[PHP-DB] Uploading Image using PHP and mySQL
Hi All,
First of all A very big thank you to all of you for solving my Password()
encryption problem.
Now I'm stuck on new problem which is image not uploading. I'm using the
following code.
Regards
Nasreen
0){
echo "Image has been inserted succesfully";
}
else {
echo "Image can not be inserted check your submission";
}
}
else {
echo "This is not a true image type";
}
}
}
?>
Artist Profile Form
Name:
About Yourself
Profile export from myspace/face
book
Upload Photo
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
[PHP-DB] Uploading Image using PHP and mySQL
Hi All,
First of all A very big thank you to all of you for solving my Password()
encryption problem.
Now I'm stuck on new problem which is image not uploading. I'm using the
following code.
Regards
Nasreen
0){
echo "Image has been inserted succesfully";
}
else {
echo "Image can not be inserted check your submission";
}
}
else {
echo "This is not a true image type";
}
}
}
?>
Artist Profile Form
Name:
About Yourself
Profile export from myspace/face
book
Upload Photo
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
Re: [PHP-DB] Uploading Image using PHP and mySQL
Nasreen Laghari wrote:
Hi All,
First of all A very big thank you to all of you for solving my Password()
encryption problem.
Now I'm stuck on new problem which is image not uploading. I'm using the following code.
Which bit breaks exactly? Nobody's going to read through 200 lines of code..
$query = "INSERT INTO artist (name,about_u,imgdata, profile_url)
VALUES('$aname','$aboutu','$uploadedImage','$url_provided')";
You have an sql injection problem here. Read up about that on the
phpsec.org site:
http://phpsec.org/projects/guide/3.html#3.2
and a really good basic guide here:
http://unixwiz.net/techtips/sql-injection.html
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Uploading Image using PHP and mySQL
On Feb 18, 2008 6:56 PM, Chris <[EMAIL PROTECTED]> wrote:
> Which bit breaks exactly? Nobody's going to read through 200 lines of code..
Normally, you're right but today I did just to be a jerk and
prove you wrong. ;-P
> Nasreen Laghari wrote:
> > Hi All,
> >
> > First of all A very big thank you to all of you for solving my Password()
> > encryption problem.
> >
> > Now I'm stuck on new problem which is image not uploading. I'm using the
> > following code.
[snip!]
$allowedImageTypes = array("gif","jpg","png");
if(empty($_FILES['image_file']['tmp_name'])){
echo "File not uploaded";
}
else {
$fileType = $_FILES['file']['name'];
if(in_array(getfileType($fileType), $allowedImageTypes)){
[snip!]
Nasreen,
The above code depends on two things:
a.) The getfiletype() response exactly matches at least one of
the entries in the array $allowedImageTypes
b.) The response and array entry are matched cAsE-sEnSiTiVeLy
If you're uploading an image that was created in Windows Paint,
for example, the extension will be CAPITALIZED (imagename.JPG) by
default. Try using a strtolower() in your getfiletype() function to
see if it clears things up.
>
>
> $query = "INSERT INTO artist (name,about_u,imgdata, profile_url)
> VALUES('$aname','$aboutu','$uploadedImage','$url_provided')";
>
> You have an sql injection problem here. Read up about that on the
> phpsec.org site:
>
> http://phpsec.org/projects/guide/3.html#3.2
>
> and a really good basic guide here:
>
> http://unixwiz.net/techtips/sql-injection.html
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Daniel P. Brown
Senior Unix Geek
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Uploading Image using PHP and mySQL
On Feb 18, 2008 6:56 PM, Chris <[EMAIL PROTECTED]> wrote:
> $query = "INSERT INTO artist (name,about_u,imgdata, profile_url)
> VALUES('$aname','$aboutu','$uploadedImage','$url_provided')";
>
> You have an sql injection problem here. Read up about that on the
> phpsec.org site:
>
> http://phpsec.org/projects/guide/3.html#3.2
>
> and a really good basic guide here:
>
> http://unixwiz.net/techtips/sql-injection.html
And in addition to the links Chris suggested, also RTFM on
mysql_real_escape_string(). It'll be your new best friend (unless
you're already using mysqli).
--
Daniel P. Brown
Senior Unix Geek
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
