On Feb 18, 2008 6:56 PM, Chris <dmagick@xxxxxxxxx> wrote:
> Which bit breaks exactly? Nobody's going to read through 200 lines of code..
Normally, you're right.... but today I did just to be a jerk and
prove you wrong. ;-P
> Nasreen Laghari wrote:
> > Hi All,
> >
> > First of all A very big thank you to all of you for solving my Password() encryption problem.
> >
> > Now I'm stuck on new problem which is image not uploading. I'm using the following code.
[snip!]
$allowedImageTypes = array("gif","jpg","png");
if(empty($_FILES['image_file']['tmp_name'])){
echo "File not uploaded";
}
else {
$fileType = $_FILES['file']['name'];
if(in_array(getfileType($fileType), $allowedImageTypes)){
[snip!]
Nasreen,
The above code depends on two things:
a.) The getfiletype() response exactly matches at least one of
the entries in the array $allowedImageTypes
b.) The response and array entry are matched cAsE-sEnSiTiVeLy
If you're uploading an image that was created in Windows Paint,
for example, the extension will be CAPITALIZED (imagename.JPG) by
default. Try using a strtolower() in your getfiletype() function to
see if it clears things up.
>
>
> $query = "INSERT INTO artist (name,about_u,imgdata, profile_url)
> VALUES('$aname','$aboutu','$uploadedImage','$url_provided')";
>
> You have an sql injection problem here. Read up about that on the
> phpsec.org site:
>
> http://phpsec.org/projects/guide/3.html#3.2
>
> and a really good basic guide here:
>
> http://unixwiz.net/techtips/sql-injection.html
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
</Dan>
Daniel P. Brown
Senior Unix Geek
<? while(1) { $me = $mind--; sleep(86400); } ?>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
