...

View Full Version : I have two methods of image upload - which is best ?



jeddi
03-01-2009, 10:20 PM
Hi,

I have come acreoos two methods of uploading an image
and am wondering which to use and which is better.

Here is the first:

From a form input, the details are processed.



$N_pix1 = strip_tags(trim($_FILES['upLoad1']["name"]));

if($N_pix1 != ""){
if($_FILES['upLoad1']['tmp_name'] == "none") {
$message1 = "Picture file 1 did not successfully upload" ;
$message2 = "Check the file size. Must be less than 500K";
require_once ("upld_images_fm.php");
exit();
} // endif

if(!ereg("image",$_FILES['upLoad1']['type'])) {
$message1 = "The file you have selected for Picture 1 is not";
$message2 = "a recognised picture file - Please try a different file";
require_once ("upld_images_fm.php");
exit();
} // endif

$pix1_y = "y";
} // endif

else{
$N_pix1 = "none";
} // end else

if($pix1_y == "y"){
$destination = 'D:\Web\DW\images'."\\".$_FILES['upLoad1']['name'];
$temp_file = $_FILES['upLoad1']['tmp_name'];
move_uploaded_file($temp_file,$destination);
} // endif


The second version:



if(isset($_POST['pict_run'])) {

function makeThumbnail($source, $t_ht,$N_pix_n, $message2=NULL )
{
if(!($o_im = @imageCreateFromString(@file_get_contents($source))))
{
$message2 = "Error: The image supplied was corrupt or an invalid type!";
return $message2;
}
$t_wd = round($t_ht * ($o_wd = imagesx($o_im)) / ($o_ht = imagesy($o_im))) ;

if($t_wd > 300){
$t_wd = 300;
}
if(!($N_image = @imagecreatetruecolor($t_wd, $t_ht)))
{
$message2 = "Error: Problem with image dimensions!";
return $message2;
}
imagecopyresampled($N_image, $o_im, 0, 0, 0, 0, $t_wd, $t_ht, $o_wd, $o_ht);
$destination = $_SERVER['DOCUMENT_ROOT']."/im/prod_images/$N_pix_n";
if(!(@imageJPEG($N_image,$destination,90)))
{
$message2 = "Error: Could not save image!";
return $message2;
}
imageDestroy($o_im);
imageDestroy($N_image);
} // End of Function

$hgt = 200;
$pix1_y = "n";

// Checking image in pix files.

$N_pix1 = $_FILES['upLoad1']["name"];
$prod_ref = $_POST['x_prod_ref'];

// possible PHP upload errors
$errors = array(1 => 'php.ini max file size exceeded',
2 => 'html form max file size exceeded',
3 => 'file upload was only partial',
4 => 'no file was attached');

if($N_pix1 != "")
{
// echo "File type: ".$_FILES['upLoad1']['type']." <br>"; // this is a temporary test
if ($_FILES['upLoad1']['error'] != 0)
{
$message1 = "Picture file 1 did not successfully upload E1" ;
$message2 = "Error: ".$errors[$_FILES['upLoad1']['error']];
require_once ("write_prod_pic_fm.php");
exit();
} // endif

$pix1_y = "y";
$image = $_FILES['upLoad1']['tmp_name'];
$N_pix1 = time()."-".$N_pix1;
$message2 = makeThumbnail($image,$hgt,$N_pix1);
if(!empty($message2)){
$message1 = "Picture file 1 did not successfully upload E2" ;
require_once ("write_prod_pic_fm.php");
exit();
} // endif

} // endif
else{
$N_pix1 = "none";
} // end else

/*
* Update the ADVERT WITH THE IMAGE NAMES
*/

$sql = "UPDATE products SET
prod_pict = '$N_pix1'
WHERE prod_id = '$prod_ref' ";

$result = mysql_query($sql) or die("could not execute IMAGE UPDATE articles.". mysql_error());


Are they supposed to work together somehow :confused:
or are they totally different?

I have to say, I am a bit confused so if anyone would help out, I'd really appreciate it :)

milanchheda
03-02-2009, 04:58 AM
I think, second one is probably a good one as it uses GD library which is particularly used for images.GD library will help you to perform several kind of operations on the image, like changing its dimensions and creating a thumbnail, or changing its color, etc etc..
Also, using GD library you can keep a check on which image formats to be allowed and which not.
But then it depends on other conditions and situations where you want to used this image processing and uploading things.

jeddi
03-02-2009, 06:50 AM
Thanks for your reply,

So what does the first one do ?
Does it just move the file without resampling it with GD ?

Is that a bad idea ?

ninnypants
03-02-2009, 08:23 AM
The first one can easily be tricked and the user could upload something else disguised as a file it would be much safer to use the second because if it is not an image the file will be scrambled and made unusable when the GD tries to create an image from it. That's what it appears to do at least.

milanchheda
03-02-2009, 12:59 PM
the first code can easily be tricked by uplaoding any file other then the image file.
So to have a proper and dedicated code the image, its necessary to check whether the user is trying to upload the image file or a non-image file..
thats why, second code is better then the first one.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum