Re: [PHP] Upload and PullPicture???

Tue, 13 Jan 2004 15:05:53 -0800 

> Hello... I'm trying to upload a picture along with other information.
> 
> I have several fields to input, such as name, address, etc. (and I get those
> to go to the MySQL database with no problem).  But on the same page I want
> the user to be able to pick a picture of themself from their harddrive and
> upload it.  The script must either enter the address of the uploaded picture
> to MySQL so it will show up with the user's info., or rename it something
> like $id.ext.
> 
> I know something like this needs to go in the html:
> 
> <form enctype="multipart/form-data" action="_URL_" method="POST">
> <input type="hidden" name="MAX_FILE_SIZE" value="30000">
> Send this file: <input name="userfile" type="file">
> <input type="submit" value="Send File">
> </form>I'd like to just use one "submit" button that uploads everything (the
> data to the database and the picture to my server).
> 
> I've read the PHP manual but it's greek to this newbie... any help GREATLY
> appreciated....

You say you read the manual, did you read the material at:
<http://us2.php.net/manual/en/features.file-upload.php> ?

Note in your example you're specifying a max upload size of only 30K.

Following are snippets from a couple of my scripts. HTH.

--------------------------
>From the uploading script:

<form name="upForm" enctype="multipart/form-data"
action="upload_process.php" method="post" onsubmit="return
validateForm(this)">
<input type="hidden" name="MAX_FILE_SIZE" value="2048000" />

<table cellspacing="0">

[snip]

<tr>
<td class="label">Upload image:</td>
<td><input class="forminput" name="userfile" type="file" /></td>
</tr>
<tr>
<td class="label">Caption:</td>
<td><textarea name="caption" rows="3" cols="42" wrap="wrap"></textarea></td>
</tr>
<tr>
<td class="label">Sequence:</td>
<td><input class="forminput" type="text" name="seqfile" size="3"
maxlength="2" />

----------------------------------------------------------
And from the script that's posted to (upload_process.php):

    $userfile = $HTTP_POST_FILES["userfile"]["tmp_name"];
    $userfile_type = $HTTP_POST_FILES["userfile"]["type"];
    $userfile_name = $HTTP_POST_FILES["userfile"]["name"]; // same file name
that was uploaded

    if ($userfile_type == "image/gif") {
        echo("<p>Problem with upload " . ($i + 1) . ": Image is GIF format.
Only JPEG or PNG formats are supported.</p>\n</body>\n</html>");
        exit();
    }
    if ($userfile_type != "image/jpeg" && $userfile_type != "image/png") {
        echo("<p>Problem with upload " . ($i + 1) . ": Image file type is: "
. $userfile_type . ". Only JPEG or PNG formats are
supported.</p>\n</body>\n</html>");
        exit();
    }
    $userfile_error = $HTTP_POST_FILES["userfile"]["error"];
    if ($userfile_error > 0) {
        echo("<p>Problem with upload: ");
        switch ($userfile_error) {
            case 1: echo("File exceeded upload_max_filesize"); break;
            case 2: echo("File exceeded max_file_size"); break;
            case 3: echo("File only partially uploaded"); break;
            case 4: echo ("No file uploaded"); break;
        }
        echo("</p>\n</body>\n</html>");
        exit();
    }
    // keep same name as uploaded, specify where it's moved to
    $upfile = $DOCUMENT_ROOT . "/i/" . $userfile_name;
    if (is_uploaded_file($userfile)) {
        if (!move_uploaded_file($userfile, $upfile)) {
            echo("<p>Problem: Could not move file to destination
directory.</p>\n</body>\n</html>");
            exit();
        }
    } else {
        echo("<p>Problem: Possible file upload attack. Filename: " .
$userfile_name . "</p>\n</body>\n</html>");
        exit();
    }

    // save file information to database
    $conn = db_connect();
    if (!$conn) {
        echo("<p>Error connecting to database: " . mysql_error() .
"</p>\n</body>/n</html>");
        exit();
    }
    $PagePath = get_magic_quotes_gpc() ? htmlentities($_POST["menu_path"]) :
htmlentities(addslashes($_POST["menu_path"]));
    $Caption = get_magic_quotes_gpc() ? htmlentities($_POST[$cp]) :
htmlentities(addslashes($_POST[$cp]));
    
    $insert_sql = "INSERT INTO Images SET PagePath='$PagePath',
FileID='$userfile_name', " .
        "Caption='$Caption', Sequence='$_POST[$sq]', LastMod=NOW(),
UploadedBy='$valid_user'";
    if (@!mysql_query($insert_sql)) {
        echo("<p>Error adding image information to database: " .
mysql_error() . "</p>\n</body>\n</html>");
        exit();
    }
    echo("<p>" . $userfile_name . " uploaded sucessfully and image
information saved.</p>\n");

--
Lowell Allen

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to