is there more simple than this script?

[arden]

hi.. my trainer wants me to make the script more simple..he want to understand it line by line..can u help me?..i created a database "pix",table: "upload"id,name,type,size,content MEDIUM BLOBhere is the code:upload.php

<?phpif(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0){$fileName = $_FILES['userfile']['name'];$tmpName  = $_FILES['userfile']['tmp_name'];$fileSize = $_FILES['userfile']['size'];$fileType = $_FILES['userfile']['type'];$fp      = fopen($tmpName, 'r');$content = fread($fp, filesize($tmpName));$content = addslashes($content);fclose($fp);if(!get_magic_quotes_gpc()){    $fileName = addslashes($fileName);}$con=mysql_connect("localhost", "root", "viewsonic")or die (mysql_error());mysql_select_db("pix",$con) or die (mysql_error());$query = "INSERT INTO upload (name, size, type, content )VALUES ('$fileName', '$fileSize', '$fileType', '$content')";mysql_query($query) or die('Error, query failed');echo "<br>File $fileName uploaded<br>";}?><form method="post" enctype="multipart/form-data"><table width="350" border="0" cellpadding="1" cellspacing="1" class="box"><tr><td width="246"><input type="hidden" name="MAX_FILE_SIZE" value="2000000"><input name="userfile" type="file" id="userfile"></td><td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td></tr></table></form>

any other way to make it simple?..or this is the simplest script to upload a BLOB?..

[boen_robot]

You could use file_get_contents() load the contents, instead of using fread().It's probably a better idea to check if the file is upload OK and if it's below a certain limit, not above it. It's a good idea to not rely on the MAX_FILE_SIZE form field, since its value can be changed by the client (assuming they are "attackers").I'd also suggest adding mysql_real_escape_string() to everything that goes over to the DB, to REALLY prevent SQL injection and (in this case) leakages. addslashes() is not sufficient.I'm not sure what more could your trainer be reffering to with simplicity.

<?php$maxfilesize = 2000000;if(isset($_POST['upload']) && $_FILES['userfile']['error'] === UPLOAD_ERR_OK && $_FILES['userfile']['size'] <= $maxfilesize){$con = mysql_connect("localhost", "root", "viewsonic") or die(mysql_error());mysql_select_db("pix", $con) or die(mysql_error());$fileName = mysql_real_escape_string($_FILES['userfile']['name'], $con);$tmpName  = mysql_real_escape_string($_FILES['userfile']['tmp_name'], $con);$fileSize = mysql_real_escape_string($_FILES['userfile']['size'], $con);$fileType = mysql_real_escape_string($_FILES['userfile']['type'], $con);$content = mysql_real_escape_string(file_get_contents($_FILES['userfile']['tmp_name']), $con);$query = "INSERT INTO upload (name, size, type, content ) VALUES ('$fileName', '$fileSize', '$fileType', '$content')";mysql_query($query) or die('Error, query failed:' . mysql_error());echo "<br>File $fileName uploaded<br>";}?><form method="post" enctype="multipart/form-data"><table width="350" border="0" cellpadding="1" cellspacing="1" class="box"><tr><td width="246"><input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $maxfilesize; ?>"><input name="userfile" type="file" id="userfile"></td><td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td></tr></table></form>

P.S. The HTML part is terrible... but if that's what they're forcing you to use, so be it. Just keep in mind in today's web, tables are not meant for layout, but only for tabular data. You can use CSS to style your page.

[arden]

You could use file_get_contents() load the contents, instead of using fread().It's probably a better idea to check if the file is upload OK and if it's below a certain limit, not above it. It's a good idea to not rely on the MAX_FILE_SIZE form field, since its value can be changed by the client (assuming they are "attackers").I'd also suggest adding mysql_real_escape_string() to everything that goes over to the DB, to REALLY prevent SQL injection and (in this case) leakages. addslashes() is not sufficient.I'm not sure what more could your trainer be reffering to with simplicity.

<?php$maxfilesize = 2000000;if(isset($_POST['upload']) && $_FILES['userfile']['error'] === UPLOAD_ERR_OK && $_FILES['userfile']['size'] <= $maxfilesize){$con = mysql_connect("localhost", "root", "viewsonic") or die(mysql_error());mysql_select_db("pix", $con) or die(mysql_error());$fileName = mysql_real_escape_string($_FILES['userfile']['name'], $con);$tmpName  = mysql_real_escape_string($_FILES['userfile']['tmp_name'], $con);$fileSize = mysql_real_escape_string($_FILES['userfile']['size'], $con);$fileType = mysql_real_escape_string($_FILES['userfile']['type'], $con);$content = mysql_real_escape_string(file_get_contents($_FILES['userfile']['tmp_name']), $con);$query = "INSERT INTO upload (name, size, type, content ) VALUES ('$fileName', '$fileSize', '$fileType', '$content')";mysql_query($query) or die('Error, query failed:' . mysql_error());echo "<br>File $fileName uploaded<br>";}?><form method="post" enctype="multipart/form-data"><table width="350" border="0" cellpadding="1" cellspacing="1" class="box"><tr><td width="246"><input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $maxfilesize; ?>"><input name="userfile" type="file" id="userfile"></td><td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td></tr></table></form>

P.S. The HTML part is terrible... but if that's what they're forcing you to use, so be it. Just keep in mind in today's web, tables are not meant for layout, but only for tabular data. You can use CSS to style your page.

hahaha..thx dude.. actually they want me to make it with more style..but they said "make ALL of ur script simple"..i thought they said it too on the html part