 |  |  |  |  |  |  |  |
HELP - Image Upload
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
Can someone please take a look at this and help me do one thing?
I am uploading images to a directory and updating the users record with the photo they upload. Problem is, I could have someone upload a photo with the same name as a photo that is already on the server. If this happens, then the photo for the exsisting profile will be over written.
I am trying to add the userid to the image name and the database record.
Here is my code:
<?php
if($_GET['do'] == 'upload')
{
//upload all the fields until done
For($i=0; $i <= $_i-1; $i++)
{
//create a random number
$_random = rand(1, 1000000);
//file with the upload folder
$target_path = $upload_dir . basename($_FILES['file' . $i]['name']);
$target_path = str_replace (" ", "", $target_path);
//actual file name with the random number
$_file_name = basename($_FILES['file' . $i]['name']);
$_file_name = str_replace (" ", "", $_file_name);
//do not upload the 'left blank' fields
if(basename($_FILES['file' . $i]['name']) != '')
{
if(move_uploaded_file($_FILES['file' . $i]['tmp_name'], $target_path))
{
//uploaded successfuly
$_uploaded=1;
}
else
{
//error uploading
$_error=1;
}
}
else
{
$_check=$_check+1;
}
}
//file(s) did upload
if($_uploaded == '1')
{
$_uploaded=0;
echo "<div style=\"COLOR: #339900; font-size: 8pt; font-weight: bold; padding-top: 10px;\">The file have been uploaded.</div>";
mysql_query("update tbl_accounts set photo = '".$_file_name."' WHERE userID = '$passcode'");
}
//file uploaded?
if($_error == '1')
{
$_error=0;
echo "<div style=\"COLOR: #ff0000; font-size: 8pt; font-weight: bold; padding-top: 10px;\">There was an error uploading some of the file(s), please try again! Maybe the file size is too large. Maximum file size is 3MB</div>";
}
//user selected a file?
if($_check == $_i)
{
$_check=0;
echo "<div style=\"COLOR: #ff0000; font-size: 8pt; font-weight: bold; padding-top: 10px;\">Select a file first than click 'Upload File'</div>";
}
}
echo "</td></tr>";
?>
</table>
I am uploading images to a directory and updating the users record with the photo they upload. Problem is, I could have someone upload a photo with the same name as a photo that is already on the server. If this happens, then the photo for the exsisting profile will be over written.
I am trying to add the userid to the image name and the database record.
Here is my code:
<?php
if($_GET['do'] == 'upload')
{
//upload all the fields until done
For($i=0; $i <= $_i-1; $i++)
{
//create a random number
$_random = rand(1, 1000000);
//file with the upload folder
$target_path = $upload_dir . basename($_FILES['file' . $i]['name']);
$target_path = str_replace (" ", "", $target_path);
//actual file name with the random number
$_file_name = basename($_FILES['file' . $i]['name']);
$_file_name = str_replace (" ", "", $_file_name);
//do not upload the 'left blank' fields
if(basename($_FILES['file' . $i]['name']) != '')
{
if(move_uploaded_file($_FILES['file' . $i]['tmp_name'], $target_path))
{
//uploaded successfuly
$_uploaded=1;
}
else
{
//error uploading
$_error=1;
}
}
else
{
$_check=$_check+1;
}
}
//file(s) did upload
if($_uploaded == '1')
{
$_uploaded=0;
echo "<div style=\"COLOR: #339900; font-size: 8pt; font-weight: bold; padding-top: 10px;\">The file have been uploaded.</div>";
mysql_query("update tbl_accounts set photo = '".$_file_name."' WHERE userID = '$passcode'");
}
//file uploaded?
if($_error == '1')
{
$_error=0;
echo "<div style=\"COLOR: #ff0000; font-size: 8pt; font-weight: bold; padding-top: 10px;\">There was an error uploading some of the file(s), please try again! Maybe the file size is too large. Maximum file size is 3MB</div>";
}
//user selected a file?
if($_check == $_i)
{
$_check=0;
echo "<div style=\"COLOR: #ff0000; font-size: 8pt; font-weight: bold; padding-top: 10px;\">Select a file first than click 'Upload File'</div>";
}
}
echo "</td></tr>";
?>
</table>
•
•
Join Date: Jun 2007
Posts: 57
Reputation: 
Solved Threads: 2
Junior Poster in Training
it should be like:
do {
$_random = rand(1, 1000000);
$target_file = $upload_dir . $_random . basename($_FILES['file' . $i]['name']);
}while(file_exists($target_file);
//now at this point $target_file is unique and u can upload it safely
If you need to give the realfile name, one the user has uploaded (making SEO coool)
then it can be done by putting the realfilename in the database to this $target_file and just rewrite throught .htaccess while accessing the file, adding onemore parameter imageid is required to make the url for each image unique.
do {
$_random = rand(1, 1000000);
$target_file = $upload_dir . $_random . basename($_FILES['file' . $i]['name']);
}while(file_exists($target_file);
//now at this point $target_file is unique and u can upload it safely
If you need to give the realfile name, one the user has uploaded (making SEO coool)
then it can be done by putting the realfilename in the database to this $target_file and just rewrite throught .htaccess while accessing the file, adding onemore parameter imageid is required to make the url for each image unique.
Hunters Never Hurt
Worked great, thanks.
Can you tell me real quick using the same code block how I can block the upload if its not a .GIF or .JPG???
Can you tell me real quick using the same code block how I can block the upload if its not a .GIF or .JPG???
•
•
Join Date: Jun 2007
Posts: 57
Reputation:
Solved Threads: 2
Junior Poster in Training
Before going to the above block check like this
if(exif_imagetype($_FILES['file' . $i]['name']) != IMAGETYPE_GIF || exif_imagetype($_FILES['file' . $i]['name']) != IMAGETYPE_JPEG)
{
//do something
//or as you have for look skip this image and upload next
continue;
}
for more info on exif_imagetype function and its Imagetype Constants:
http://www.php.net/manual/en/functio...-imagetype.php
if(exif_imagetype($_FILES['file' . $i]['name']) != IMAGETYPE_GIF || exif_imagetype($_FILES['file' . $i]['name']) != IMAGETYPE_JPEG)
{
//do something
//or as you have for look skip this image and upload next
continue;
}
for more info on exif_imagetype function and its Imagetype Constants:
http://www.php.net/manual/en/functio...-imagetype.php
Hunters Never Hurt
I have spent hours and cannot get the above solution to work. It says "Image must be a .GIF or .JPG when its not, but it still uploads image and updates the DB with the file.
Full script below, please help me block all uploads if they are not .GIF or .JPG.
<?php
//edit this
$_max_file_size = '1048576'; //file size in bytes.
$upload_dir = "profile_photos/"; //upload folder..chmod to 777
$_i = "1"; //number of files to upload at one time
//end edit
echo "<table width=100% border=0 cellpadding=0 cellspacing=0>";
echo "<form enctype='multipart/form-data' action='?do=upload' method='post' style=\"margin: 0px;\">";
echo "<tr><td><input type='hidden' name='MAX_FILE_SIZE' value='" . $_max_file_size , "'></td></tr>";
echo "<tr><td class=bodytext style=\"color: #ff0000;\"><b>Photos MUST be in .JPG or .GIF format and CANNOT be over 1MB in size.</b></td></tr>";
echo "<tr><td> </td></tr>";
echo "<tr><td class=bodytext>Choose your image:<br>";
//show number of files to select
For($i=0; $i <= $_i-1;$i++)
{
echo "<input name='file" . $i . "' type='file'></td></tr>";
}
echo "<tr><td class=bodytext><input type=submit name=Submit value=\"Upload New Photo\" style=\"font-family: Verdana; font-size: 8pt; font-weight: bold; BACKGROUND-COLOR: #5E6456; COLOR: #ffffff;\"></td></tr>";
echo "<tr><td> </td></tr>";
if($_GET['do'] == 'upload')
{
//upload all the fields until done
For($i=0; $i <= $_i-1; $i++)
{
//file with the upload folder
$target_path = $upload_dir . $passcode . basename($_FILES['file' . $i]['name']);
$target_path = str_replace (" ", "", $target_path);
//actual file name with the random number
$_file_name = basename($_FILES['file' . $i]['name']);
$_file_name = str_replace (" ", "", $_file_name);
$_file_name = $passcode.$_file_name;
//do not upload the 'left blank' fields
if(basename($_FILES['file' . $i]['name']) != '')
{
if(move_uploaded_file($_FILES['file' . $i]['tmp_name'], $target_path))
{
//uploaded successfuly
$_uploaded=1;
}
else
{
//error uploading
$_error=1;
}
}
else
{
$_check=$_check+1;
}
}
//file(s) did upload
if($_uploaded == '1')
{
$_uploaded=0;
echo "<tr><td class=redtext>Your photo has been updated.</td></tr>";
echo "<tr><td class=bodytext><a href=editphoto.php>Click Here To Refresh Screen To See New Photo</a></td></tr>";
echo "<tr><td class=bodytext><a href=profile.php>Return to My Account</a></td></tr>";
echo "<tr><td> </td></tr>";
mysql_query("update tbl_accounts set photo = '".$_file_name."' WHERE userID = '$passcode'");
}
//file uploaded?
if($_error == '1')
{
$_error=0;
echo "<div class=redtext>There was an error uploading some of the file(s), please try again! Maybe the file size is too large. Maximum file size is 1MB</div>";
}
//user selected a file?
if($_check == $_i)
{
$_check=0;
echo "<div class=redtext>Select a file first than click 'Upload File'</div>";
}
}
echo "</td></tr>";
?>
</table>
Full script below, please help me block all uploads if they are not .GIF or .JPG.
<?php
//edit this
$_max_file_size = '1048576'; //file size in bytes.
$upload_dir = "profile_photos/"; //upload folder..chmod to 777
$_i = "1"; //number of files to upload at one time
//end edit
echo "<table width=100% border=0 cellpadding=0 cellspacing=0>";
echo "<form enctype='multipart/form-data' action='?do=upload' method='post' style=\"margin: 0px;\">";
echo "<tr><td><input type='hidden' name='MAX_FILE_SIZE' value='" . $_max_file_size , "'></td></tr>";
echo "<tr><td class=bodytext style=\"color: #ff0000;\"><b>Photos MUST be in .JPG or .GIF format and CANNOT be over 1MB in size.</b></td></tr>";
echo "<tr><td> </td></tr>";
echo "<tr><td class=bodytext>Choose your image:<br>";
//show number of files to select
For($i=0; $i <= $_i-1;$i++)
{
echo "<input name='file" . $i . "' type='file'></td></tr>";
}
echo "<tr><td class=bodytext><input type=submit name=Submit value=\"Upload New Photo\" style=\"font-family: Verdana; font-size: 8pt; font-weight: bold; BACKGROUND-COLOR: #5E6456; COLOR: #ffffff;\"></td></tr>";
echo "<tr><td> </td></tr>";
if($_GET['do'] == 'upload')
{
//upload all the fields until done
For($i=0; $i <= $_i-1; $i++)
{
//file with the upload folder
$target_path = $upload_dir . $passcode . basename($_FILES['file' . $i]['name']);
$target_path = str_replace (" ", "", $target_path);
//actual file name with the random number
$_file_name = basename($_FILES['file' . $i]['name']);
$_file_name = str_replace (" ", "", $_file_name);
$_file_name = $passcode.$_file_name;
//do not upload the 'left blank' fields
if(basename($_FILES['file' . $i]['name']) != '')
{
if(move_uploaded_file($_FILES['file' . $i]['tmp_name'], $target_path))
{
//uploaded successfuly
$_uploaded=1;
}
else
{
//error uploading
$_error=1;
}
}
else
{
$_check=$_check+1;
}
}
//file(s) did upload
if($_uploaded == '1')
{
$_uploaded=0;
echo "<tr><td class=redtext>Your photo has been updated.</td></tr>";
echo "<tr><td class=bodytext><a href=editphoto.php>Click Here To Refresh Screen To See New Photo</a></td></tr>";
echo "<tr><td class=bodytext><a href=profile.php>Return to My Account</a></td></tr>";
echo "<tr><td> </td></tr>";
mysql_query("update tbl_accounts set photo = '".$_file_name."' WHERE userID = '$passcode'");
}
//file uploaded?
if($_error == '1')
{
$_error=0;
echo "<div class=redtext>There was an error uploading some of the file(s), please try again! Maybe the file size is too large. Maximum file size is 1MB</div>";
}
//user selected a file?
if($_check == $_i)
{
$_check=0;
echo "<div class=redtext>Select a file first than click 'Upload File'</div>";
}
}
echo "</td></tr>";
?>
</table>
•
•
Join Date: Jun 2007
Posts: 57
Reputation:
Solved Threads: 2
Junior Poster in Training
Try this ..... report full error description if occur
•
•
•
•
Originally Posted by Morty222 
<?php
//edit this
$_max_file_size = '1048576'; //file size in bytes.
$upload_dir = "profile_photos/"; //upload folder..chmod to 777
$_i = "1"; //number of files to upload at one time
//end edit
echo "<table width=100% border=0 cellpadding=0 cellspacing=0>";
echo "<form enctype='multipart/form-data' action='?do=upload' method='post' style=\"margin: 0px;\">";
echo "<tr><td><input type='hidden' name='MAX_FILE_SIZE' value='" . $_max_file_size , "'></td></tr>";
echo "<tr><td class=bodytext style=\"color: #ff0000;\"><b>Photos MUST be in .JPG or .GIF format and CANNOT be over 1MB in size.</b></td></tr>";
echo "<tr><td> </td></tr>";
echo "<tr><td class=bodytext>Choose your image:<br>";
//show number of files to select
For($i=0; $i <= $_i-1;$i++)
{
echo "<input name='file" . $i . "' type='file'></td></tr>";
}
echo "<tr><td class=bodytext><input type=submit name=Submit value=\"Upload New Photo\" style=\"font-family: Verdana; font-size: 8pt; font-weight: bold; BACKGROUND-COLOR: #5E6456; COLOR: #ffffff;\"></td></tr>";
echo "<tr><td> </td></tr>";
if($_GET['do'] == 'upload')
{
//upload all the fields until done
For($i=0; $i <= $_i-1; $i++)
{
if(exif_imagetype($_FILES['file' . $i]['name']) != IMAGETYPE_GIF || exif_imagetype($_FILES['file' . $i]['name']) != IMAGETYPE_JPEG)
{
continue;
}
//file with the upload folder
$target_path = $upload_dir . $passcode . basename($_FILES['file' . $i]['name']);
$target_path = str_replace (" ", "", $target_path);
//actual file name with the random number
$_file_name = basename($_FILES['file' . $i]['name']);
$_file_name = str_replace (" ", "", $_file_name);
$_file_name = $passcode.$_file_name;
//do not upload the 'left blank' fields
if(basename($_FILES['file' . $i]['name']) != '')
{
if(move_uploaded_file($_FILES['file' . $i]['tmp_name'], $target_path))
{
//uploaded successfuly
$_uploaded=1;
}
else
{
//error uploading
$_error=1;
}
}
else
{
$_check=$_check+1;
}
}
//file(s) did upload
if($_uploaded == '1')
{
$_uploaded=0;
echo "<tr><td class=redtext>Your photo has been updated.</td></tr>";
echo "<tr><td class=bodytext><a href=editphoto.php>Click Here To Refresh Screen To See New Photo</a></td></tr>";
echo "<tr><td class=bodytext><a href=profile.php>Return to My Account</a></td></tr>";
echo "<tr><td> </td></tr>";
mysql_query("update tbl_accounts set photo = '".$_file_name."' WHERE userID = '$passcode'");
}
//file uploaded?
if($_error == '1')
{
$_error=0;
echo "<div class=redtext>There was an error uploading some of the file(s), please try again! Maybe the file size is too large. Maximum file size is 1MB</div>";
}
//user selected a file?
if($_check == $_i)
{
$_check=0;
echo "<div class=redtext>Select a file first than click 'Upload File'</div>";
}
}
echo "</td></tr>";
?>
</table>
Hunters Never Hurt
HI guys, I had a similar problem with exif data and needed a real quick fix. You can consider this, though there are many ways of killing shroedingers cat!
use the 'pathinfo()' function and extract the file extension, a simple routine selects if the file is within your limits (I'll come to validation in a minute). You could even use an array of values then, and keep this in an external file - if you need to add to or remove from your extensions list it simplifies things. If you need to check spoof images (text files loaded as images) check image width or height - only images exhibit these properties. Hope this helps.
use the 'pathinfo()' function and extract the file extension, a simple routine selects if the file is within your limits (I'll come to validation in a minute). You could even use an array of values then, and keep this in an external file - if you need to add to or remove from your extensions list it simplifies things. If you need to check spoof images (text files loaded as images) check image width or height - only images exhibit these properties. Hope this helps.
|
Similar Threads
- image upload problem (PHP)
- Having a bit of trouble figuring out my image upload script (PHP)
- Image UPLOAD concept (PHP)
- Image didnt not appear (HTML and CSS)
- Coldfusion image upload w. javascript thumbnail preview (ColdFusion)
- Possible to let the user know the image is too large (PHP)
- Image Resizer (PHP)
- Image Upload/Acquisition (IT Professionals' Lounge)
- php mysql image again PLEASE HELP (PHP)
Other Threads in the PHP Forum
- Previous Thread: How to stop spam?
- Next Thread: Parse error: syntax error, unexpected $end
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest PHP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
.htaccess ajax apache api array beginner binary broken buttons cakephp checkbox class cms code cron curl database date directory display dynamic ebooks echo email error file files folder form forms function functions google href htaccess html image include insert integration ip java javascript joomla limit link login loop mail mediawiki menu mlm mod_rewrite multiple mysql number oop paypal pdf php phpincludeissue phpmyadmin problem query radio random recursion regex remote script search server sessions sms soap source sp space speed sql subdomain syntax system table tag tutorial update upload url validation validator variable vbulletin video web webdesign websphere white xml youtube
