Alright so I'm working on a picture sharing site and this is my upload script:
<?php
$link = mysql_connect('localhost', 'spowpow1_Sean', '<password>');
if (!$link)
{
die('Not connected : ' . mysql_error());
}
$db_selected = mysql_select_db('spowpow1_gmodpic', $link);
if (!$db_selected)
{
die ("Database not selected : " . mysql_error());
}
//Checkin 2 mayke shur all da inputz iz da right dada taiip and length mofuggaaaa
function sanityCheck($string, $type, $length)
{
$type = 'is_'.$type;
if(!$type($string))
{
return FALSE;
}
elseif(empty($string))
{
return FALSE;
}
elseif(strlen($string) > $length)
{
return FALSE;
}
else
{
return TRUE;
}
}
//Checking to see which file uploaders have content
if ($_FILES['file']['name'] != "" && ($_FILES['file']['type'] == "image/jpeg") && ($_FILES['file']['size'] <= 500000))
{
$fileSet = 1;
}
else
{
$fileSet = 0;
echo("<p>Please use the top upload field first.</p>");
}
$author = $_COOKIE['userName'];
$fDate = date('l jS \of F Y');
$fTime = date('h:i:s A');
//Begin uploading...
if ($fileSet == 1)
{
if(empty($_POST['title']) == FALSE && sanityCheck($_POST['title'], 'string', 30) != FALSE)
{
$title = $_POST['title'];
}
else
{
echo("<p>You need to have a title for your first picture!</p><br />");
}
if(empty($_POST['desc']) == FALSE && sanityCheck($_POST['desc'], 'string', 250) != FALSE)
{
$oldDesc = $_POST['desc'];
$desc = escapeshellcmd($oldDesc);
}
else
{
$desc = $_POST['desc'];
}
if ($_POST['imageType'] == "comics")
{
$imgType = "Comic Strip";
$fName = "comics/" . rand() . ".jpg";
$path = "uploads/" . $fName;
}
elseif ($_POST['imageType'] == "pose")
{
$imgType = "Ragdoll Pose";
$fName = "poses/" . rand() . ".jpg";
$path = "uploads/" . $fName;
}
elseif ($_POST['imageType'] == "contraption")
{
$imgType = "Contraption";
$fName = "contraption/" . rand() . ".jpg";
$path = "uploads/" . $fName;
}
elseif ($_POST['imageType'] == "artistic")
{
$imgType = "Artistic";
$fName = "artistic/" . rand() . ".jpg";
$path = "uploads/" . $fName;
}
$file_name = $_FILES['file']['name'];
if(is_uploaded_file($_FILES['file']['tmp_name']))
{
if(move_uploaded_file($_FILES['file']['tmp_name'], $path))
{
echo "<p>Picture 1 successfully uploaded!</p><br />";
}
else
{
echo "<p>There was an error during upload. Please try again.</p><br />";
}
}
$query = sprintf("INSERT INTO images4 (title, filePath, category, description, author, date, time)
VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s')",
mysql_real_escape_string($title),
mysql_real_escape_string($fName),
mysql_real_escape_string($imgType),
mysql_real_escape_string($desc),
mysql_real_escape_string($author),
mysql_real_escape_string($fDate),
mysql_real_escape_string($fTime));
if (!mysql_query($query))
{
echo("<p>Query Failed " . mysql_error() . "</p><br />");
}
else
{
echo("<p>Picture 1 successfully queried!</p><br /><br />");
}
}
mysql_close($link);
?>
Basically the story behind this is that I was working on the gallery page when I realized I should have split up the time and date into two different fields. So I went and made the images4 table, switched all of my code over to the images4 table and went to test out the upload script.
Everything seemed fine, but when I looked at the files on my server, they were all at 0 KB. The files are being uploaded, but are being stripped of ALL their data. When I try to hotlink to them in HTML code, they don't work either, so it's not just my FTP client messing up on me.
I've been looking and looking but I can't find anything in this code that would cause the picture being uploaded to be stripped of ALL of it's data! This script was working perfectly fine before I made the images4 table (when it was on the images3 table)!
Any help or ideas would be very, very much appreciated.
Thanks!
