08-24-2009, 12:32 PM
|
#5 (permalink)
|
|
The Wanderer
Join Date: Aug 2009
Posts: 11
Thanks: 1
|
I use something like this .. also note I create a thumbnail, and give a random start to the filename.
Nothing fancy but it works .. then you just echo out the image in the database, and store what you like in it ..
In this case I track who uploaded it, what type of file it is, the filename, and the game it belongs to, along with comments on the image itself.
PHP Code:
if (!empty($_FILES['userfile'])) {
$random = rand();
$uploaddir = 'files/';
$type = 'picture';
$comments = mysql_real_escape_string($_POST['comments']);
$uploadfile = $uploaddir . $random.basename($_FILES['userfile']['name']);
$uploadfile = str_replace(" ", "", $uploadfile);
$filename = $random.basename($_FILES['userfile']['name']);
if (move_uploaded_file($_FILES['userfile']['tmp_name'],$uploadfile)) {
$filename = str_replace(" ", "", $filename);
exec("/usr/bin/convert -thumbnail x200 files/$filename /var/www/www/files/thumb-$filename");
mysql_query("INSERT INTO image (filename,type,userid,gameid,comments) VALUES ('$filename','$type','$userid','$gameid','$comments')");
}
} else {
echo "Possible file upload attack!\n";
}
Last edited by jasonberresford : 08-24-2009 at 01:25 PM.
|
|
|
|