Jump to content

Mudsaf

Members
  • Content Count

    461
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by Mudsaf

  1. Mudsaf

    Upload image code example

    It's somewhat easy to patch up, but you need to know what to do (how php and sql works). I'd suggest you to learn about check out these links if you want to have more secure system against SQL injections. https://websitebeaver.com/prepared-statements-in-php-mysqli-to-prevent-sql-injection and https://www.w3schools.com/php/php_mysql_prepared_statements.asp --- I'd also recommend to sanitize or escape the image name too from $image.
  2. Mudsaf

    Upload image code example

    You don't want to use Auto increment in user_id on images table (as mentioned above), instead just get the value from $_SESSION. You are also setting it as Primary key, which means you can't have multiple images linked to one person. (However if you do, just use unique and create id column for images table with Auto_increment+Primary key.
  3. Mudsaf

    Upload image code example

    This seems fine, but has errors in it. Check the first echo after row image, missing dot and single quote or delete the line. As you asked the first echo is not required, was probably used to show you the results.
  4. mysqli_query($conn, "UPDATE users set password='" . $_POST["newPassword"] . "' WHERE userId='" . $_SESSION["userId"] . "'"); Honestly, I would recommend against this method, since its vulnerable to SQL injection. At least mysqli_escape the post method and consider hashing the passwords instead of storing them as plain text. This is so minor update that matters lot. Mysqli_real_escape_string: https://www.php.net/manual/en/mysqli.real-escape-string.php prevents from sql injection (not required with prepared statements, but yours isn't one).
  5. Mudsaf

    PHP Air Rabatt ifelse

    <?php echo "What kind of issue are you having? Mind telling us more whats wrong with the code (expected results and what you are getting)"; ?>
  6. Where have you defined variable called $id, for sure I cannot see one in this code.
  7. You can store wherever you want as long as you know the path you store them. If you want to store outside of www directory then you need to use php readfile() and store mime_types, but that gets bit more complex.
  8. Check the item_id where you are getting the error. You are trying to create it as primary key, but you only have column called id. As justsomeguy told you have to pay attention to details. Check the underlined areas, also you are missing a comma before primary key. Below working example. CREATE TABLE IF NOT EXISTS images ( id INT UNSIGNED NOT NULL AUTO_INCREMENT, img VARCHAR(20) NOT NULL, PRIMARY KEY (id) ); INSERT INTO images (img) VALUES ("testx");
  9. What you are trying to do isn't going to work with the table you just created. You need to make 3 more columns to your database table to be able to fill the rest of information in your query. Example scenario account information id int auto_increment primary key | username varchar(50) | password varchar(128) | email (varchar150) unique So lets pretend that the table we created with the "create table" query. So we wound have to do insert query like below. insert into accounts (username,password,email) values (value1,value2,value3)
  10. It was just example text that you could insert to the database. (Whatever you want to insert into img column, usually the filepath+name as you mentioned)
  11. As for SQL try this CREATE TABLE IF NOT EXISTS images ( id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, img VARCHAR(20) NOT NULL ) INSERT INTO images (img) VALUES ("imageurl")
  12. After move_uploaded_file just do simple sql query that adds the information to database. You already have all the available information ready. If you only have 2 columns on database, you only need the image name stored, since id is auto_integer primary key (so its auto generated). What kind of issues are you having with your code? More about file upload: https://www.w3schools.com/php/php_file_upload.asp More about sql insert: https://www.w3schools.com/php/php_mysql_insert.asp
  13. Not sure what kind of sorcery is this, but it works now. Thank you!
  14. Original string returns 2 unicode blocks (straight from $_GET): �(194) �(164). Where ¤ is.
  15. The unicode block symbol returned value of 194 via ord() function, got any idea what might be the cause to create that unicode block? Source code of tester below, string too. <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <style> #kool { width:800px; border:groove; margin:0 auto; padding:25px; } .mid { margin:0 auto; max-width:800px; text-align:centeR; margin-top:10px; } #preg_input { width:300px; } </style> </head> <body> <?php /* Test preg_replace function */ // #%&()=@£\$€\[\]_\-,.:? $basic = "A-Za-Z0-9"; $preg_pattern = "/[^A-Za-z0-9!\"#%£&()=@\s]/"; $func_preg_replace = preg_replace($preg_pattern,"",$_GET['preg']); if (isset($_GET['preg'])) { echo "<div id='kool'>"; echo "<b>Original string: </b> " . $_GET['preg']; echo "<hr>"; echo "<b>Preg pattern: </b> " . $preg_pattern; echo "<hr>"; echo "<b>Result: </b> " . $func_preg_replace; echo "<hr>"; echo "<b>Rawurl: </b> " . rawurlencode($_GET['preg']); echo "<hr>"; echo "<b>Ord: </b> "; for ($i=0;$i<strlen($func_preg_replace);$i++) { echo $func_preg_replace[$i] . "(" . ord($func_preg_replace[$i]) . ") "; } echo "</div>"; } ?> <div class="mid"> <form method="get" action="preg_test.php"> <input type="text" id="preg_input" name="preg" <?php if (isset($_GET['preg'])) { echo " value='" . $_GET['preg'] . "'"; } ?>> <input type="submit"> </form> </div> </body> </html> And the string without What is love 0-9, Specialcharacters: !"#¤%&/()=? Does it reproduce for you guys? ---- Also tried to UTF-8 encode string via php, the preg_replace string, 2 new unicode blocks appeared with �(195) �(130). $func_preg_replace = utf8_encode ($func_preg_replace);
  16. How would that work with preg_replace()?
  17. Apparently my browser forces ¤ to be at url, even though i replace it with %C2%A4 (if this was what you meant). Rest of the stuff is encoded properly (chrome). But on edge it is encoded. (Image from Edge browser) Also tried urldecode the GET parameter.
  18. Changed to UTF-8 (not sure if it were already), issue still persists somehow. The odd part is, this works when the £ is not added in the preg pattern.
  19. So i'm not still really familiar with regex and how does it work, but i have issue with my code. I have ¤ in my text and it gets replace with unicode ? block. https://en.wikipedia.org/wiki/Specials_(Unicode_block) for me and I don't get why. Here is the code I'm using. <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <style> #kool { width:800px; border:groove; margin:0 auto; padding:25px; } </style> </head> <body> <?php /* Test preg_replace function */ $preg_pattern = "/[^A-Za-z0-9!\"#%£&()=@\s]/"; if (isset($_GET['preg'])) { echo "<div id='kool'>"; echo "<b>Original string: </b> " . $_GET['preg']; echo "<hr>"; echo "<b>Preg pattern: </b> " . $preg_pattern; echo "<hr>"; echo "<b>Result: </b> " . preg_replace($preg_pattern,"",$_GET['preg']); echo "</div>"; } ?> <form method="get" action="preg_test.php"> <input type="text" name="preg" <?php if (isset($_GET['preg'])) { echo " value='" . $_GET['preg'] . "'"; } ?>> <input type="submit"> </form> </body> </html> And here is the string I'm trying to use. Test 0-9, Specialcharacters: !"#¤%&/()=? Result image below Any guides / help appreciated.
  20. Found the error, had 2 enter presses in DB connection file after <?php ?>. Such a silly mistake that forced html/text header. 😫
  21. I guess i'll remake the code one by one to see where it fails (if it fails again). (Checked source code without output, is this the reason? 🤔) class DbCon { protected $con; private $db_host = ""; //Database host private $db_user = ""; //Database username private $db_pass = ""; //Database user password private $db_name = ""; //Database name public function connect() { $this->con = new mysqli($this->db_host, $this->db_user, $this->db_pass, $this->db_name); if ($this->con->connect_error) { //die("Connection error, please try again later."); } else { return $this->con; } } } This seems to jam it, but don't know why? Even when i require_once it without running it via function call. OR something to do with require inside class. Day 17, i still cant seem to find the cure for this error, i'll continue tomorrow.
  22. print_r(get_headers("http://xxxx/loadimage.php?image=994",1)); returns: [Content-Type] => text/html; Any idea what could be the cause?
  23. Still the same issue if (isset($_GET['image']) && is_numeric($_GET['image'])){ $iload = new LoadImage; $arr = $iload->fetchIByID($_GET['image']); if (!empty($arr[0]) && !empty($arr[1])) { echo $arr[0] . " | " . $arr[1]; //header('Content-Type:'.$arr[1]); //header('Content-Length: ' . filesize($arr[0])); //readfile($arr[0]); } } class blablabla { //header stuff replaced with below return array($this->GFilePath.$iurl, $im_type); }
  24. So basically i have this code below on test file which works perfectly. header('Content-Type:'.'image/jpeg'); header('Content-Length: ' . filesize('E:/xampp/uploads/gallery/files/mursa_00d0ad79e535628240a4462948bf31dc.jpg')); readfile('E:/xampp/uploads/gallery/files/mursa_00d0ad79e535628240a4462948bf31dc.jpg'); But when i try to implement it on my OOP file, i assume the Content-Type gets changed automatically to html/text? Any ideas what might cause this? <?php /* Grab image file outside of webroot directory */ if (session_status() == PHP_SESSION_NONE) { session_start(); } class LoadImage { private $GFilePath; private $DPath = "local"; //Fetch single image by ID public function fetchIByID($iid) { //bit validation if (!is_numeric($iid)) { die(); } require_once("main_db_con.php"); //DB connection file => might cause issue ? $conn = new DbCon; $con = $conn->connect(); //Get image by id parameter if ($res_gibi = $con->prepare("SELECT `image_url`, `mime_type` FROM images WHERE id = ? AND status = ? LIMIT 1")) { $prog_req1 = 1; //Unpublished imagec $res_gibi->bind_param("ii",$iid,$prog_req1); if ($res_gibi->execute()) { $res_gibi->store_result(); if ($res_gibi->num_rows == 1) { $res_gibi->bind_result($iurl,$im_type); if ($res_gibi->fetch()) { if ($istatus == 1) { $this->GFilePath = "E:/xampp/uploads/gallery/files/"; //local path if (file_exists($this->GFilePath.$iurl)) { //below not returning image header('Content-Type:'.'image/jpeg'); header('Content-Length: ' . filesize('E:/xampp/uploads/gallery/files/mursa_00d0ad79e535628240a4462948bf31dc.jpg')); readfile('E:/xampp/uploads/gallery/files/mursa_00d0ad79e535628240a4462948bf31dc.jpg'); //header('Content-Type:'.$im_type); //header('Content-Length: ' . filesize($this->GFilePath.$iurl)); //readfile($this->GFilePath.$iurl); //$this->GFilePath.$iurl . " | " . $im_type; //$ftype; //"<br>" . $fpath; } else { } } else { // "<p>Unauthorized or image does not exist.</p>"; } } else { // } } else { //err_fetch } } else { // "x"; //ERR_EXEC } } else { //ERR_PREP // "y"; } //Closes SQL connection unset($conn); $con->close(); } //public function __construct() { //$this->fetchIByID(994); //} } if (isset($_GET['image']) && is_numeric($_GET['image'])){ $iload = new LoadImage; $iload->fetchIByID($_GET['image']); } ?> Not fully finished code, slightly altered but you get the idea + big ugly code atm but have to fix lated. Looks like attached file on browser.
×
×
  • Create New...