true for empty fields of table???

rupertbj

Please can someone tell me how to make this statement true when no file is submitted in a form:

if (( $fupload_type == "image/pjpeg" && $MAX_FILE_SIZE <= "51200" ) || ( $fupload == "" ))

Thanks in advance for your help.

jpmoriarty

if (( $fupload_type == "image/pjpeg" && $MAX_FILE_SIZE <= "51200" ) || ( $fupload == "" ) || !$fupload)

rupertbj

That doesn't work!

Full script below:

<?php
	$file_dir = "/users/rupertbj/domains/rupstar.co.uk/html/images/weblog"; 
	$file_url = "http://www.rupstar.co.uk/images/weblog"; 
//		print "path: $fupload<br>\n";
//		print "name: $fupload_name<br>\n";
//		print "size: $fupload_size bytes<br>\n";
//		print "type: $fupload_type<p>\n\n";
		if ( empty( $fupload ) OR ( $fupload_type == "image/pjpeg" && $MAX_FILE_SIZE <= "51200" ))
			{
			$db = "weblog";
			$link = mysql_connect( "localhost:/users/rupertbj/domains/rupstar.co.uk/sql/mysql.sock", "root" );
			if ( !$link ) die( "Couldn't connect to MySQL".mysql_error() );
			mysql_select_db( $db, $link ) or die( "Couldn't open $db: ".mysql_error() );
			$sql = "INSERT INTO weblogTable VALUES ( '', now(), '$description', '$content', '$fupload_name' )";
			mysql_query( $sql, $link );
			mysql_close( $link );
			copy ( $fupload, "$file_dir/$fupload_name" ) or die ("Couldn't copy");			
			}
		else
			{
			if ( $MAX_FILE_SIZE > "51200" )
			print "File size beyond maximum size of 51,200 bytes - ($fupload_size bytes)";
			elseif ( $fupload_type != "image/pjpeg" )
			print "Invalid file type $fupload_type. Please submit only pjepg images (with extensions .jpg / .jpeg)";
			else
			{
			print "Failed - reason unknown.";
			}
			exit;
			}
?>

NoFear

I'll look and see if I can spot anything, but I'd like to mention the fact that you're putting yourself in a very compromising position right now. You're posting the name of your site, directories, scripts - which might be fine and dandy.... but you're also posting the login to your MySQL database. Not only that, but your root access doesn't even have a password!

You're about the most plump target imagineable for a hacker scourging through this site...

If nothing else, at least **** out your login.... and add a password to your root login!!