Image uploading in php issue

Question

Reena_1 0 Newbie Poster

9 Years Ago

I have these two script which work differently & want to merge as one.I tried lot,either script A work or script B,but not working together in single.Pls help to write them as single. Script A:

<?php
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
    $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
    if($check !== false) {
        echo "File is an image - " . $check["mime"] . ".";
        $uploadOk = 1;
    } else {
        echo "File is not an image.";
        $uploadOk = 0;
    }
}
// Check if file already exists
if (file_exists($target_file)) {
    echo "Sorry, file already exists.";
    $uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 500000) {
    echo "Sorry, your file is too large.";
    $uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
    echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
    $uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
    echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
        echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
    } else {
        echo "Sorry, there was an error uploading your file.";
    }
}
?>

Script B:

<?php
    if(isset($_POST["submit"])) {
    mysql_connect("localhost", "root", "");
    mysql_select_db("front");
    $fileToUpload = $_POST['fileToUpload'];
$query = mysql_query("select * from save_data where Title like '%$filetoupload%'");
if($query === FALSE) {
    die(mysql_error()); // TODO: better error handling
}
while($row = mysql_fetch_array($query)) {

    echo "<img src=image_2.php?pagecontent=".$row['pagecontent']." />";
}
}
?>

I had tried like this but nothing happened:

<?php
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
    $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
    if($check !== false) {
        echo "File is an image - " . $check["mime"] . ".";
        $uploadOk = 1;
    } else {
        echo "File is not an image.";
        $uploadOk = 0;
    }
}
// Check if file already exists
if (file_exists($target_file)) {
    echo "Sorry, file already exists.";
    $uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 500000) {
    echo "Sorry, your file is too large.";
    $uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
    echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
    $uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
    echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {

    mysql_connect("localhost", "root", "");
    mysql_select_db("front");
    $fileToUpload = $_POST['fileToUpload'];
$query = mysql_query("select * from save_data where Title like '%$filetoupload%'");
if($query === FALSE) {
    die(mysql_error()); // TODO: better error handling
}
while($row = mysql_fetch_array($query)) {

    echo "<img src=image_2.php?pagecontent=".$row['pagecontent']." />";
}
}
?>

Form code:

<html>
  <head>
        <title>Search the Database</title>
    </head>

    <body>

    <form action="tat.php" method="post" enctype="multipart/form-data">
     Search: <input type="file" name="filetoupload" /><br />
    <input type="submit" name="submit" value="Submit" />
    </form>



    </body>
 </html>

Request: Please do not comment as to make use mysqli pdo or sql injection,i can do that but want to solve this problem.

php

2 Contributors
1 Reply
333 Views
10 Hours Discussion Span
Latest Post 9 Years Ago Latest Post by Taywin

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Taywin 312 Posting Virtuoso · Answer 1 · 2014-12-17T15:32:02+00:00

The check with for file already exists may cause problem later on (i.e. upload corrupted file content the first time). Also, type checking (line 28) is case-insensitive (i.e. a file name a.jpg is equal to a.JPG)? The reason I asked because it usually is case-insensitive on Windows but not on other OS.

Anyway, saving a file content to database, you should (and need) to do it in BINARY mode. What is your field type on your database? If it is not a BLOB then it won't work. You may look at this example.

PS: Your upload query is vulnerable to SQL injection! Too many people that code in PHP do not practice security at all, sadly...