07-11-2008, 01:27 PM
|
#6 (permalink)
|
|
The Acquainted
Join Date: Oct 2007
Location: Newcastle, UK
Posts: 113
Thanks: 3
|
What he means is it will work at the minute but it is not secure at all.
I would upload the image and then insert the data into the database. Provided you get all the information from the one form, this should work:
PHP Code:
<?php
session_start();
$link = mysql_connect('localhost', 'root', '');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
$dbselect = mysql_select_db('anand')or die("Can not select ");
if(!$dbselect){
die('Could not connect: ' . mysql_error());
}
if($_REQUEST["Check"] == 1)
{
// Configuration - Your Options
$allowed_filetypes = array('.jpg','.gif','.bmp','.png'); // These will be the types of file that will pass the validation.
$max_filesize = 524288; // Maximum filesize in BYTES (currently 0.5MB).
$upload_path = './files/'; // The place the files will be uploaded to (currently a 'files' directory).
$filename = $_FILES['userfile']['name']; // Get the name of the file (including file extension).
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.
// Check if the filetype is allowed, if not DIE and inform the user.
if(!in_array($ext,$allowed_filetypes))
die('The file you attempted to upload is not allowed.');
// Now check the filesize, if it is too large then DIE and inform the user.
if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize)
die('The file you attempted to upload is too large.');
// Check if we can upload to the specified path, if not DIE and inform the user.
if(!is_writable($upload_path))
die('You cannot upload to the specified directory, please CHMOD it to 777.');
// Upload the file to your specified path.
if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_path . $filename))
$companyname = $_POST["companyname"];
$email = $_POST["email"];
$password = $_POST["password"];
$confirmpassword = $_POST["confirmpassword"];
$landlineareacode = $_POST["landlinearecode"];
$landline = $_POST["landline"];
$mobile = $_POST["mobile"];
$contact1 = $_POST["contact1"];
$contact2 = $_POST["contact2"];
$contact3 = $_POST["contact3"];
$contactpin = $_POST["contactpin"];
$corporate1 = $_POST["corporate1"];
$corporate2 = $_POST["corporate2"];
$corporate3 = $_POST["corporate3"];
$corporatepin = $_POST["corporatepin"];
$turnover = $_POST["turnover"];
$help1 = $_POST["help1"];
$help2 = $_POST["help2"];
$help3 = $_POST["help3"];
$profile = $_POST["profile"];
$upload_profile = $_POST["upload_profile"];
$query = "insert into employerstep1(companyname,email,password,confirmpa ssword,landlineareacode,landline,mobile,contact1,c ontact2,contact3,contactpin,corporate1,corporate2, corporate3,corporatepin,turnover,help1,help2,help3 ,profile,upload_profile) values('$companyname','$email','$password','$confi rmpassword','$landlineareacode','$landline','$mobi le','$contact1','$contact2','$contact3','$contactp in','$corporate1','$corporate2','$corporate3','$co rporatepin','$turnover','$help1','$help2','$help3' ,'$profile','$upload_profile')";
$result = mysql_query($query);
mysql_close($link);
else
echo 'There was an error during the file upload. Please try again.'; // It failed Sad.
}
?>
Now I dont have tmie to test this or anything but the basic idea is to insert the form data into the db where you tell the user their file was uploaded correctly.
You should really look at fixing the security holes in your script first though. |
|
|