Jump to content

is there more simple than this script?


arden
 Share

Recommended Posts

hi.. my trainer wants me to make the script more simple..he want to understand it line by line..can u help me?..i created a database "pix",table: "upload"id,name,type,size,content MEDIUM BLOBhere is the code:upload.php

<?phpif(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0){$fileName = $_FILES['userfile']['name'];$tmpName  = $_FILES['userfile']['tmp_name'];$fileSize = $_FILES['userfile']['size'];$fileType = $_FILES['userfile']['type'];$fp      = fopen($tmpName, 'r');$content = fread($fp, filesize($tmpName));$content = addslashes($content);fclose($fp);if(!get_magic_quotes_gpc()){    $fileName = addslashes($fileName);}$con=mysql_connect("localhost", "root", "viewsonic")or die (mysql_error());mysql_select_db("pix",$con) or die (mysql_error());$query = "INSERT INTO upload (name, size, type, content )VALUES ('$fileName', '$fileSize', '$fileType', '$content')";mysql_query($query) or die('Error, query failed');echo "<br>File $fileName uploaded<br>";}?><form method="post" enctype="multipart/form-data"><table width="350" border="0" cellpadding="1" cellspacing="1" class="box"><tr><td width="246"><input type="hidden" name="MAX_FILE_SIZE" value="2000000"><input name="userfile" type="file" id="userfile"></td><td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td></tr></table></form>

any other way to make it simple?..or this is the simplest script to upload a BLOB?..

Edited by arden
Link to comment
Share on other sites

You could use file_get_contents() load the contents, instead of using fread().It's probably a better idea to check if the file is upload OK and if it's below a certain limit, not above it. It's a good idea to not rely on the MAX_FILE_SIZE form field, since its value can be changed by the client (assuming they are "attackers").I'd also suggest adding mysql_real_escape_string() to everything that goes over to the DB, to REALLY prevent SQL injection and (in this case) leakages. addslashes() is not sufficient.I'm not sure what more could your trainer be reffering to with simplicity.

<?php$maxfilesize = 2000000;if(isset($_POST['upload']) && $_FILES['userfile']['error'] === UPLOAD_ERR_OK && $_FILES['userfile']['size'] <= $maxfilesize){$con = mysql_connect("localhost", "root", "viewsonic") or die(mysql_error());mysql_select_db("pix", $con) or die(mysql_error());$fileName = mysql_real_escape_string($_FILES['userfile']['name'], $con);$tmpName  = mysql_real_escape_string($_FILES['userfile']['tmp_name'], $con);$fileSize = mysql_real_escape_string($_FILES['userfile']['size'], $con);$fileType = mysql_real_escape_string($_FILES['userfile']['type'], $con);$content = mysql_real_escape_string(file_get_contents($_FILES['userfile']['tmp_name']), $con);$query = "INSERT INTO upload (name, size, type, content ) VALUES ('$fileName', '$fileSize', '$fileType', '$content')";mysql_query($query) or die('Error, query failed:' . mysql_error());echo "<br>File $fileName uploaded<br>";}?><form method="post" enctype="multipart/form-data"><table width="350" border="0" cellpadding="1" cellspacing="1" class="box"><tr><td width="246"><input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $maxfilesize; ?>"><input name="userfile" type="file" id="userfile"></td><td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td></tr></table></form>

P.S. The HTML part is terrible... but if that's what they're forcing you to use, so be it. Just keep in mind in today's web, tables are not meant for layout, but only for tabular data. You can use CSS to style your page.

Link to comment
Share on other sites

You could use file_get_contents() load the contents, instead of using fread().It's probably a better idea to check if the file is upload OK and if it's below a certain limit, not above it. It's a good idea to not rely on the MAX_FILE_SIZE form field, since its value can be changed by the client (assuming they are "attackers").I'd also suggest adding mysql_real_escape_string() to everything that goes over to the DB, to REALLY prevent SQL injection and (in this case) leakages. addslashes() is not sufficient.I'm not sure what more could your trainer be reffering to with simplicity.
<?php$maxfilesize = 2000000;if(isset($_POST['upload']) && $_FILES['userfile']['error'] === UPLOAD_ERR_OK && $_FILES['userfile']['size'] <= $maxfilesize){$con = mysql_connect("localhost", "root", "viewsonic") or die(mysql_error());mysql_select_db("pix", $con) or die(mysql_error());$fileName = mysql_real_escape_string($_FILES['userfile']['name'], $con);$tmpName  = mysql_real_escape_string($_FILES['userfile']['tmp_name'], $con);$fileSize = mysql_real_escape_string($_FILES['userfile']['size'], $con);$fileType = mysql_real_escape_string($_FILES['userfile']['type'], $con);$content = mysql_real_escape_string(file_get_contents($_FILES['userfile']['tmp_name']), $con);$query = "INSERT INTO upload (name, size, type, content ) VALUES ('$fileName', '$fileSize', '$fileType', '$content')";mysql_query($query) or die('Error, query failed:' . mysql_error());echo "<br>File $fileName uploaded<br>";}?><form method="post" enctype="multipart/form-data"><table width="350" border="0" cellpadding="1" cellspacing="1" class="box"><tr><td width="246"><input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $maxfilesize; ?>"><input name="userfile" type="file" id="userfile"></td><td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td></tr></table></form>

P.S. The HTML part is terrible... but if that's what they're forcing you to use, so be it. Just keep in mind in today's web, tables are not meant for layout, but only for tabular data. You can use CSS to style your page.

hahaha..thx dude.. actually they want me to make it with more style..but they said "make ALL of ur script simple"..i thought they said it too on the html part :)
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...