[PHP-DEV] Unable to upload images into Mysql using Php3 ? From: Absm (abbs <email protected>)
Date: 01/07/00

abbs <email protected>

The following html form uses the php script below and is able to insert the
text and filename into Mysql successfully. The problem is trying to upload
the corresponding image for the given path on the server ????
Also, once an image is chosen by browsing on a local pc ready for uploading,
the full path to the image gets inserted into Mysql rather than just the
file name???

Where can good scripts be found for uploading direct from a pc into Mysql???
and forms and scripts to carry out searches on Mysql from a web page ???

Does the above script have possible security problems or are there ways to
control such issues or are there better ones available???

Which is the best version of Php that should be used in terms of least bugs
and its stability???

Can someone please help.

thanks
absm.
abbs <email protected>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
 <title>Untitled</title>
</head>

<body>
<CENTER>Would you like more information about our company?
<P>

<TABLE WIDTH = 400><TR><TD align = right>

<FORM ACTION="email.php3" METHOD="POST">

Year:<BR>
<INPUT TYPE="text" NAME="year" SIZE="20" MAXLENGTH="30">
<P>
Make:<BR>
<INPUT TYPE="text" NAME="make" SIZE="20" MAXLENGTH="30">
<P>
model<br>
<input type="Text" name="model" size="25">
<br>
price<br>
<input type="Text" name="price" size="25">
<br>
picture<br>
<input type="File" name="picture_name" size="25">
<br><br>
<input type="submit" name="submit" value="Upload">
</FORM>

</TD></TR></TABLE></CENTER>
</body>
</html>

<?/* this script will handle the variables passed from the moreinfo.html
file */
/* declare some relevant variables */
$hostname = "localhost";
$username = "";
$password = "";
$dbName = "";

/* MySQL table created to store the data */
$userstable = "";

/* the site administrator's email address */
$adminaddress = "abbs <email protected>";

/* make connection to database */
MYSQL_CONNECT($hostname,$username,$password) OR DIE("Unable to connect to
database");

 <email protected>("$dbName") or die("Unable to select database");

PRINT "<CENTER>";
PRINT "Hello, $name.";
PRINT "<BR><BR>";
PRINT "Thank you for your interest.<BR><BR>";
PRINT "We will send information to $email, and have noted that you like
$preference";
PRINT "</CENTER><BR><BR>";

/* Send relevant emails */
mail("$email", "Your request for information",
"$name\nThank you for your interest!\n
We sell fresh corn daily over the Internet!
Place your order at http://www.,
and receive a free package of $preference!");

mail("$adminaddress",
"Visitor request for info.",
"$name requested for information.\n

The email address is $email. \n The visitor prefers $preference.");

/* Insert information into table */
$query = "INSERT INTO $userstable
VALUES('$year','$make','$model','$price','$picture_name')";
exec( "cp $picture_name //HostCompany/home/Sitename/www/picture_name");
$result = MYSQL_QUERY($query);

echo "year: $year<br>\n";
echo "make: $make<br>\n";
echo "model: $model<br>\n";
echo "price: $price<br>\n";
echo "temp file: $picture<br>\n";
echo "file name: $picture_name<br>\n";
echo "file size: $picture_size<br>\n";
echo "file type: $picture_type<br>\n";
echo "<br>\n";
/*echo "<img src="$picture_name/" border=0 alt=""><br>\n";

PRINT "Your information has also been inserted into our database, for future
reference.";
/* Close the database connection */
MYSQL_CLOSE();
?> 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>