Yeah,
the code is
[PHP]<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post" enctype="multipart/form-data">
<br/><br/>
<table width=90% align="center">
<tr>
<td>Upload image:</td>
<td><input type="file" name="image"></td>
</tr>
<tr><td></t><td>
<input type="submit" name="upload" value=Upload>
</td>
</tr>
<tr><td></td><td>
<?php
$link=mysql_connect('localhost','user','user');
mysql_select_db('test');
$typeOK=FALSE;
$sizeOK=FALSE;
$loginid=$_SESSION['loginid'];
$permitted=array('image/jpeg','image/png','image/tiff','image/gif','image/pjpeg');
if (isset($_POST['upload']))
{
if ($_FILES['image']['name'])
{
foreach ($permitted as $type)
{
if ($_FILES['image']['type']==$type)
$typeOK=TRUE;
}
if ($_FILES['image']['size']<1000000 && $_FILES['image']['size']>0)
$sizeOK=TRUE;
if ($sizeOK && $typeOK)
{
define('UPLOAD_DIR', '/var/www/html/uploads/');
//remove spaces from uploaded file
$file=str_replace(' ','_',$_FILES['image']['name']);
$completepath=UPLOAD_DIR."$loginid/$file";
$date=date('Y-m-d');
$query="insert into pictures values('$completepath','$loginid','','$date')";
$result=mysql_query($query);
//if insert into database is successful
if ($result){
//make directory named after the name of user loginid if it doesn't already exist
if (!is_dir(UPLOAD_DIR.$loginid)) mkdir(UPLOAD_DIR.$loginid);
//move the uploaded file
if (move_uploaded_file($_FILES['image']['tmp_name'], $completepath))
print("<br/><font color=green>Uploaded file successfully to database");
else print ("<br/> Couldn't upload to server");
}
}
else { print ("<br/><font color=red>Upload Failed <br/>"); if (!$sizeOK) print("Size of file is out of the range"); else if (!$typeOK) print("This file type is not supported"); }
}
else print("<font color=red>No file selected");
}
?>
[/PHP]
52
