•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 423,534 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 4,369 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our PHP advertiser: Lunarpages PHP Web Hosting
Views: 860 | Replies: 6
 |
•
•
Join Date: Jan 2008
Posts: 17
Reputation: 
Rep Power: 1
Solved Threads: 0
Newbie Poster
HELP - Image Upload Can someone please take a look at this and help me do one thing?
I am uploading images to a directory and updating the users record with the photo they upload. Problem is, I could have someone upload a photo with the same name as a photo that is already on the server. If this happens, then the photo for the exsisting profile will be over written.
I am trying to add the userid to the image name and the database record.
Here is my code:
<?php
if($_GET['do'] == 'upload')
{
//upload all the fields until done
For($i=0; $i <= $_i-1; $i++)
{
//create a random number
$_random = rand(1, 1000000);
//file with the upload folder
$target_path = $upload_dir . basename($_FILES['file' . $i]['name']);
$target_path = str_replace (" ", "", $target_path);
//actual file name with the random number
$_file_name = basename($_FILES['file' . $i]['name']);
$_file_name = str_replace (" ", "", $_file_name);
//do not upload the 'left blank' fields
if(basename($_FILES['file' . $i]['name']) != '')
{
if(move_uploaded_file($_FILES['file' . $i]['tmp_name'], $target_path))
{
//uploaded successfuly
$_uploaded=1;
}
else
{
//error uploading
$_error=1;
}
}
else
{
$_check=$_check+1;
}
}
//file(s) did upload
if($_uploaded == '1')
{
$_uploaded=0;
echo "<div style=\"COLOR: #339900; font-size: 8pt; font-weight: bold; padding-top: 10px;\">The file have been uploaded.</div>";
mysql_query("update tbl_accounts set photo = '".$_file_name."' WHERE userID = '$passcode'");
}
//file uploaded?
if($_error == '1')
{
$_error=0;
echo "<div style=\"COLOR: #ff0000; font-size: 8pt; font-weight: bold; padding-top: 10px;\">There was an error uploading some of the file(s), please try again! Maybe the file size is too large. Maximum file size is 3MB</div>";
}
//user selected a file?
if($_check == $_i)
{
$_check=0;
echo "<div style=\"COLOR: #ff0000; font-size: 8pt; font-weight: bold; padding-top: 10px;\">Select a file first than click 'Upload File'</div>";
}
}
echo "</td></tr>";
?>
</table>
I am uploading images to a directory and updating the users record with the photo they upload. Problem is, I could have someone upload a photo with the same name as a photo that is already on the server. If this happens, then the photo for the exsisting profile will be over written.
I am trying to add the userid to the image name and the database record.
Here is my code:
<?php
if($_GET['do'] == 'upload')
{
//upload all the fields until done
For($i=0; $i <= $_i-1; $i++)
{
//create a random number
$_random = rand(1, 1000000);
//file with the upload folder
$target_path = $upload_dir . basename($_FILES['file' . $i]['name']);
$target_path = str_replace (" ", "", $target_path);
//actual file name with the random number
$_file_name = basename($_FILES['file' . $i]['name']);
$_file_name = str_replace (" ", "", $_file_name);
//do not upload the 'left blank' fields
if(basename($_FILES['file' . $i]['name']) != '')
{
if(move_uploaded_file($_FILES['file' . $i]['tmp_name'], $target_path))
{
//uploaded successfuly
$_uploaded=1;
}
else
{
//error uploading
$_error=1;
}
}
else
{
$_check=$_check+1;
}
}
//file(s) did upload
if($_uploaded == '1')
{
$_uploaded=0;
echo "<div style=\"COLOR: #339900; font-size: 8pt; font-weight: bold; padding-top: 10px;\">The file have been uploaded.</div>";
mysql_query("update tbl_accounts set photo = '".$_file_name."' WHERE userID = '$passcode'");
}
//file uploaded?
if($_error == '1')
{
$_error=0;
echo "<div style=\"COLOR: #ff0000; font-size: 8pt; font-weight: bold; padding-top: 10px;\">There was an error uploading some of the file(s), please try again! Maybe the file size is too large. Maximum file size is 3MB</div>";
}
//user selected a file?
if($_check == $_i)
{
$_check=0;
echo "<div style=\"COLOR: #ff0000; font-size: 8pt; font-weight: bold; padding-top: 10px;\">Select a file first than click 'Upload File'</div>";
}
}
echo "</td></tr>";
?>
</table>
•
•
Join Date: Jun 2007
Posts: 53
Reputation:
Rep Power: 2
Solved Threads: 2
Junior Poster in Training
it should be like:
do {
$_random = rand(1, 1000000);
$target_file = $upload_dir . $_random . basename($_FILES['file' . $i]['name']);
}while(file_exists($target_file);
//now at this point $target_file is unique and u can upload it safely
If you need to give the realfile name, one the user has uploaded (making SEO coool)
then it can be done by putting the realfilename in the database to this $target_file and just rewrite throught .htaccess while accessing the file, adding onemore parameter imageid is required to make the url for each image unique.
do {
$_random = rand(1, 1000000);
$target_file = $upload_dir . $_random . basename($_FILES['file' . $i]['name']);
}while(file_exists($target_file);
//now at this point $target_file is unique and u can upload it safely
If you need to give the realfile name, one the user has uploaded (making SEO coool)
then it can be done by putting the realfilename in the database to this $target_file and just rewrite throught .htaccess while accessing the file, adding onemore parameter imageid is required to make the url for each image unique.
Hunters Never Hurt
•
•
Join Date: Jan 2008
Posts: 17
Reputation:
Rep Power: 1
Solved Threads: 0
Newbie Poster
Worked great, thanks.
Can you tell me real quick using the same code block how I can block the upload if its not a .GIF or .JPG???
Can you tell me real quick using the same code block how I can block the upload if its not a .GIF or .JPG???
•
•
Join Date: Jun 2007
Posts: 53
Reputation:
Rep Power: 2
Solved Threads: 2
Junior Poster in Training
Before going to the above block check like this
if(exif_imagetype($_FILES['file' . $i]['name']) != IMAGETYPE_GIF || exif_imagetype($_FILES['file' . $i]['name']) != IMAGETYPE_JPEG)
{
//do something
//or as you have for look skip this image and upload next
continue;
}
for more info on exif_imagetype function and its Imagetype Constants:
http://www.php.net/manual/en/functio...-imagetype.php
if(exif_imagetype($_FILES['file' . $i]['name']) != IMAGETYPE_GIF || exif_imagetype($_FILES['file' . $i]['name']) != IMAGETYPE_JPEG)
{
//do something
//or as you have for look skip this image and upload next
continue;
}
for more info on exif_imagetype function and its Imagetype Constants:
http://www.php.net/manual/en/functio...-imagetype.php
Hunters Never Hurt
•
•
Join Date: Jan 2008
Posts: 17
Reputation:
Rep Power: 1
Solved Threads: 0
Newbie Poster
I have spent hours and cannot get the above solution to work. It says "Image must be a .GIF or .JPG when its not, but it still uploads image and updates the DB with the file.
Full script below, please help me block all uploads if they are not .GIF or .JPG.
<?php
//edit this
$_max_file_size = '1048576'; //file size in bytes.
$upload_dir = "profile_photos/"; //upload folder..chmod to 777
$_i = "1"; //number of files to upload at one time
//end edit
echo "<table width=100% border=0 cellpadding=0 cellspacing=0>";
echo "<form enctype='multipart/form-data' action='?do=upload' method='post' style=\"margin: 0px;\">";
echo "<tr><td><input type='hidden' name='MAX_FILE_SIZE' value='" . $_max_file_size , "'></td></tr>";
echo "<tr><td class=bodytext style=\"color: #ff0000;\"><b>Photos MUST be in .JPG or .GIF format and CANNOT be over 1MB in size.</b></td></tr>";
echo "<tr><td> </td></tr>";
echo "<tr><td class=bodytext>Choose your image:<br>";
//show number of files to select
For($i=0; $i <= $_i-1;$i++)
{
echo "<input name='file" . $i . "' type='file'></td></tr>";
}
echo "<tr><td class=bodytext><input type=submit name=Submit value=\"Upload New Photo\" style=\"font-family: Verdana; font-size: 8pt; font-weight: bold; BACKGROUND-COLOR: #5E6456; COLOR: #ffffff;\"></td></tr>";
echo "<tr><td> </td></tr>";
if($_GET['do'] == 'upload')
{
//upload all the fields until done
For($i=0; $i <= $_i-1; $i++)
{
//file with the upload folder
$target_path = $upload_dir . $passcode . basename($_FILES['file' . $i]['name']);
$target_path = str_replace (" ", "", $target_path);
//actual file name with the random number
$_file_name = basename($_FILES['file' . $i]['name']);
$_file_name = str_replace (" ", "", $_file_name);
$_file_name = $passcode.$_file_name;
//do not upload the 'left blank' fields
if(basename($_FILES['file' . $i]['name']) != '')
{
if(move_uploaded_file($_FILES['file' . $i]['tmp_name'], $target_path))
{
//uploaded successfuly
$_uploaded=1;
}
else
{
//error uploading
$_error=1;
}
}
else
{
$_check=$_check+1;
}
}
//file(s) did upload
if($_uploaded == '1')
{
$_uploaded=0;
echo "<tr><td class=redtext>Your photo has been updated.</td></tr>";
echo "<tr><td class=bodytext><a href=editphoto.php>Click Here To Refresh Screen To See New Photo</a></td></tr>";
echo "<tr><td class=bodytext><a href=profile.php>Return to My Account</a></td></tr>";
echo "<tr><td> </td></tr>";
mysql_query("update tbl_accounts set photo = '".$_file_name."' WHERE userID = '$passcode'");
}
//file uploaded?
if($_error == '1')
{
$_error=0;
echo "<div class=redtext>There was an error uploading some of the file(s), please try again! Maybe the file size is too large. Maximum file size is 1MB</div>";
}
//user selected a file?
if($_check == $_i)
{
$_check=0;
echo "<div class=redtext>Select a file first than click 'Upload File'</div>";
}
}
echo "</td></tr>";
?>
</table>
Full script below, please help me block all uploads if they are not .GIF or .JPG.
<?php
//edit this
$_max_file_size = '1048576'; //file size in bytes.
$upload_dir = "profile_photos/"; //upload folder..chmod to 777
$_i = "1"; //number of files to upload at one time
//end edit
echo "<table width=100% border=0 cellpadding=0 cellspacing=0>";
echo "<form enctype='multipart/form-data' action='?do=upload' method='post' style=\"margin: 0px;\">";
echo "<tr><td><input type='hidden' name='MAX_FILE_SIZE' value='" . $_max_file_size , "'></td></tr>";
echo "<tr><td class=bodytext style=\"color: #ff0000;\"><b>Photos MUST be in .JPG or .GIF format and CANNOT be over 1MB in size.</b></td></tr>";
echo "<tr><td> </td></tr>";
echo "<tr><td class=bodytext>Choose your image:<br>";
//show number of files to select
For($i=0; $i <= $_i-1;$i++)
{
echo "<input name='file" . $i . "' type='file'></td></tr>";
}
echo "<tr><td class=bodytext><input type=submit name=Submit value=\"Upload New Photo\" style=\"font-family: Verdana; font-size: 8pt; font-weight: bold; BACKGROUND-COLOR: #5E6456; COLOR: #ffffff;\"></td></tr>";
echo "<tr><td> </td></tr>";
if($_GET['do'] == 'upload')
{
//upload all the fields until done
For($i=0; $i <= $_i-1; $i++)
{
//file with the upload folder
$target_path = $upload_dir . $passcode . basename($_FILES['file' . $i]['name']);
$target_path = str_replace (" ", "", $target_path);
//actual file name with the random number
$_file_name = basename($_FILES['file' . $i]['name']);
$_file_name = str_replace (" ", "", $_file_name);
$_file_name = $passcode.$_file_name;
//do not upload the 'left blank' fields
if(basename($_FILES['file' . $i]['name']) != '')
{
if(move_uploaded_file($_FILES['file' . $i]['tmp_name'], $target_path))
{
//uploaded successfuly
$_uploaded=1;
}
else
{
//error uploading
$_error=1;
}
}
else
{
$_check=$_check+1;
}
}
//file(s) did upload
if($_uploaded == '1')
{
$_uploaded=0;
echo "<tr><td class=redtext>Your photo has been updated.</td></tr>";
echo "<tr><td class=bodytext><a href=editphoto.php>Click Here To Refresh Screen To See New Photo</a></td></tr>";
echo "<tr><td class=bodytext><a href=profile.php>Return to My Account</a></td></tr>";
echo "<tr><td> </td></tr>";
mysql_query("update tbl_accounts set photo = '".$_file_name."' WHERE userID = '$passcode'");
}
//file uploaded?
if($_error == '1')
{
$_error=0;
echo "<div class=redtext>There was an error uploading some of the file(s), please try again! Maybe the file size is too large. Maximum file size is 1MB</div>";
}
//user selected a file?
if($_check == $_i)
{
$_check=0;
echo "<div class=redtext>Select a file first than click 'Upload File'</div>";
}
}
echo "</td></tr>";
?>
</table>
•
•
Join Date: Jun 2007
Posts: 53
Reputation:
Rep Power: 2
Solved Threads: 2
Junior Poster in Training
Try this ..... report full error description if occur
•
•
•
•
Originally Posted by Morty222 
<?php
//edit this
$_max_file_size = '1048576'; //file size in bytes.
$upload_dir = "profile_photos/"; //upload folder..chmod to 777
$_i = "1"; //number of files to upload at one time
//end edit
echo "<table width=100% border=0 cellpadding=0 cellspacing=0>";
echo "<form enctype='multipart/form-data' action='?do=upload' method='post' style=\"margin: 0px;\">";
echo "<tr><td><input type='hidden' name='MAX_FILE_SIZE' value='" . $_max_file_size , "'></td></tr>";
echo "<tr><td class=bodytext style=\"color: #ff0000;\"><b>Photos MUST be in .JPG or .GIF format and CANNOT be over 1MB in size.</b></td></tr>";
echo "<tr><td> </td></tr>";
echo "<tr><td class=bodytext>Choose your image:<br>";
//show number of files to select
For($i=0; $i <= $_i-1;$i++)
{
echo "<input name='file" . $i . "' type='file'></td></tr>";
}
echo "<tr><td class=bodytext><input type=submit name=Submit value=\"Upload New Photo\" style=\"font-family: Verdana; font-size: 8pt; font-weight: bold; BACKGROUND-COLOR: #5E6456; COLOR: #ffffff;\"></td></tr>";
echo "<tr><td> </td></tr>";
if($_GET['do'] == 'upload')
{
//upload all the fields until done
For($i=0; $i <= $_i-1; $i++)
{
if(exif_imagetype($_FILES['file' . $i]['name']) != IMAGETYPE_GIF || exif_imagetype($_FILES['file' . $i]['name']) != IMAGETYPE_JPEG)
{
continue;
}
//file with the upload folder
$target_path = $upload_dir . $passcode . basename($_FILES['file' . $i]['name']);
$target_path = str_replace (" ", "", $target_path);
//actual file name with the random number
$_file_name = basename($_FILES['file' . $i]['name']);
$_file_name = str_replace (" ", "", $_file_name);
$_file_name = $passcode.$_file_name;
//do not upload the 'left blank' fields
if(basename($_FILES['file' . $i]['name']) != '')
{
if(move_uploaded_file($_FILES['file' . $i]['tmp_name'], $target_path))
{
//uploaded successfuly
$_uploaded=1;
}
else
{
//error uploading
$_error=1;
}
}
else
{
$_check=$_check+1;
}
}
//file(s) did upload
if($_uploaded == '1')
{
$_uploaded=0;
echo "<tr><td class=redtext>Your photo has been updated.</td></tr>";
echo "<tr><td class=bodytext><a href=editphoto.php>Click Here To Refresh Screen To See New Photo</a></td></tr>";
echo "<tr><td class=bodytext><a href=profile.php>Return to My Account</a></td></tr>";
echo "<tr><td> </td></tr>";
mysql_query("update tbl_accounts set photo = '".$_file_name."' WHERE userID = '$passcode'");
}
//file uploaded?
if($_error == '1')
{
$_error=0;
echo "<div class=redtext>There was an error uploading some of the file(s), please try again! Maybe the file size is too large. Maximum file size is 1MB</div>";
}
//user selected a file?
if($_check == $_i)
{
$_check=0;
echo "<div class=redtext>Select a file first than click 'Upload File'</div>";
}
}
echo "</td></tr>";
?>
</table>
Hunters Never Hurt
•
•
Join Date: Feb 2008
Location: Lincolnshire
Posts: 11
Reputation:
Rep Power: 1
Solved Threads: 2
Newbie Poster
HI guys, I had a similar problem with exif data and needed a real quick fix. You can consider this, though there are many ways of killing shroedingers cat!
use the 'pathinfo()' function and extract the file extension, a simple routine selects if the file is within your limits (I'll come to validation in a minute). You could even use an array of values then, and keep this in an external file - if you need to add to or remove from your extensions list it simplifies things. If you need to check spoof images (text files loaded as images) check image width or height - only images exhibit these properties. Hope this helps.
use the 'pathinfo()' function and extract the file extension, a simple routine selects if the file is within your limits (I'll come to validation in a minute). You could even use an array of values then, and keep this in an external file - if you need to add to or remove from your extensions list it simplifies things. If you need to check spoof images (text files loaded as images) check image width or height - only images exhibit these properties. Hope this helps.
|
•
•
•
•
•
•
•
•
DaniWeb PHP Marketplace
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Linear Mode
- image upload problem (PHP)
- Having a bit of trouble figuring out my image upload script (PHP)
- Image UPLOAD concept (PHP)
- Image didnt not appear (HTML and CSS)
- Coldfusion image upload w. javascript thumbnail preview (ColdFusion)
- Possible to let the user know the image is too large (PHP)
- Image Resizer (PHP)
- Image Upload/Acquisition (Web Developers' Lounge)
- php mysql image again PLEASE HELP (PHP)
Other Threads in the PHP Forum
- Previous Thread: How to stop spam?
- Next Thread: Parse error: syntax error, unexpected $end
