PHP - Image Upload And Risks - Questions
Hi all
I am building a tinymce image management plugin for a group
I'm trying to minimize the risks as much as possible with their current setup- No database, no access outside their folder etc...
But reading through the different topics I read a few posts about scripts being added inside the images that can be executed once the images is called.
Now, my "Hacking skills" must not be up to par because I tried doing this on my own just to test and I cant seem to make it work..
so my question is
Will uploading and resizing the image with imagecopyresampled or something reduce/remove the threat?
Not exactly sure how the "malicious" scripts are carried and then executed.
Thanks for any info you may be able to provide.
(I have read alot of threads in the forum on upload security and seems there are a few different thoughts that differ - so Im not trying to start a debate on that! just curious about the "Hidden File" issue)
Similar TutorialsMy server is Linux/Apache/PHP.
When a file is uploaded, I use PHP's finfo_open to confirm that the file have the correct file extension matches and delete them if it doesn't match. I also which file mimi types and size could be uploaded.
Things I do with the files include:
Upload user's files and store them in some public directory (/var/www/html/users_public_directory/), and allow other users to directly download them.
Upload user's files and store them in some private directory (/var/www/users_private_directory/), and allow other users to download them using X-Sendfile.
Upload user's ZIP files and convert them to PDF files (unzip the ZIP file, and uses Libreoffice and Imagemagick's convert to convert them to PDFs).
From the server's prospective, what are the risks of allowing users to upload files? Are there some file types which are more dangerous to the server? Could they be executed on the server, and if so, how could this be prevented?
How can i edit just one image at on time with a multiple image upload form? I have the images being stored in a folder and the path being stored in MySQL. I also have the files being uploaded with a unique id. My issue is that I want to be able to pass the values of what is already in $name2 $name3 $name4 if I only want to edit $name1. I don't want to have to manually update the 4 images. Here is the PHP: Code: [Select] <?php require_once('storescripts/connect.php'); mysql_select_db($database_phpimage,$phpimage); $uploadDir = 'upload/'; if(isset($_POST['upload'])) { foreach ($_FILES as $file) { $fileName = $file['name']; $tmpName = $file['tmp_name']; $fileSize = $file['size']; $fileType = $file['type']; if ($fileName != ""){ $filePath = $uploadDir; $fileName = str_replace(" ", "_", $fileName); //Split the name into the base name and extension $pathInfo = pathinfo($fileName); $fileName_base = $pathInfo['fileName']; $fileName_ext = $pathInfo['extension']; //now we re-assemble the file name, sticking the output of uniqid into it //and keep doing this in a loop until we generate a name that //does not already exist (most likely we will get that first try) do { $fileName = $fileName_base . uniqid() . '.' . $fileName_ext; } while (file_exists($filePath.$fileName)); $file_names [] = $fileName; $result = move_uploaded_file($tmpName, $filePath.$fileName); } if(!get_magic_quotes_gpc()) { $fileName = addslashes($fileName); $filePath = addslashes($filePath); } $fileinsert[] = $filePath; } } $mid = mysql_real_escape_string(trim($_POST['mid'])); $cat = mysql_real_escape_string(trim($_POST['cat'])); $item = mysql_real_escape_string(trim($_POST['item'])); $price = mysql_real_escape_string(trim($_POST['price'])); $about = mysql_real_escape_string(trim($_POST['about'])); $fields = array(); $values = array(); $updateVals = array(); for($i = 0; $i < 4; $i++) { $values[$i] = isset($file_names[$i]) ? mysql_real_escape_string($file_names[$i]) : ''; if($values[$i] != '') { $updateVals[] = 'name' . ($i + 1) . " = '{$values[$i]}'"; } } $updateNames = ''; if(count($updateVals)) { $updateNames = ", " . implode(', ', $updateVals); } $update = "INSERT INTO image (mid, cid, item, price, about, name1, name2, name3, name4) VALUES ('$mid', '$cat', '$item', '$price', '$about', '$values[0]', '$values[1]', '$values[2]', '$values[3]') ON DUPLICATE KEY UPDATE cid = '$cat', item = '$item', price = '$price', about = '$about' $updateNames"; $result = mysql_query($update) or die (mysql_error()); Hello I am having problems uploading an image through a HTML form. I want the image to be uploaded to the server and the image name to be written to the mysql database. Below is the code I am using: Code: [Select] <?php if (isset($_POST['add'])){ echo "<br /> add value is true"; $name = $_POST['name']; $description = $_POST['description']; $price = $_POST['price']; $category_id = $_POST['category_name']; $image = $_FILES['image']['name']; //file path of the image upload $filepath = "../images/"; //mew name for the image upload $newimagename = $name; //new width for the image $newwidth = 100; //new height for the image $newheight = 100; include('../includes/image-upload.php'); mysql_query("INSERT INTO item (item_name, item_description, item_price, item_image) VALUES ('$name','$description','$price','$image')"); ?> Here is the image-upload.php file code: Code: [Select] <?php //assigns the file to the image $image =$_FILES["image"]["name"]; $uploadedfile =$_FILES["image"]["tmp_name"]; if ($image) { //retrieves the extension type from image upload $extension = getextension($image); //converts extension to lowercase $extension = strtolower($extension); //create image from uploaded file type if($extension=="jpg" || $extension=="jpeg") { $uploadedfile = $_FILES['image']['tmp_name']; $src = imagecreatefromjpeg($uploadedfile); }else if($extension=="png") { $uploadedfile = $_FILES['image']['tmp_name']; $src = imagecreatefrompng($uploadedfile); }else{ $src = imagecreatefromgif($uploadedfile); } //creates a list of the width and height of the image list($width,$height)=getimagesize($uploadedfile); //adds color to the image $tmp = imagecreatetruecolor($newwidth,$newheight); //create image imagecopyresampled($tmp,$src,0,0,0,0,$newwidth,$newheight,$width,$height); //set file name $filename = $filepath.$newimagename.".".$extension; $imagename = $newimagename.".".$extension; //uploads new file with name to the chosen directory imagejpeg($tmp,$filename,100); //empty variables imagedestroy($src); imagedestroy($tmp); } ?> Any help would be appreciated, fairly new to all this! Thanks!!! I have a working image upload script that uploads, renames the file and adds filename to the database. is it possible to include some sort of image resize code? if so can anyone point me in the right direction or better still show some example code and explain how it works etc. below is my working code: Code: [Select] <?php $rand = mt_rand(1,9999999); $member_id = $_SESSION['SESS_MEMBER_ID']; $caption = $_POST["caption"]; if(isset($_FILES['uploaded']['name'])) { $allowed_filetypes = array('.jpg','.gif','.bmp','.png','.jpeg'); $max_filesize = 524288; // Maximum filesize in BYTES (currently 0.5MB) $fileName = basename($_FILES['uploaded']['name']); $errors = array(); $target = "gallery/"; $fileBaseName = substr($fileName, 0, strripos($fileName, '.')); // Get the extension from the filename. $ext = substr($fileName, strpos($fileName,'.'), strlen($fileName)-1); //$newFileName = md5($fileBaseName) . $ext; $newFileName = $target . $rand . "_" . $member_id.$ext; // Check if filename already exists if(file_exists("gallery/" . $newFileName)) { $errors[] = "The file you attempted to upload already exists, please try again."; } // Check if the filetype is allowed. if(!in_array($ext,$allowed_filetypes)) { $errors[] = "The file you attempted to upload is not allowed."; } // Now check the filesize. if(!filesize($_FILES['uploaded']['tmp_name']) > $max_filesize) { $errors[] = "The file you attempted to upload is too large."; } // Check if we can upload to the specified path. if(!is_writable($target)) { $errors[] = "You cannot upload to the specified directory, please CHMOD it to 777."; } //Here we check that no validation errors have occured. if(count($errors)==0) { //Try to upload it. if(!move_uploaded_file($_FILES['uploaded']['tmp_name'], $newFileName)) { $errors[] = "Sorry, there was a problem uploading your file."; } } //Lets INSERT database information here if(count($errors)==0) { $result = mysql_query("INSERT INTO `gallery` (`image`, `memberid`, `caption`) VALUES ('$newFileName', '$member_id', '$caption')") or die (mysql_error()); } //If no errors show confirmation message if(count($errors)==0) { echo "<div class='notification success png_bg'> <a href='#' class='close'><img src='img/cross_grey_small.png' title='Close this notification' alt='close' /></a> <div> Image has been uploaded.<br>\n </div> </div>"; //echo "The file {$fileName} has been uploaded"; echo "<br>\n"; echo "<a href='gallery.php'>Go Back</a>\n"; } else { //show error message echo "<div class='notification attention png_bg'> <a href='#' class='close'><img src='img/cross_grey_small.png' title='Close this notification' alt='close' /></a> <div> Sorry your file was not uploaded due to the following errors:<br>\n </div> </div>"; //echo "Sorry your file was not uploaded due to the following errors:<br>\n"; echo "<ul>\n"; foreach($errors as $error) { echo "<li>{$error}</li>\n"; } echo "</ul>\n"; echo "<br>\n"; echo "<a href='gallery.php'>Go Back</a>\n"; } } else { //Show the form echo "Use the following form below to add a new image to your gallery;<br /><br />\n"; echo "<form enctype='multipart/form-data' action='' method='POST'>\n"; echo "Please choose a file:<br /><input class='text' name='uploaded' type='file' /><br />\n"; echo "Image Caption:<br /><input class='text' name='caption' type='text' value='' /><br /><br />\n"; echo "<input class='Button' type='submit' value='Upload' />\n"; echo "</form>\n"; } ?> Many thanks to phpfreaks again. hello friends, while clicking the form all the information goes to database, I have one image upload field, when cliking the submit button, i would like 'image name' to go in database and file to go in /upload folder, i have tried this for hours and gave up, if anyone help me in this, i would be very greatful Hi, Im rather new to php and really unable to get the above to work. Everything works apart from the image being resized. File is uploaded, and the image name is printed into the SQL database. But i cant for the life of me get the image to go to 300x200? If you could help me i would be very grateful My code for the form processing page is attached. Ive put a few line breaks into the code as to where i think is the issue. I just cant seem to resize the image. Does the image resize need to come before the part it writes the image to the server or can this be done afterwards? Please help. P.S - Thanks in advance I need code for upload images for php as well as to edit that image
It will add the 'FILES' folder if it isn't there, but just refreshes the page, displaying no errors, without adding anything to the folder??? As you can probably see I have three file slots for users, I want to fill the next available slot up, and if no slots, display error 2 ($e=2; - Delete a file to make space) Code: [Select] //^^GET VARIABLES SUCH AS USERNAME ETC. if(isset($_POST['uploadfile'])){ if(is_dir("files/$username/FILES/")){}else{mkdir("files/$username/FILES/");} if (is_uploaded_file($_FILES['file']['tmp_name'])) { $name = $_FILES['file']['name']; if ($file != "application/pdf" || substr(strrchr($file, '.'), 1) != "pdf" || substr(strrchr($file, '.'), 1) != "jpg" || $file != "image/jpeg" || $file != "image/pjpeg") { $errors[] = 'File must be in PDF or JPEG format'; } else if($_FILES['file']['size'] > 256000){$errors[] = 'File must be under 250KB';} else { $name1 = substr($name, 0, strrpos($name, '.')); $ext = strtolower(substr(strrchr($name, '.'), 1)); $name = $name1.'.'.$ext; $res = mysql_query("SELECT username,file1,file2,file3 FROM `files` WHERE `username`='$username'"); $row = mysql_fetch_array($res); $f1 = $row['file1']; $f2 = $row['file2']; $f3 = $row['file3']; if($f1==''){ $result = move_uploaded_file($_FILES['file']['tmp_name'], "files/$username/FILES/$name"); if ($result == 1){ $time = time(); $t=1; mysql_query("UPDATE files SET file1='$name', file1_val='0', file1_added='$time' WHERE username='$username'"); }else $e=1; }else if(empty($f2)){ $result = move_uploaded_file($_FILES['file']['tmp_name'], "files/$username/FILES/$name"); if ($result == 1){ $time = time(); $t=1; mysql_query("UPDATE files SET file2='$name', file2_val='0', file2_added='$time' WHERE username='$username'"); }else $e=1; }else if(empty($f3)){ $result = move_uploaded_file($_FILES['file']['tmp_name'], "files/$username/FILES/$name"); if ($result == 1){ $time = time(); $t=1; mysql_query("UPDATE files SET file3='$name', file3_val='0', file3_added='$time' WHERE username='$username'"); }else $e=1; }else{$e=2;} } } } Hey everyone - I was wondering if there was a good tutorial or documentation on how to upload an image, have it resize and then call it back from, say, a mysql query? Trying to make something so that users can add an image to a small news post. I tried search the tutorial but I didn't find anything. Any past samples or suggestions are greatly appreciated. Thanks! Hi, i have in my script the following : $pid = mysql_insert_id(); //place image in the folder $newname = "$pid.jpg"; move_uploaded_file($_FILES['fileField']['tmp_name'],"../inventory_images/$newname"); header("location: inventory_list.php"); exit(); but i can't figure out how to upload more than one image. Thanks! Hi everybody, I have similar problem like member vikaspa in this thread: http://www.phpfreaks.com/forums/index.php?topic=279531.msg1323820#msg1323820 Have great site, but this image rewriting makes me crazy...today someone upload in some thread 1.jpg for example...after 3 days someone uploads diferent image and also called it 1.jpg, and overwrites this earlier one. Nonsense. Please help me with my code, what to add where, to prevent rewriting and instead that, to rename upload internally (without notifying the user)...for example 1_1.jpg. Here is my code: Code: [Select] if ($fdata['forum_attach'] && checkgroup($fdata['forum_attach'])) { $attach = $_FILES['attach']; if ($attach['name'] != "" && !empty($attach['name']) && is_uploaded_file($attach['tmp_name'])) { $attachname = stripfilename(substr($attach['name'], 0, strrpos($attach['name'], "."))); $attachext = strtolower(strrchr($attach['name'],".")); if (preg_match("/^[-0-9A-Z_\[\]]+$/i", $attachname) && $attach['size'] <= $settings['attachmax']) { $attachtypes = explode(",", $settings['attachtypes']); if (in_array($attachext, $attachtypes)) { $attachname .= $attachext; move_uploaded_file($attach['tmp_name'], FORUM."attachments/".$attachname); chmod(FORUM."attachments/".$attachname,0644); if (in_array($attachext, $imagetypes) && (!@getimagesize(FORUM."attachments/".$attachname) || !@verify_image(FORUM."attachments/".$attachname))) { unlink(FORUM."attachments/".$attachname); $error = 1; } if (!$error) { $result = dbquery("INSERT INTO ".DB_FORUM_ATTACHMENTS." (thread_id, post_id, attach_name, attach_ext, attach_size) VALUES ('".$thread_id."', '".$post_id."', '$attachname', '$attachext', '".$attach['size']."')"); } } else { @unlink($attach['tmp_name']); $error = 1; } } else { @unlink($attach['tmp_name']); $error = 2; } Member Little guy wrote: $tmp_name = $_FILES["pictures"]["tmp_name"]; $tmp_new_name = $_FILES["pictures"]["name"]; $path_parts = pathinfo($tmp_new_name); $new_name = $path_parts['filename'] . time() . $path_parts['extension']; $uploads_dir = '/uploads'; move_uploaded_file($tmp_name, "$uploads_dir/$new_name"); But I'm completely noob for coding and don't know where to put that in my forum code. Please help. Thanx in advance, sorry for longer thread, and for my english. Regards. I am looking to upload an image or pdf file to my server an with this upload script below. It works well and uploads the images and the pdf file but for some reason i can open the image and view it but not the pdf file can someone please let me know why this is happening and show me what changes i need to make to get the script to work as i'm very new to PHP . thanks Quote Code: [Select] <?php $target = "images/"; $target = $target . basename( $_FILES['image']['name']); $company=$_POST['company']; $image=($_FILES['image']['name']); mysql_connect("localhost", "username", "password") or die(mysql_error()) ; mysql_select_db("testupload") or die(mysql_error()) ; mysql_query("INSERT INTO `table` (company, image) VALUES ('$company', '$image')") ; if(move_uploaded_file($_FILES['image']['tmp_name'], $target)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory"; } else { echo "Sorry, there was a problem uploading your file."; } ?> I'm having some trouble with an image upload form. I have a few instances of this code that works in other areas of my site so I'm pretty sure there is just something small that I'm missing: The Form: <? include("../include/session.php"); ?> <html> <head> <title>Template Configuration</title> <link rel="stylesheet" type="text/css" href="../css/backend.css"> </head> <body> <? if($session->logged_in){ $data = mysql_query("SELECT * FROM template WHERE id = '1'") or die(mysql_error()); while($info = mysql_fetch_array( $data )) { echo " <h1 style='text-align:center;'>Template Configuration</h1> <div id='textedit'> <form method='post' action='templateprocess.php' enctype='multipart/form-data'> <table> <tr><td><h2>Header Image</h2></td></tr> <tr><td colspan='2' style='text-align:center'><img src='../upload/template/".$info['headerimg'] ."'><br /><br /></tr></td> <tr> <td>Image Upload:</td> <td> <input type='file' name='headerimg'> </td> </tr> </table <input type='hidden' name='id' value='1'> <input TYPE='submit' name='upload' title='Add data to the Database' value='Submit'/> </form> <a href='../main.php'><img src='../images/backButton.jpg'></a> </div> "; } } else{ echo "[<a href='../main.php'>Please Login</a>] "; } ?> </body> </html> The Processor: <? include("../include/session.php"); ?> <html> <head> <title>Template Configuration</title> <link rel="stylesheet" type="text/css" href="../css/backend.css"> </head> <body> <div id='process'> <? if($session->logged_in){ $target = "/path/to/folder/upload/template/"; if ($headerimg != ''){ $headerimg = ($_FILES['headerimg']['name']); foreach($_FILES as $file) { move_uploaded_file($file['tmp_name'], $target . $file['name']); } mysql_query("UPDATE template SET headerimg ='$headerimg' WHERE id ='1'"); } ?> <p>Update Successful... <a href="../main.php">click here</a> to return to the administration area.</p> <?php } else{ echo "[<a href='../main.php'>Please Login</a>] "; } ?> </div> </body> </html> My database has a table named 'template' with two fields of 'id' and 'headerimg'. I have inserted into the table (id) '1' and (headerimg) 'header-image.png' and is reading this as a preview above. I can't, however, get the 'headerimg' field to update and the image never uploads into my template folder. I am beginner in PHP and i tried to find a tutorial on this subject across the web, but all i found was one tutorial how to store image like blob and a lot of scripts (which at the moment I don't understand). I want to create form to upload image to specific folder and then to insert image name and path into DB. If you know some tutorial on this subject please let me know, or if someone can help to write it it would be great . hello i am wondering how to upload an image into mysql, i am wanting to upload it with some more fields, this is my codei wish to add the image upload. add_recipie.php <?php // Start_session, check if user is logged in or not, and connect to the database all in one included file include_once("scripts/checkuserlog.php"); // Include the class files for auto making links out of full URLs and for Time Ago date formatting include_once("wi_class_files/autoMakeLinks.php"); include_once ("wi_class_files/agoTimeFormat.php"); // Create the two objects before we can use them below in this script $activeLinkObject = new autoActiveLink; $myObject = new convertToAgo; ?> <?php // Include this script for random member display on home page include_once "scripts/homePage_randomMembers.php"; ?> <?php $sql_blabs = mysql_query("SELECT id, mem_id, the_blab, blab_date FROM blabbing ORDER BY blab_date DESC LIMIT 30"); $blabberDisplayList = ""; // Initialize the variable here while($row = mysql_fetch_array($sql_blabs)){ $blabid = $row["id"]; $uid = $row["mem_id"]; $the_blab = $row["the_blab"]; $notokinarray = array("fag", "gay", "shit", "fuck", "stupid", "idiot", "asshole", "cunt", "douche"); $okinarray = array("sorcerer", "grey", "shug", "farg", "smart", "awesome guy", "asshole", "cake", "dude"); $the_blab = str_replace($notokinarray, $okinarray, $the_blab); $the_blab = ($activeLinkObject -> makeActiveLink($the_blab)); $blab_date = $row["blab_date"]; $convertedTime = ($myObject -> convert_datetime($blab_date)); $whenBlab = ($myObject -> makeAgo($convertedTime)); //$blab_date = strftime("%b %d, %Y %I:%M:%S %p", strtotime($blab_date)); // Inner sql query $sql_mem_data = mysql_query("SELECT id, username, firstname, lastname FROM myMembers WHERE id='$uid' LIMIT 1"); while($row = mysql_fetch_array($sql_mem_data)){ $uid = $row["id"]; $username = $row["username"]; $firstname = $row["firstname"]; if ($firstname != "") {$username = $firstname; } // (I added usernames late in my system, this line is not needed for you) /////// Mechanism to Display Pic. See if they have uploaded a pic or not ////////////////////////// $ucheck_pic = "members/$uid/image01.jpg"; $udefault_pic = "members/0/image01.jpg"; if (file_exists($ucheck_pic)) { $blabber_pic = '<div style="overflow:hidden; width:40px; height:40px;"><img src="' . $ucheck_pic . '" width="40px" border="0" /></div>'; // forces picture to be 100px wide and no more } else { $blabber_pic = "<img src=\"$udefault_pic\" width=\"40px\" height=\"40px\" border=\"0\" />"; // forces default picture to be 100px wide and no more } $blabberDisplayList .= ' <table width="100%" align="center" cellpadding="4" bgcolor="#CCCCCC"> <tr> <td width="7%" bgcolor="#FFFFFF" valign="top"><a href="profile.php?id=' . $uid . '">' . $blabber_pic . '</a> </td> <td width="93%" bgcolor="#EFEFEF" style="line-height:1.5em;" valign="top"><span class="greenColor textsize10">' . $whenBlab . ' <a href="profile.php?id=' . $uid . '">' . $username . '</a> said: </span><br /> ' . $the_blab . '</td> </tr> </table>'; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <meta name="Description" content="Web Intersect is a deft combination of powerful free open source software for social networking, mixed with insider guidance and tutorials as to how it is made at its core for maximum adaptability. The goal is to give you a free website system that has a network or community integrated into it to allow people to join and interact with your website when you have the need." /> <meta name="Keywords" content="web intersect, how to build community, build social network, how to build website, learn free online, php and mysql, internet crossroads, directory, friend, business, update, profile, connect, all, website, blog, social network, connecting people, youtube, myspace, facebook, twitter, dynamic, portal, community, technical, expert, professional, personal, find, school, build, join, combine, marketing, optimization, spider, search, engine, seo, script" /> <title>CookBookers</title> <link href="style/main.css" rel="stylesheet" type="text/css" /> <link rel="icon" href="favicon.ico" type="image/x-icon" /> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> <script src="js/jquery-1.4.2.js" type="text/javascript"></script> <style type="text/css"> #Layer1 { height:210px; } body { background-color: #3c60a4; } .style4 {font-size: 36px} </style> </head> <body> <p> <?php include_once "header_template.php"; ?> </head> <body style="margin:0px;"> <center> </p> <p> </p> <table border="0" align="center" cellpadding="0" cellspacing="0" class="mainBodyTable"> <tr> <td width="124" valign="top"> <td width="776" colspan="2" align="left" valign="top" style="background-color:#EFEFEF; border:#999 0px; padding:10px;"> <table border="0" cellpadding="6"> </table> <table width="574" border="0"> <form method="POST" action="include/recipe.php"> <span class="style4">Add Recipie</span> <tr> <th width="232" scope="col"> </th> <th width="332" scope="col"> </th> </tr> <tr> <td><span style="margin-bottom:5px; color:brown;">Public:</span></td> <td><span style="margin-bottom:5px; color:brown;"> <input name="Pub" value="1" type="checkbox" id="Pub"/> </span></td> </tr> <tr> <td><span style="margin-bottom:5px; color:brown;">Title:</span></td> <td><span style="margin-bottom:5px; color:brown;"> <input type="text" name="title" /> </span></td> </tr> <tr> <td><span style="margin-bottom:5px; color:brown;">Prep time:</span></td> <td><span style="margin-bottom:5px; color:brown;"> <input name="prep" type="text" size="7" maxlength="10" /> </tr> <tr> <td><span style="margin-bottom:5px; color:brown;">Cooking time:</span></td> <td><span style="margin-bottom:5px; color:brown;"> <input name="cook" type="text" size="7" maxlength="10" /> </tr> <tr> <td><span style="margin-bottom:5px; color:brown;">Makes:</span></td> <td><span style="margin-bottom:5px; color:brown;"> <input type="text" name="make" /> </span></td> </tr> <tr> <td><span style="margin-bottom:5px; color:brown;">Ingrediants:</span></td> <td><span style="margin-bottom:5px; color:brown;"> <textarea rows="5" name="ingr" cols="40"></textarea> </span></td> </tr> <tr> <td><span style="margin-bottom:5px; color:brown;">Method: </span></td> <td><span style="margin-bottom:5px; color:brown;"> <textarea rows="5" name="desc" cols="40"></textarea> </span></td> </tr> <tr> <td><span style="margin-bottom:5px; color:brown;">Notes:</span></td> <td><span style="margin-bottom:5px; color:brown;"> <textarea rows="5" name="note" cols="40"></textarea> </span></td> </tr> <tr> <td><input name="submit" type="submit" style="padding:5px 10px;" value="Submit" /></td> </tr> </table> </tr> </table> </td> </tr> </table> <?php include_once "footer_template.php"; ?> </body> does anyone know a good open source image upload with info upload basically upload a image to a dir and submitt the info like $date $title $who to a DB Thanks in advance I have absolutely no idea how to allow users to upload their own avatars and then have the file save as their user ID (uID), and if the uID already exists, then have it overwrite it. I have a PHP script that modifies images that are stored in a local folder related to $startingFolder.
Essentially, I can use To manage the variables and direct the source and destination of the scripts actions from this starting point. I'm trying to extend my capabilities so that I can use the script while uploading images. Rather than UPLOAD several images to $startingFolder and then run the script, I thought it would be more efficient to handle this in one script. However, I am having trouble making the CONNECTION so that this can be accomplished. What is the proper way to 'grab' the files during upload? How can I access the files during the process?
I have a working HTML
And have tried
|