

You've posted your request in the wrong forum. You might get a better response if you clean this one out and post it in the sNews help/problems solving forum, and leave the please help! out of the subject line. General Discussion is not the place for problem solving issues. :)
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

Mika

  • Hero Member
  • *****
  • Karma: 9
  • Posts: 1377
    • http://www.ni5ni6.com/
PHP please help! uploading image to folder..
« Reply #2 on: September 29, 2006, 08:33:19 pm »

you're right, key...but this is not sNews specific issue either so I'm moving it to free help forum

Errata
Quote





Standalone upload example
















// upload & db processing routine
/*simple check - form is processed only if submit button is pressed*/

if (isset($_POST['submit_file'])) {
$uploaddir = 'images/';
/*SECURITY ERROR: cleaning routine is missing*/
$uploadfile = $uploaddir.basename($_FILES['userfile']['name']);
   
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";

/*SECURITY ERROR: cleaning routine is missing*/
$title=$_POST['title'];
$contents=$_POST['contents'];
$category=$_POST['category'];
$filenameurl= basename($_FILES['userfile']['name']);

// database connection
/*use this routine or include dbconnect.php file*/

mysql_connect('host','user','pass');
mysql_select_db('db_name') or die('Cannot connect to a database.');
/*id and date are inserted automatically*/
$sqlquery = "INSERT INTO blog(title,content,category,filenameurl) VALUES('$title','$contents','$category','$filenameurl')";
mysql_query($sqlquery) or die(mysql_error());
}
else {
echo "Possible file upload attack!\n";
}
echo ''.$filenameurl.'';
}
/*
---- my sql dump

CREATE TABLE `blog` (
`id` INT( 11 ) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`title` TEXT NOT NULL ,
`content` TEXT NOT NULL ,
`category` VARCHAR( 55 ) NOT NULL ,
`date` DATETIME NOT NULL ,
`filenameurl` VARCHAR( 55 ) NOT NULL
) ENGINE = MYISAM;
*/

?>

what to say? this is working upload example but should not be used because it's highly insecure. please correct all the security issues before deployment - Luka already did a fine job with his files function in sNews 1.5, and there's also lots of examples all over the web -> take a look at www.php.net manual for more info on this subject ;)
Logged
http://www.ni5ni6.com/ - Tutorials, Mods and How-To's about sNews CMS
sNews 1.6 Developers Edition - commented sNews 1.6 version