0

I have these two script which work differently & want to merge as one.I tried lot,either script A work or script B,but not working together in single.Pls help to write them as single. Script A:

<?php
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
    $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
    if($check !== false) {
        echo "File is an image - " . $check["mime"] . ".";
        $uploadOk = 1;
    } else {
        echo "File is not an image.";
        $uploadOk = 0;
    }
}
// Check if file already exists
if (file_exists($target_file)) {
    echo "Sorry, file already exists.";
    $uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 500000) {
    echo "Sorry, your file is too large.";
    $uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
    echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
    $uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
    echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
        echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
    } else {
        echo "Sorry, there was an error uploading your file.";
    }
}
?> 

Script B:

<?php
    if(isset($_POST["submit"])) {
    mysql_connect("localhost", "root", "");
    mysql_select_db("front");
    $fileToUpload = $_POST['fileToUpload'];
$query = mysql_query("select * from save_data where Title like '%$filetoupload%'");
if($query === FALSE) {
    die(mysql_error()); // TODO: better error handling
}
while($row = mysql_fetch_array($query)) {

    echo "<img src=image_2.php?pagecontent=".$row['pagecontent']." />";
}
}
?> 

I had tried like this but nothing happened:

<?php
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
    $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
    if($check !== false) {
        echo "File is an image - " . $check["mime"] . ".";
        $uploadOk = 1;
    } else {
        echo "File is not an image.";
        $uploadOk = 0;
    }
}
// Check if file already exists
if (file_exists($target_file)) {
    echo "Sorry, file already exists.";
    $uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 500000) {
    echo "Sorry, your file is too large.";
    $uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
    echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
    $uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
    echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {

    mysql_connect("localhost", "root", "");
    mysql_select_db("front");
    $fileToUpload = $_POST['fileToUpload'];
$query = mysql_query("select * from save_data where Title like '%$filetoupload%'");
if($query === FALSE) {
    die(mysql_error()); // TODO: better error handling
}
while($row = mysql_fetch_array($query)) {

    echo "<img src=image_2.php?pagecontent=".$row['pagecontent']." />";
}
}
?> 

Form code:

<html>
  <head>
        <title>Search the Database</title>
    </head>

    <body>

    <form action="tat.php" method="post" enctype="multipart/form-data">
     Search: <input type="file" name="filetoupload" /><br />
    <input type="submit" name="submit" value="Submit" />
    </form>



    </body>
 </html>

Request: Please do not comment as to make use mysqli pdo or sql injection,i can do that but want to solve this problem.

2
Contributors
1
Reply
19
Views
2 Years
Discussion Span
Last Post by Taywin
0

The check with for file already exists may cause problem later on (i.e. upload corrupted file content the first time). Also, type checking (line 28) is case-insensitive (i.e. a file name a.jpg is equal to a.JPG)? The reason I asked because it usually is case-insensitive on Windows but not on other OS.

Anyway, saving a file content to database, you should (and need) to do it in BINARY mode. What is your field type on your database? If it is not a BLOB then it won't work. You may look at this example.

PS: Your upload query is vulnerable to SQL injection! Too many people that code in PHP do not practice security at all, sadly...

Edited by Taywin

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.