...

View Full Version : Simple Image Upload - NOT WORKING



macmonkey
01-09-2006, 05:01 PM
Greetings,


I've spent way too much time on a clients site and have this one little snag whereas the image upload form isn't uploading the image :(. I've done a few others that work fine but this one won't upload no matter what.

Can you guys take a look at it and see if you spot an error.

Thanks


<?php

require('admin_nav_left.html');

$mode=$_POST["mode"];

//***********************************
// SUBMIT FORM
//***********************************
if ($mode == "submit")
{


//FORM DATA
$wholesaler_id=$_POST['featured_wholesaler_id'];
$text=$_POST['description'];


//Image
if ($_FILES['featured_retailer_image']['size'] != 0)
{

$f=$_FILES['featured_retailer_image']['name'];
$filename="images/".$f;

//move uploaded file to destination
if (!move_uploaded_file($_FILES['featured_retailer_image']['tmp_name'],$filename))
{
$err="Uploading the image failed!";
}
}

//do database update
$sql="INSERT INTO featured_retailers VALUES(".$wholesaler_id.",'".$text."','".$f."','".date("Ymd")."')";
get_mysql_result($sql);
$done=true;
}
//***********************************
// SHOW FORM
//***********************************

if ($mode == "" or $done)
{
$wholesaler_id=trim($_GET['id']);

if ($wholesaler_id != "")
{
//get info on this press item from database
$sql="SELECT * FROM wholesalers WHERE wholesaler_id=".$wholesaler_id;
$rs=get_mysql_result($sql);
$row=mysql_fetch_array($rs,MYSQL_ASSOC);
}
?>
<P>
<form name="setFeaturedVendor" action="setFeaturedVendor.php" method="POST" enctype="multipart/form-data">
<input type="hidden" name="mode" value="submit">

<table width=85% cellpadding=6 cellspacing=0 border=1 rules="none" bordercolor="#990000" align=center>
<tr><td valign=top align=center bgcolor="#990000" colspan=3><font face="Trebuchet MS, Verdana" style="font-size:14px" color=white><B>Set Featured Retailer Accounts</b></font></td></tr>
<?
if ($done and $err == "") {
?>
<tr><td valign=top align=center colspan=2 bgcolor="#FFFFCC"><font face="Trebuchet MS, Verdana" style="font-size:12px" color=green><b>Featured retailer was set successfully!</b></font></td></tr>
<?}
else if ($err != "") {
?>
<tr><td valign=top align=center colspan=2 bgcolor="#FFFFCC"><font face="Trebuchet MS, Verdana" style="font-size:12px" color=red><b><?=$err?></b></font></td></tr>
<?}
?>
<tr>
<td align="left">Select a Retailer</div></td>
<td align="left">
<select name="featured_wholesaler_id">
<option value="">-Select-</option>
<?
//get last 4 digits of all credit cards
$sql="SELECT wholesaler_id,wholesaler_company_name FROM wholesalers WHERE 1 ORDER BY wholesaler_company_name ASC";
$rs=get_mysql_result($sql);

if (mysql_num_rows($rs) > 0)
{
while ($row = mysql_fetch_array($rs,MYSQL_ASSOC))
{?>
<option value="<?=$row["wholesaler_id"]?>"><?=$row["wholesaler_company_name"]?></option>
<?
}
}
?>
</select></td>
</tr>
<tr>
<td align=left>Description:</div></td>
<td align=left><textarea name="description" rows="5" cols="30"></textarea></td>
</tr>
<tr>
<td align=left>Image:</div></td>
<td align=left><input type="file" name="featured_retailer_image"></td>
</tr>
<tr><td align=center colspan=3><input type="button" onclick="if (document.setFeaturedVendor.featured_wholesaler_id.value != '') { document.setFeaturedVendor.submit(); }" value="Set Featured Vendor"></td></tr>
</table>
</form>

<?
}

require('admin_bottom.html');
?>

Thanks!

Element
01-09-2006, 09:03 PM
I personally don't usue move_uploaded_file() Try something more like:





//move uploaded file to destination
if (!(copy($_FILES['featured_retailer_image']['tmp_name'], $filename)))
{
$err="Uploading the image failed!";
}

macmonkey
01-09-2006, 09:09 PM
Thanks for the tip - I use copy() as well but I'm just fixing some issues for a client wheras someone else built the site.

Turned out that there was a permissions problem with the images folder.

Thanks.

marek_mar
01-09-2006, 09:41 PM
I personally don't usue move_uploaded_file()

Why ?

ralph l mayo
01-09-2006, 09:43 PM
I personally don't usue move_uploaded_file()


You should, it's more secure. move_uploaded_file() verifies that the source is actually an uploaded file, thereby foiling directory attacks like uploading something called /etc/passwd. If you really want to use copy you can add in a check with is_uploaded_file().

marek_mar
01-09-2006, 10:01 PM
But still... why write a replacement to something that is there?

Element
01-09-2006, 10:41 PM
You should, it's more secure. move_uploaded_file() verifies that the source is actually an uploaded file, thereby foiling directory attacks like uploading something called /etc/passwd. If you really want to use copy you can add in a check with is_uploaded_file().


None of my scripts work like that because I check the extension and if it exists.

firepages
01-10-2006, 02:33 AM
does /images directory have the right permissions set ? (chmod to 0777 on most hosts)
also are you getting an error or the upload does just not work ? if an error message please post.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum