Help getting this upload file scrip around globals being off

  • virose
  • Novice
  • Novice
  • virose
  • Posts: 27
  • Loc: florida

Post 3+ Months Ago

Hi everyone

This script below is a upload a file to database script it works great with globals on.
But if you turn globals off. it dose nothing.

SO i need a work around for this code turn run with globals off.

Thanks in advanced for any help

Here is the code

Code: [ Select ]
 
 
if ($action == "upload") {
  // ok, let's get the uploaded data and insert it into the db now
  include "open_db.inc";
 
  if (isset($binFile) && $binFile != "none") {
    $data = addslashes(fread(fopen($binFile, "r"), filesize($binFile)));
    $strDescription = addslashes(nl2br($txtDescription));
    $sql = "INSERT INTO family_pics ";
    $sql .= "(description, bin_data, filename, filesize, filetype) ";
    $sql .= "VALUES ('$strDescription', '$data', ";
    $sql .= "'$binFile_name', '$binFile_size', '$binFile_type')";
    $result = mysql_query($sql, $db);
    echo "Thank you. The new file was successfully added to our database.<br><br>";
    echo "<a href='main.php'>Continue</a>";
  }
  mysql_close($db);
 
} else {
?>
<HTML>
<BODY>
<FORM METHOD="post" ACTION="add.php" ENCTYPE="multipart/form-data">
<INPUT TYPE="hidden" NAME="MAX_FILE_SIZE" VALUE="2000000">
<INPUT TYPE="hidden" NAME="action" VALUE="upload">
<TABLE BORDER="1">
<TR>
<TD>Description: </TD>
<TD><TEXTAREA NAME="txtDescription" ROWS="10" COLS="50"></TEXTAREA></TD>
</TR>
<TR>
<TD>File: </TD>
<TD><INPUT TYPE="file" NAME="binFile"></TD>
</TR>
<TR>
<TD COLSPAN="2"><INPUT TYPE="submit" VALUE="Upload"></TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
<?php
}
?>
 
 
  1.  
  2.  
  3. if ($action == "upload") {
  4.   // ok, let's get the uploaded data and insert it into the db now
  5.   include "open_db.inc";
  6.  
  7.   if (isset($binFile) && $binFile != "none") {
  8.     $data = addslashes(fread(fopen($binFile, "r"), filesize($binFile)));
  9.     $strDescription = addslashes(nl2br($txtDescription));
  10.     $sql = "INSERT INTO family_pics ";
  11.     $sql .= "(description, bin_data, filename, filesize, filetype) ";
  12.     $sql .= "VALUES ('$strDescription', '$data', ";
  13.     $sql .= "'$binFile_name', '$binFile_size', '$binFile_type')";
  14.     $result = mysql_query($sql, $db);
  15.     echo "Thank you. The new file was successfully added to our database.<br><br>";
  16.     echo "<a href='main.php'>Continue</a>";
  17.   }
  18.   mysql_close($db);
  19.  
  20. } else {
  21. ?>
  22. <HTML>
  23. <BODY>
  24. <FORM METHOD="post" ACTION="add.php" ENCTYPE="multipart/form-data">
  25. <INPUT TYPE="hidden" NAME="MAX_FILE_SIZE" VALUE="2000000">
  26. <INPUT TYPE="hidden" NAME="action" VALUE="upload">
  27. <TABLE BORDER="1">
  28. <TR>
  29. <TD>Description: </TD>
  30. <TD><TEXTAREA NAME="txtDescription" ROWS="10" COLS="50"></TEXTAREA></TD>
  31. </TR>
  32. <TR>
  33. <TD>File: </TD>
  34. <TD><INPUT TYPE="file" NAME="binFile"></TD>
  35. </TR>
  36. <TR>
  37. <TD COLSPAN="2"><INPUT TYPE="submit" VALUE="Upload"></TD>
  38. </TR>
  39. </TABLE>
  40. </FORM>
  41. </BODY>
  42. </HTML>
  43. <?php
  44. }
  45. ?>
  46.  
  47.  
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • dark_lord
  • Graduate
  • Graduate
  • User avatar
  • Posts: 162
  • Loc: India-Kolkata

Post 3+ Months Ago

i guess i told you
change this
Code: [ Select ]
if ($action == "upload") {
// ok, let's get the uploaded data and insert it into the db now
include "open_db.inc";

if (isset($binFile) && $binFile != "none") {
    $data = addslashes(fread(fopen($binFile, "r"), filesize($binFile)));
    $strDescription = addslashes(nl2br($txtDescription));
    $sql = "INSERT INTO family_pics ";
    $sql .= "(description, bin_data, filename, filesize, filetype) ";
    $sql .= "VALUES ('$strDescription', '$data', ";
    $sql .= "'$binFile_name', '$binFile_size', '$binFile_type')";
    $result = mysql_query($sql, $db);
    echo "Thank you. The new file was successfully added to our database.<br><br>";
    echo "<a href='main.php'>Continue</a>";
}
mysql_close($db);

} else {
?>
<HTML>
<BODY>
<FORM METHOD="post" ACTION="add.php" ENCTYPE="multipart/form-data">
<INPUT TYPE="hidden" NAME="MAX_FILE_SIZE" VALUE="2000000">
<INPUT TYPE="hidden" NAME="action" VALUE="upload">
<TABLE BORDER="1">
<TR>
<TD>Description: </TD>
<TD><TEXTAREA NAME="txtDescription" ROWS="10" COLS="50"></TEXTAREA></TD>
</TR>
<TR>
<TD>File: </TD>
<TD><INPUT TYPE="file" NAME="binFile"></TD>
</TR>
<TR>
<TD COLSPAN="2"><INPUT TYPE="submit" VALUE="Upload"></TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
<?php
}
?>
  1. if ($action == "upload") {
  2. // ok, let's get the uploaded data and insert it into the db now
  3. include "open_db.inc";
  4. if (isset($binFile) && $binFile != "none") {
  5.     $data = addslashes(fread(fopen($binFile, "r"), filesize($binFile)));
  6.     $strDescription = addslashes(nl2br($txtDescription));
  7.     $sql = "INSERT INTO family_pics ";
  8.     $sql .= "(description, bin_data, filename, filesize, filetype) ";
  9.     $sql .= "VALUES ('$strDescription', '$data', ";
  10.     $sql .= "'$binFile_name', '$binFile_size', '$binFile_type')";
  11.     $result = mysql_query($sql, $db);
  12.     echo "Thank you. The new file was successfully added to our database.<br><br>";
  13.     echo "<a href='main.php'>Continue</a>";
  14. }
  15. mysql_close($db);
  16. } else {
  17. ?>
  18. <HTML>
  19. <BODY>
  20. <FORM METHOD="post" ACTION="add.php" ENCTYPE="multipart/form-data">
  21. <INPUT TYPE="hidden" NAME="MAX_FILE_SIZE" VALUE="2000000">
  22. <INPUT TYPE="hidden" NAME="action" VALUE="upload">
  23. <TABLE BORDER="1">
  24. <TR>
  25. <TD>Description: </TD>
  26. <TD><TEXTAREA NAME="txtDescription" ROWS="10" COLS="50"></TEXTAREA></TD>
  27. </TR>
  28. <TR>
  29. <TD>File: </TD>
  30. <TD><INPUT TYPE="file" NAME="binFile"></TD>
  31. </TR>
  32. <TR>
  33. <TD COLSPAN="2"><INPUT TYPE="submit" VALUE="Upload"></TD>
  34. </TR>
  35. </TABLE>
  36. </FORM>
  37. </BODY>
  38. </HTML>
  39. <?php
  40. }
  41. ?>

to
Code: [ Select ]
if ($action == "upload") {
// ok, let's get the uploaded data and insert it into the db now
include "open_db.inc";
$binFile = $_FILES['binFile']['name'];
$file_size = $_FILES['binFile']['size'];
$file_temp = $_FILES['binFile']['tmp_name'];
$file_error = $_FILES['binFile']['error'];
if (isset($binFile) && $binFile != "none") {
    $data = addslashes(fread(fopen($file_temp, "r"), $file_size));
    $strDescription = addslashes(nl2br($txtDescription));
    $sql = "INSERT INTO family_pics ";
    $sql .= "(description, bin_data, filename, filesize, filetype) ";
    $sql .= "VALUES ('$strDescription', '$data', ";
    $sql .= "'$binFile_name', '$binFile_size', '$binFile_type')";
    $result = mysql_query($sql, $db);
    echo "Thank you. The new file was successfully added to our database.<br><br>";
    echo "<a href='main.php'>Continue</a>";
}else
echo $file_error;
mysql_close($db);

} else {
?>
<HTML>
<BODY>
<FORM METHOD="post" ACTION="add.php" ENCTYPE="multipart/form-data">
<INPUT TYPE="hidden" NAME="MAX_FILE_SIZE" VALUE="2000000">
<INPUT TYPE="hidden" NAME="action" VALUE="upload">
<TABLE BORDER="1">
<TR>
<TD>Description: </TD>
<TD><TEXTAREA NAME="txtDescription" ROWS="10" COLS="50"></TEXTAREA></TD>
</TR>
<TR>
<TD>File: </TD>
<TD><INPUT TYPE="file" NAME="binFile"></TD>
</TR>
<TR>
<TD COLSPAN="2"><INPUT TYPE="submit" VALUE="Upload"></TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
<?php
}
?>
  1. if ($action == "upload") {
  2. // ok, let's get the uploaded data and insert it into the db now
  3. include "open_db.inc";
  4. $binFile = $_FILES['binFile']['name'];
  5. $file_size = $_FILES['binFile']['size'];
  6. $file_temp = $_FILES['binFile']['tmp_name'];
  7. $file_error = $_FILES['binFile']['error'];
  8. if (isset($binFile) && $binFile != "none") {
  9.     $data = addslashes(fread(fopen($file_temp, "r"), $file_size));
  10.     $strDescription = addslashes(nl2br($txtDescription));
  11.     $sql = "INSERT INTO family_pics ";
  12.     $sql .= "(description, bin_data, filename, filesize, filetype) ";
  13.     $sql .= "VALUES ('$strDescription', '$data', ";
  14.     $sql .= "'$binFile_name', '$binFile_size', '$binFile_type')";
  15.     $result = mysql_query($sql, $db);
  16.     echo "Thank you. The new file was successfully added to our database.<br><br>";
  17.     echo "<a href='main.php'>Continue</a>";
  18. }else
  19. echo $file_error;
  20. mysql_close($db);
  21. } else {
  22. ?>
  23. <HTML>
  24. <BODY>
  25. <FORM METHOD="post" ACTION="add.php" ENCTYPE="multipart/form-data">
  26. <INPUT TYPE="hidden" NAME="MAX_FILE_SIZE" VALUE="2000000">
  27. <INPUT TYPE="hidden" NAME="action" VALUE="upload">
  28. <TABLE BORDER="1">
  29. <TR>
  30. <TD>Description: </TD>
  31. <TD><TEXTAREA NAME="txtDescription" ROWS="10" COLS="50"></TEXTAREA></TD>
  32. </TR>
  33. <TR>
  34. <TD>File: </TD>
  35. <TD><INPUT TYPE="file" NAME="binFile"></TD>
  36. </TR>
  37. <TR>
  38. <TD COLSPAN="2"><INPUT TYPE="submit" VALUE="Upload"></TD>
  39. </TR>
  40. </TABLE>
  41. </FORM>
  42. </BODY>
  43. </HTML>
  44. <?php
  45. }
  46. ?>
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

Is this any help ?

It's for magic_quotes, but I figure the concept might carry over to register_globals.

Post Information

  • Total Posts in this topic: 3 posts
  • Users browsing this forum: No registered users and 125 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.