"Erwin Moller"
<si************ *************** *************** @spamyourself.c om> wrote in
message news:44******** *************** @news.xs4all.nl ...
Jim Michaels wrote:
after a file upload, $_FILES is not populated but $_POST is. what's
going
on here?
$_POST[image][tmp_name]=C
$_POST[image][error]=C
$_POST[image][size]=C
$_POST[image]=C:\\www\\jimm\ \images\\bg1.jp g
$_FILES[image][tmp_name]=
$_FILES[image][error]=
$_FILES[image][size]=
$_FILES[image]=
show us the form sourcecode. :-)
Regards,
Erwin
It finally works.
this little function, bin2mysqlhex that I wrote, has saved my bacon on file
uploads to a BLOB type in a database. I can't seem to get anything else to
work. note that when you do an INSERT or UPDATE..SET, you don't use quotes
on the data.
function bin2mysqlhex($s ) {
$a='0x';
$q=array('0','1 ','2','3','4',' 5','6','7','8', '9','A','B','C' ,'D','E','F');
for($x=0; $x<strlen($s); $x++) {
$a .= $q[ord($s{$x})>>4]; //msb
$a .= $q[ord($s{$x})&0x0 f]; //lsb
}
return $a;
}
//images
if (isset($_POST['type']) && 'image'==$_POST['type'] &&
isset($_POST['action'])) switch($_POST['action']) {
case 'add':
if (!sqlinjections afe($_POST['mime_type'])
|| !sqlinjectionsa fe($_POST['comment'])
) {
exit;
}
if ('on'==strtolow er(ini_get("mag ic_quotes_gpc") ) ||
'1'==ini_get("m agic_quotes_gpc ")) {
if (isset($_SESSIO N['pc_id'])) {
//handle image upload
$escaped_conten ts='';
if (is_uploaded_fi le($_FILES['image']['tmp_name'])) {
// copy(str_replac e("\\","/",$_POST['img']),
// str_replace("\\ ","/",$_POST['img']['name']));
// $filename=str_r eplace("\\","/",$_POST['image']['tmp_name']);
$filename=str_r eplace("\\","/",$_FILES['image']['name']);
$filename=str_r eplace("//","/",$filename );
$fileext = strtolower(subs tr(strrchr($fil ename, "."), 1));
switch($fileext ) {
case "jpg": case "jpeg": case "jpe": default: $mimetype="imag e/jpeg";
break;
//case "tif": case "tiff": $mt="image/tiff"; break;
case "gif": $mimetype="imag e/gif"; break;
case "png": $mimetype="imag e/png"; break;
default: $mimetype=$_POS T['mime_type'];break; //unknown file ext. on
temp file.
}
if ($_FILES['image']['size']<150000) {
$contents = file_get_conten ts($_FILES['image']['tmp_name']);
unlink($_FILES['image']['tmp_name']);
$escaped_conten ts=bin2mysqlhex ($contents);
}
//$escaped_conten ts=$contents;
}
if ($_POST['image']['size']<150000) {
mysql_query("IN SERT INTO photos(image,mi me_type,comment )
VALUES($escaped _contents,'$mim etype','".nl2br (htmlentities($ _POST['answer']))."')",
$link);
$image_id=mysql _insert_id($lin k);
mysql_query("IN SERT INTO photos_photosca tegories(image_ id,pc_id)
VALUES($image_i d,$_SESSION[pc_id])", $link);
} else {
$contents='too large';
$escaped_conten ts='too large';
$image_id=0;
}
}
} else {
if (isset($_SESSIO N['pc_id'])) {
//handle image upload
$escaped_conten ts='';
if (is_uploaded_fi le($_FILES['image']['tmp_name'])) {
// copy(str_replac e("\\","/",$_POST['img']),
// str_replace("\\ ","/",$_POST['img']['name']));
// $filename=str_r eplace("\\","/",$_POST['image']['tmp_name']);
$filename=str_r eplace("\\","/",$_FILES['image']['name']);
$filename=str_r eplace("//","/",$filename );
$fileext = strtolower(subs tr(strrchr($fil ename, "."), 1));
switch($fileext ) {
case "jpg": case "jpeg": case "jpe": default: $mimetype="imag e/jpeg";
break;
//case "tif": case "tiff": $mt="image/tiff"; break;
case "gif": $mimetype="imag e/gif"; break;
case "png": $mimetype="imag e/png"; break;
default: $mimetype=$_POS T['mime_type'];break; //unknown file ext. on
temp file.
}
if ($_FILES['image']['size']<150000) {
$contents = file_get_conten ts($_FILES['image']['tmp_name']);
unlink($_FILES['image']['tmp_name']);
$escaped_conten ts=bin2mysqlhex ($contents);
}
}
if ($_POST['image']['size']<150000) {
mysql_query("IN SERT INTO photos(image,mi me_type,comment )
VALUES($escaped _contents,'$mim etype','".mysql _escape_string( nl2br(htmlentit ies($_POST['answer'])))."')",
$link);
$image_id=mysql _insert_id($lin k);
mysql_query("IN SERT INTO photos_photosca tegories(image_ id,pc_id)
VALUES($image_i d,$_SESSION[pc_id])", $link);
} else {
$contents='too large';
$escaped_conten ts='too large';
$image_id=0;
}
}
}
break;
case 'change':
if (!sqlinjections afe($_POST['mime_type'])
|| !sqlinjectionsa fe($_POST['comment'])
|| !sqlinjectionsa fe($_POST['pc_id'])
) {
exit;
}
if ('on'==strtolow er(ini_get("mag ic_quotes_gpc") ) ||
'1'==ini_get("m agic_quotes_gpc ")) {
//handle image upload
$escaped_conten ts='';
if (is_uploaded_fi le($_FILES['image']['tmp_name'])) {
// copy(str_replac e("\\","/",$_POST['img']),
// str_replace("\\ ","/",$_POST['img']['name']));
// $filename=str_r eplace("\\","/",$_POST['image']['tmp_name']);
$filename=str_r eplace("\\","/",$_FILES['image']['name']);
$filename=str_r eplace("//","/",$filename );
$fileext = strtolower(subs tr(strrchr($fil ename, "."), 1));
switch($fileext ) {
case "jpg": case "jpeg": case "jpe": default: $mimetype="imag e/jpeg";
break;
//case "tif": case "tiff": $mt="image/tiff"; break;
case "gif": $mimetype="imag e/gif"; break;
case "png": $mimetype="imag e/png"; break;
default: $mimetype=$_POS T['mime_type'];break; //unknown file ext. on temp
file.
}
if ($_FILES['image']['size']<150000) {
$contents = file_get_conten ts($_FILES['image']['tmp_name']);
unlink($_FILES['image']['tmp_name']);
$escaped_conten ts=bin2mysqlhex ($contents);
$image_id=intva l($_POST['image_id']);
echo "UPDATE";
mysql_query("UP DATE photos SET
comment='".nl2b r(htmlentities( $_POST['comment']))."',
image=$escaped_ contents,
mime_type='$mim etype'
WHERE image_id=".intv al($_POST['image_id'])
, $link) or die("UERR:".mys ql_error());
} else {
$contents='too large';
$escaped_conten ts='too large';
$image_id=0;
}
} else {
//no uploaded file. don't change what's already there.
mysql_query("UP DATE photos SET
comment='".nl2b r(htmlentities( $_POST['comment']))."',
mime_type='$mim etype',
WHERE image_id=".intv al($_POST['image_id']), $link) or
die("UERR:".mys ql_error());
}
} else {
//handle image upload
$escaped_conten ts='';
if (is_uploaded_fi le($_FILES['image']['tmp_name'])) {
// copy(str_replac e("\\","/",$_POST['img']),
// str_replace("\\ ","/",$_POST['img']['name']));
// $filename=str_r eplace("\\","/",$_POST['image']['tmp_name']);
$filename=str_r eplace("\\","/",$_FILES['image']['name']);
$filename=str_r eplace("//","/",$filename );
$fileext = strtolower(subs tr(strrchr($fil ename, "."), 1));
switch($fileext ) {
case "jpg": case "jpeg": case "jpe": default: $mimetype="imag e/jpeg";
break;
//case "tif": case "tiff": $mt="image/tiff"; break;
case "gif": $mimetype="imag e/gif"; break;
case "png": $mimetype="imag e/png"; break;
default: $mimetype=$_POS T['mime_type'];break; //unknown file ext. on temp
file.
}
if ($_FILES['image']['size']<150000) {
$contents = file_get_conten ts($_FILES['image']['tmp_name']);
unlink($_FILES['image']['tmp_name']);
$escaped_conten ts=bin2mysqlhex ($contents);
$image_id=intva l($_POST['image_id']);
mysql_query("UP DATE photos SET
comment='".mysq l_escape_string (nl2br(htmlenti ties($_POST['comment'])))."',
image=$escaped_ contents,
mime_type='$mim etype',
WHERE image_id=".intv al($_POST['image_id'])
, $link);
} else {
$contents='too large';
$escaped_conten ts='too large';
$image_id=0;
}
} else {
//no uploaded file. don't change what's already there.
mysql_query("UP DATE photos SET
comment='".mysq l_escape_string (nl2br(htmlenti ties($_POST['comment'])))."',
mime_type='$mim etype',
WHERE image_id=".intv al($_POST['image_id']), $link);
}
}
mysql_query("UP DATE quiz_batteries SET
title='".mysql_ escape_string(h tmlentities($_P OST['title']))."' WHERE
battery_id=".in tval($_POST['battery_id']), $link);
break;
case 'delete':
if (!sqlinjections afe($_POST['image_id'])) {
exit;
}
//delete from the relationship table first! foreign keys involved.
mysql_query("DE LETE FROM photos_photosca tegories WHERE
image_id=".intv al($_POST['image_id']), $link);
mysql_query("DE LETE FROM photos WHERE
image_id=".intv al($_POST['image_id']), $link);
break;
case 'select':
if (!sqlinjections afe($_POST['pc_id'])) {
exit;
}
$_SESSION['pc_id']=intval($_POST['pc_id']);
break;
}
<form action="editpho toalbum.php" method="post"
enctype="multip art/form-data">
<div class=addbox>
<div style="font-family:Verdana, Arial, Helvetica,
sans-serif;backgroun d-color:#CC9966;c olor:#000099;fo nt-size:large;font-weight:bold;tex t-align:center;"> Add
Image</div>
<br>
<label>Image File:
<input name="image" type="file"></label>(jpeg/gif/png)<br />
<label>Image Type: <select name="mime_type " size="1">
<option selected value="image/jpeg">JPEG</option>
<option value="image/png">PNG</option>
<option value="image/gif">GIF</option>
</select></label>(must match what you uploaded!<br>If the picture here
doesn't show, change the image type or re-upload.)<br />
<input name="action" type="hidden" value="add">
<input name="type" type="hidden" value="image">
<input name="" type="submit" value="Add">
</div>
</form>
<br style="clear:bo th;">
<br>
<?php
if (isset($_SESSIO N['pc_id'])) {
$q=mysql_query( "SELECT * FROM
photos INNER JOIN photos_photosca tegories
ON photos.image_id =photos_photosc ategories.image _id
WHERE photos_photosca tegories.pc_id= $_SESSION[pc_id]
ORDER BY photos.image_id ", $link) or die(mysql_error ());
while ($row=mysql_fet ch_assoc($q)) {
?>
<form action="editpho toalbum.php" method="post"
enctype="multip art/form-data">
<div class=editbox>
<div style="font-family:Verdana, Arial, Helvetica,
sans-serif;backgroun d-color:#CC9966;c olor:#000099;fo nt-size:large;font-weight:bold;tex t-align:center;"> Edit
Image</div>
<br>
<img src="viewtnimg. php?id=<?php echo $row['image_id']; ?>&width=150"
alt="image for answer" title="image for answer" width="150">Thu mbnail<br />
<label>Image File:
<input name="image" type="file"></label>(jpeg/gif/png)<br />
<label>Image Type: <select name="mime_type " size="1">
<option <?php if ($row['mime_type']=='image/jpeg'){echo
"selected=\"sel ected\"";} ?> value="image/jpeg">JPEG</option>
<option <?php if ($row['mime_type']=='image/png'){echo
"selected\"sele cted\"";} ?> value="image/png">PNG</option>
<option <?php if ($row['mime_type']=='image/gif'){echo
"selected=\"sel ected\"";} ?> value="image/gif">GIF</option>
</select></label>(must match what you uploaded!<br>
If the picture here doesn't show, change the image type or
re-upload.)<br />
<input name="image_id" type="hidden" value="<?php echo $row['image_id'];
?>">
<input name="type" type="hidden" value="image">
<select name="action" size="1">
<option selected value="change"> Change</option>
<option value="delete"> Delete</option>
</select>
<input name="" type="submit" value="Do It">
</div>
</form>
<br style="clear:bo th;">
<br>
<?php
}
mysql_free_resu lt($q);
}
?>