Back To Programming / Scripting / Coding Forum

Help getting this upload file scrip around globals being off

  • virose
  • Novice
  • Novice
  • No Avatar
  • Joined: Jul 20, 2005
  • Posts: 27
  • Loc: florida
  • Status: Offline

Post May 15th, 2009, 11:26 am

Hi everyone

This script below is a upload a file to database script it works great with globals on.
But if you turn globals off. it dose nothing.

SO i need a work around for this code turn run with globals off.

Thanks in advanced for any help

Here is the code

Code: [ Select ]
 
 
if ($action == "upload") {
  // ok, let's get the uploaded data and insert it into the db now
  include "open_db.inc";
 
  if (isset($binFile) && $binFile != "none") {
    $data = addslashes(fread(fopen($binFile, "r"), filesize($binFile)));
    $strDescription = addslashes(nl2br($txtDescription));
    $sql = "INSERT INTO family_pics ";
    $sql .= "(description, bin_data, filename, filesize, filetype) ";
    $sql .= "VALUES ('$strDescription', '$data', ";
    $sql .= "'$binFile_name', '$binFile_size', '$binFile_type')";
    $result = mysql_query($sql, $db);
    echo "Thank you. The new file was successfully added to our database.<br><br>";
    echo "<a href='main.php'>Continue</a>";
  }
  mysql_close($db);
 
} else {
?>
<HTML>
<BODY>
<FORM METHOD="post" ACTION="add.php" ENCTYPE="multipart/form-data">
<INPUT TYPE="hidden" NAME="MAX_FILE_SIZE" VALUE="2000000">
<INPUT TYPE="hidden" NAME="action" VALUE="upload">
<TABLE BORDER="1">
<TR>
<TD>Description: </TD>
<TD><TEXTAREA NAME="txtDescription" ROWS="10" COLS="50"></TEXTAREA></TD>
</TR>
<TR>
<TD>File: </TD>
<TD><INPUT TYPE="file" NAME="binFile"></TD>
</TR>
<TR>
<TD COLSPAN="2"><INPUT TYPE="submit" VALUE="Upload"></TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
<?php
}
?>
 
 
  1.  
  2.  
  3. if ($action == "upload") {
  4.   // ok, let's get the uploaded data and insert it into the db now
  5.   include "open_db.inc";
  6.  
  7.   if (isset($binFile) && $binFile != "none") {
  8.     $data = addslashes(fread(fopen($binFile, "r"), filesize($binFile)));
  9.     $strDescription = addslashes(nl2br($txtDescription));
  10.     $sql = "INSERT INTO family_pics ";
  11.     $sql .= "(description, bin_data, filename, filesize, filetype) ";
  12.     $sql .= "VALUES ('$strDescription', '$data', ";
  13.     $sql .= "'$binFile_name', '$binFile_size', '$binFile_type')";
  14.     $result = mysql_query($sql, $db);
  15.     echo "Thank you. The new file was successfully added to our database.<br><br>";
  16.     echo "<a href='main.php'>Continue</a>";
  17.   }
  18.   mysql_close($db);
  19.  
  20. } else {
  21. ?>
  22. <HTML>
  23. <BODY>
  24. <FORM METHOD="post" ACTION="add.php" ENCTYPE="multipart/form-data">
  25. <INPUT TYPE="hidden" NAME="MAX_FILE_SIZE" VALUE="2000000">
  26. <INPUT TYPE="hidden" NAME="action" VALUE="upload">
  27. <TABLE BORDER="1">
  28. <TR>
  29. <TD>Description: </TD>
  30. <TD><TEXTAREA NAME="txtDescription" ROWS="10" COLS="50"></TEXTAREA></TD>
  31. </TR>
  32. <TR>
  33. <TD>File: </TD>
  34. <TD><INPUT TYPE="file" NAME="binFile"></TD>
  35. </TR>
  36. <TR>
  37. <TD COLSPAN="2"><INPUT TYPE="submit" VALUE="Upload"></TD>
  38. </TR>
  39. </TABLE>
  40. </FORM>
  41. </BODY>
  42. </HTML>
  43. <?php
  44. }
  45. ?>
  46.  
  47.  
  • Anonymous
  • Bot
  • No Avatar
  • Joined: 25 Feb 2008
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post May 15th, 2009, 11:26 am

  • dark_lord
  • Graduate
  • Graduate
  • User avatar
  • Joined: Jan 14, 2009
  • Posts: 162
  • Loc: India-Kolkata
  • Status: Offline

Post May 16th, 2009, 10:25 am

i guess i told you
change this
Code: [ Select ]
if ($action == "upload") {
// ok, let's get the uploaded data and insert it into the db now
include "open_db.inc";

if (isset($binFile) && $binFile != "none") {
    $data = addslashes(fread(fopen($binFile, "r"), filesize($binFile)));
    $strDescription = addslashes(nl2br($txtDescription));
    $sql = "INSERT INTO family_pics ";
    $sql .= "(description, bin_data, filename, filesize, filetype) ";
    $sql .= "VALUES ('$strDescription', '$data', ";
    $sql .= "'$binFile_name', '$binFile_size', '$binFile_type')";
    $result = mysql_query($sql, $db);
    echo "Thank you. The new file was successfully added to our database.<br><br>";
    echo "<a href='main.php'>Continue</a>";
}
mysql_close($db);

} else {
?>
<HTML>
<BODY>
<FORM METHOD="post" ACTION="add.php" ENCTYPE="multipart/form-data">
<INPUT TYPE="hidden" NAME="MAX_FILE_SIZE" VALUE="2000000">
<INPUT TYPE="hidden" NAME="action" VALUE="upload">
<TABLE BORDER="1">
<TR>
<TD>Description: </TD>
<TD><TEXTAREA NAME="txtDescription" ROWS="10" COLS="50"></TEXTAREA></TD>
</TR>
<TR>
<TD>File: </TD>
<TD><INPUT TYPE="file" NAME="binFile"></TD>
</TR>
<TR>
<TD COLSPAN="2"><INPUT TYPE="submit" VALUE="Upload"></TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
<?php
}
?>
  1. if ($action == "upload") {
  2. // ok, let's get the uploaded data and insert it into the db now
  3. include "open_db.inc";
  5. if (isset($binFile) && $binFile != "none") {
  6.     $data = addslashes(fread(fopen($binFile, "r"), filesize($binFile)));
  7.     $strDescription = addslashes(nl2br($txtDescription));
  8.     $sql = "INSERT INTO family_pics ";
  9.     $sql .= "(description, bin_data, filename, filesize, filetype) ";
  10.     $sql .= "VALUES ('$strDescription', '$data', ";
  11.     $sql .= "'$binFile_name', '$binFile_size', '$binFile_type')";
  12.     $result = mysql_query($sql, $db);
  13.     echo "Thank you. The new file was successfully added to our database.<br><br>";
  14.     echo "<a href='main.php'>Continue</a>";
  15. }
  16. mysql_close($db);
  18. } else {
  19. ?>
  20. <HTML>
  21. <BODY>
  22. <FORM METHOD="post" ACTION="add.php" ENCTYPE="multipart/form-data">
  23. <INPUT TYPE="hidden" NAME="MAX_FILE_SIZE" VALUE="2000000">
  24. <INPUT TYPE="hidden" NAME="action" VALUE="upload">
  25. <TABLE BORDER="1">
  26. <TR>
  27. <TD>Description: </TD>
  28. <TD><TEXTAREA NAME="txtDescription" ROWS="10" COLS="50"></TEXTAREA></TD>
  29. </TR>
  30. <TR>
  31. <TD>File: </TD>
  32. <TD><INPUT TYPE="file" NAME="binFile"></TD>
  33. </TR>
  34. <TR>
  35. <TD COLSPAN="2"><INPUT TYPE="submit" VALUE="Upload"></TD>
  36. </TR>
  37. </TABLE>
  38. </FORM>
  39. </BODY>
  40. </HTML>
  41. <?php
  42. }
  43. ?>

to
Code: [ Select ]
if ($action == "upload") {
// ok, let's get the uploaded data and insert it into the db now
include "open_db.inc";
$binFile = $_FILES['binFile']['name'];
$file_size = $_FILES['binFile']['size'];
$file_temp = $_FILES['binFile']['tmp_name'];
$file_error = $_FILES['binFile']['error'];
if (isset($binFile) && $binFile != "none") {
    $data = addslashes(fread(fopen($file_temp, "r"), $file_size));
    $strDescription = addslashes(nl2br($txtDescription));
    $sql = "INSERT INTO family_pics ";
    $sql .= "(description, bin_data, filename, filesize, filetype) ";
    $sql .= "VALUES ('$strDescription', '$data', ";
    $sql .= "'$binFile_name', '$binFile_size', '$binFile_type')";
    $result = mysql_query($sql, $db);
    echo "Thank you. The new file was successfully added to our database.<br><br>";
    echo "<a href='main.php'>Continue</a>";
}else
echo $file_error;
mysql_close($db);

} else {
?>
<HTML>
<BODY>
<FORM METHOD="post" ACTION="add.php" ENCTYPE="multipart/form-data">
<INPUT TYPE="hidden" NAME="MAX_FILE_SIZE" VALUE="2000000">
<INPUT TYPE="hidden" NAME="action" VALUE="upload">
<TABLE BORDER="1">
<TR>
<TD>Description: </TD>
<TD><TEXTAREA NAME="txtDescription" ROWS="10" COLS="50"></TEXTAREA></TD>
</TR>
<TR>
<TD>File: </TD>
<TD><INPUT TYPE="file" NAME="binFile"></TD>
</TR>
<TR>
<TD COLSPAN="2"><INPUT TYPE="submit" VALUE="Upload"></TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
<?php
}
?>
  1. if ($action == "upload") {
  2. // ok, let's get the uploaded data and insert it into the db now
  3. include "open_db.inc";
  4. $binFile = $_FILES['binFile']['name'];
  5. $file_size = $_FILES['binFile']['size'];
  6. $file_temp = $_FILES['binFile']['tmp_name'];
  7. $file_error = $_FILES['binFile']['error'];
  8. if (isset($binFile) && $binFile != "none") {
  9.     $data = addslashes(fread(fopen($file_temp, "r"), $file_size));
  10.     $strDescription = addslashes(nl2br($txtDescription));
  11.     $sql = "INSERT INTO family_pics ";
  12.     $sql .= "(description, bin_data, filename, filesize, filetype) ";
  13.     $sql .= "VALUES ('$strDescription', '$data', ";
  14.     $sql .= "'$binFile_name', '$binFile_size', '$binFile_type')";
  15.     $result = mysql_query($sql, $db);
  16.     echo "Thank you. The new file was successfully added to our database.<br><br>";
  17.     echo "<a href='main.php'>Continue</a>";
  18. }else
  19. echo $file_error;
  20. mysql_close($db);
  22. } else {
  23. ?>
  24. <HTML>
  25. <BODY>
  26. <FORM METHOD="post" ACTION="add.php" ENCTYPE="multipart/form-data">
  27. <INPUT TYPE="hidden" NAME="MAX_FILE_SIZE" VALUE="2000000">
  28. <INPUT TYPE="hidden" NAME="action" VALUE="upload">
  29. <TABLE BORDER="1">
  30. <TR>
  31. <TD>Description: </TD>
  32. <TD><TEXTAREA NAME="txtDescription" ROWS="10" COLS="50"></TEXTAREA></TD>
  33. </TR>
  34. <TR>
  35. <TD>File: </TD>
  36. <TD><INPUT TYPE="file" NAME="binFile"></TD>
  37. </TR>
  38. <TR>
  39. <TD COLSPAN="2"><INPUT TYPE="submit" VALUE="Upload"></TD>
  40. </TR>
  41. </TABLE>
  42. </FORM>
  43. </BODY>
  44. </HTML>
  45. <?php
  46. }
  47. ?>
Wrap Up your Big Url | Mariana World Community
  • joebert
  • Sledgehammer
  • Genius
  • No Avatar
  • Joined: Feb 10, 2004
  • Posts: 13455
  • Loc: Florida
  • Status: Offline

Post May 16th, 2009, 10:31 am

Is this any help ?

It's for magic_quotes, but I figure the concept might carry over to register_globals.
Strong with this one, the sudo is.

Page 1 of 1

Post Information

  • Total Posts in this topic: 3 posts
  • Users browsing this forum: No registered users and 172 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 2011 Unmelted, LLC. Ozzu® is a registered trademark of Unmelted, LLC.