Forum Moderators: coopster
I can't find it, can someone please help me, thanks,
-FM-
<?php session_start();?>
<html>
<head>
<title>Add Image fns</title>
<link href="../../css/red.css" rel="stylesheet" type="text/css">
</head>
<body class="body" bgcolor='#4069b2'>
<?php
if (empty($_POST['imgname'])) $errormess .= "Image Name<br>";
if (empty($_POST['keywords'])) $errormess .= "Keywords<br>";
if (empty($_POST['image'])) $errormess .= "No Image Selected<br>";
if (empty($_POST['18plus'])) $errormess .= "Adult image<br>";
if ($errorness!= "")
{
echo "<b>You left out some parts:</b><br>",$errorness,"<br><a href=\"<a href='javascript:history.back(1);\" class=\"links\">Back Add/Edit Image<a/>";
exit;
}
$obj_imgname = $_POST['imgname'];
$obj_keywords = $_POST['keywords'];
$obj_image = $_POST['image'];
$obj_18plus = $_POST['18plus'];
$date = date();
include("db_gal_fns.php");
if($_POST['delete'] == true)
{
mysql_query("DELETE FROM $valid_user WHERE imgname = '$obj_imgname'");
print "$ogj_imgname has been deleted from our records";
exit;
}
$gtest1 = "SELECT * FROM $valid_user WHERE imgname = '$obj_imgname'";
$gtest2 = mysql_query($gtest1, $db_conn);
if(mysql_num_rows($gtest2) > 0) {
$updateimg = mysql_query("UPDATE $valid_user WHERE imgname = '$obj_imgname' SET keywords = '$obj_keywords', imglocation = '$obj_image', imgname = '$obj_imgname', 18_plus = '$obj_18plus'");
} else {
// $userfile is where file went on webserver
$userfile = $HTTP_POST_FILES['userfile']['tmp_name'];
// $userfile_name is original file name
$userfile_name = $HTTP_POST_FILES['userfile']['name'];
// $userfile_size is size in bytes
$userfile_size = $HTTP_POST_FILES['userfile']['size'];
// $userfile_type is mime type e.g. image/gif
$userfile_type = $HTTP_POST_FILES['userfile']['type'];
// $userfile_error is any error encountered
$userfile_error = $HTTP_POST_FILES['userfile']['error'];
if ($userfile_error > 0) {
echo 'Problem: ';
switch ($userfile_error)
{ case 1:
echo 'File only partially uploaded';
break;
case 2:
echo 'No file uploaded';
break;
}
exit;
}
// put the file where we'd like it
$upfile = "/home/.nata/firemaster/example.com/members/gallery/users/$valid_user/$userfile_name";
// is_uploaded_file and move_uploaded_file
if (is_uploaded_file($userfile))
{
if (!copy ($userfile, $upfile))
{
echo 'Problem: Could not move file to destination directory';
exit;
}
} else {
echo 'Problem: Possible file upload attack. Filename: '.$userfile_name;
exit;
}
$sql = "INSERT INTO $valid_user ( imgname , keywords , imglocation , 18_plus , size , date ) VALUES ( '$obj_imgname', '$obj_keywords', '$obj_image', '$obj_18_plus', '$userfile_size', '$date' )";
mysql_query($sql, $db_conn) or die(mysql_error);
echo 'File uploaded successfully';
?>
[edited by: tedster at 1:24 am (utc) on Aug. 2, 2005]
[edit reason] use 'example.com' in code [/edit]
<?php session_start();?>
<html>
<head>
<title>Add Image fns</title>
<link href="../../css/red.css" rel="stylesheet" type="text/css">
</head>
<body class="body" bgcolor='#4069b2'>
<?php
if (empty($_POST['imgname'])) $errormess .= "Image Name<br>";
if (empty($_POST['keywords'])) $errormess .= "Keywords<br>";
if (empty($_POST['image'])) $errormess .= "No Image Selected<br>";
if (empty($_POST['18plus'])) $errormess .= "Adult image<br>";
if ($errorness!= "")
{
echo "<b>You left out some parts:</b><br>",$error[red]m[/red]ess,"<br><a href=\"<a href='javascript:history.back(1);\" class=\"links\">Back Add/Edit Image<a/>";
exit;
}
$obj_imgname = $_POST['imgname'];
$obj_keywords = $_POST['keywords'];
$obj_image = $_POST['image'];
$obj_18plus = $_POST['18plus'];
$date = date();
include("db_gal_fns.php");
if($_POST['delete'] == true)
{
mysql_query("DELETE FROM $valid_user WHERE imgname = '$obj_imgname'");
print "$ogj_imgname has been deleted from our records";
exit;
}
$gtest1 = "SELECT * FROM $valid_user WHERE imgname = '$obj_imgname'";
$gtest2 = mysql_query($gtest1, $db_conn);
if(mysql_num_rows($gtest2) > 0) {
$updateimg = mysql_query("UPDATE $valid_user WHERE imgname = '$obj_imgname' SET keywords = '$obj_keywords', imglocation = '$obj_image', imgname = '$obj_imgname', 18_plus = '$obj_18plus'");
} else {
// $userfile is where file went on webserver
$userfile = $HTTP_POST_FILES['userfile']['tmp_name'];
// $userfile_name is original file name
$userfile_name = $HTTP_POST_FILES['userfile']['name'];
// $userfile_size is size in bytes
$userfile_size = $HTTP_POST_FILES['userfile']['size'];
// $userfile_type is mime type e.g. image/gif
$userfile_type = $HTTP_POST_FILES['userfile']['type'];
// $userfile_error is any error encountered
$userfile_error = $HTTP_POST_FILES['userfile']['error'];
if ($userfile_error > 0) {
echo 'Problem: ';
switch ($userfile_error)
{ case 1:
echo 'File only partially uploaded';
break;
case 2:
echo 'No file uploaded';
break;
}
exit;
}
[red]}[/red]
// put the file where we'd like it
$upfile = "/home/.nata/firemaster/example.com/members/gallery/users/$valid_user/$userfile_name";
// is_uploaded_file and move_uploaded_file
if (is_uploaded_file($userfile))
{
if (!copy ($userfile, $upfile))
{
echo 'Problem: Could not move file to destination directory';
exit;
}
} else {
echo 'Problem: Possible file upload attack. Filename: '.$userfile_name;
exit;
}
$sql = "INSERT INTO $valid_user ( imgname , keywords , imglocation , 18_plus , size , date ) VALUES ( '$obj_imgname', '$obj_keywords', '$obj_image', '$obj_18_plus', '$userfile_size', '$date' )";
mysql_query($sql, $db_conn) or die(mysql_error);
echo 'File uploaded successfully';
?>
-- Zak
[edited by: tedster at 1:25 am (utc) on Aug. 2, 2005]
[edit reason] use 'example.com' in code [/edit]
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/.nata/user/Example.com/members/gallery/add_image_fns.php on line 33
Problem: Possible file upload attack. Filename:
<snip>
[edited by: ergophobe at 3:35 pm (utc) on Aug. 5, 2005]
[edit reason] code snipped - see forum charter [/edit]
The mysql_num_rows error means your query is failing. Try some debugging:
$gtest1 = "SELECT * FROM $valid_user WHERE imgname = '$obj_imgname'";
$gtest2 = mysql_query($gtest1, $db_conn) or die(mysql_error());
You might want to check that your $valid_user variable is populating with the correct info.
dc
<snip>
THANK YOU,
-Mike
[edited by: ergophobe at 3:35 pm (utc) on Aug. 5, 2005]
[edit reason] code snipped - see forum charter [/edit]
Try something like this before you query the database:
$image = $_FILES['image']['name'];
$imgpull = "SELECT * FROM $valid_user WHERE imgname = '$image'";
dc
[edited by: ergophobe at 3:39 pm (utc) on Aug. 5, 2005]
[edit reason] minor changes b/c of code snip in previous post [/edit]
