Hi i found this uploadscript works well seeemingly a string is inserted together with the image into a table a blob is holding the image.
but no real binary post is made.
This is probably due to the fact that mysql searches for the temp dit at c:/wint/temp while my host is configured c:/temp
The script searches at c:/wint/temp by default as it seems how do alter that variable or something?
anyone any idea?
here\'s the script loading the image in the db:
<?php
include \'db.inc\';
if (empty($short) || empty($userfile))
{
?>
<!DOCTYPE HTML PUBLIC
\"-//W3C//DTD HTML 4.0 Transitional//EN\"
\"http://www.w3.org/TR/html4/loose.dtd\">
<head>
<title>Upload an Image File</title>
</head>
<body bgcolor=\"white\">
<form method=\"post\" action=\"insert.php\" enctype=\"multipart/form-data\">
<h1>Upload an Image File</h1>
<h3>Please fill in the details below to upload your file.
Fields shown in <font color=\"red\">red</font> are mandatory.</h3>
<table>
<col span=\"1\" align=\"right\">
<tr>
<td><font color=\"red\">Short description:</font></td>
<td><input type=\"text\" name=\"short\" size=50></td>
</tr>
<tr>
<td><font color=\"red\">File:</font></td>
<td><input name=\"userfile\" type=\"file\"></td>
</tr>
<tr>
<td><input type=\"submit\" value=\"Submit\"></td>
</tr>
</table>
<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"30000\">
</form>
<h3>Click <a href=\"index.php\">here</a> to browse the images instead.</h3>
</body>
<?php
}
else
{
$short = clean($short, 50);
$userfile = clean($userfile, 50);
if (!($connection = @ mysql_pconnect($hostName, $username, $password))) showerror();
if (!mysql_select_db($database, $connection)) showerror();
// Was a file uploaded?
if (is_uploaded_file($userfile))
{
switch ($userfile_type)
{
case \"image/gif\";
$mimeName = \"GIF Image\";
break;
case \"image/jpeg\";
$mimeName = \"JPEG Image\";
break;
case \"image/png\";
$mimeName = \"PNG Image\";
break;
case \"image/x-MS-bmp\";
$mimeName = \"Windows Bitmap\";
break;
default:
$mimeName = \"Unknown image type\";
}
// Open the uploaded file
$file = fopen($userfile, \"r\");
// Read in the uploaded file
$fileContents = fread($file, filesize($userfile));
// Escape special characters in the file
$fileContents = AddSlashes($fileContents);
}
else
$fileContents = NULL;
$insertQuery = \"INSERT INTO files VALUES (NULL, \\\"{$short}\\\",
if ((@ mysql_query ($insertQuery, $connection))
&& @ mysql_affected_rows() == 1)
header(\"Location: receipt.php?status=T&file=\"
. mysql_insert_id($connection));
else
header(\"Location: receipt.php?status=F&file=\"
. mysql_insert_id($connection));
} // if else empty()
?>
and the include:
<?php
// These are the DBMS credentials
$hostName = \"myhost\";
$username = \"myuser\";
$password = \"mypass\";
$database = \"mydatabase\";
// Show an error and stop the script
function showerror()
{
if (mysql_error())
die(\"Error \" . mysql_errno() . \" : \" . mysql_error());
else
die(\"Could not connect to the DBMS\");
}
// Secure the user data by escaping characters
// and shortening the input string
function clean($input, $maxlength)
{
$input = substr($input, 0, $maxlength);
$input = EscapeShellCmd($input);
return ($input);
} \\"{$userfile_type}\\", \\"{$mimeName}\\", \\"{$fileContents}\\")\";
?>
this is the view script
<?php
include \'db.inc\';
$file = clean($file, 4);
if (empty($file))
exit;
if (!($connection = @ mysql_pconnect($hostName,
$username,
$password)))
showerror();
if (!mysql_select_db($database, $connection))
showerror();
$query = \"SELECT mimeType, fileContents FROM files WHERE id = $file\";
if (!($result = @ mysql_query ($query,$connection)))
showerror();
$data = @ mysql_fetch_array($result);
if (!empty($data[\"fileContents\"]))
{
// Output the MIME header
header(\"Content-Type: {$data[\"mimeType\"]}\");
// Output the image
echo $data[\"fileContents\"];
}
?>
all this stuff comes from the o\'reiley site
