-
Notifications
You must be signed in to change notification settings - Fork 0
/
upload.processor.php
115 lines (74 loc) · 3.29 KB
/
upload.processor.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
<?php
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);
$uploadsDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . 'images/';
$uploadForm = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'upload_product.php';
$uploadSuccess = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'upload.success.php';
$fieldname = 'file';
// Now let's deal with the upload
// possible PHP upload errors
$errors = array(1 => 'php.ini max file size exceeded',
2 => 'html form max file size exceeded',
3 => 'file upload was only partial',
4 => 'no file was attached');
// check the upload form was actually submitted else print form
isset($_POST['submit'])
or error('the upload form is neaded', $uploadForm);
// check for standard uploading errors
($_FILES[$fieldname]['error'] == 0)
or error($errors[$_FILES[$fieldname]['error']], $uploadForm);
// check that the file we are working on really was an HTTP upload
@is_uploaded_file($_FILES[$fieldname]['tmp_name'])
or error('not an HTTP upload', $uploadForm);
// validation... since this is an image upload script we
// should run a check to make sure the upload is an image
@getimagesize($_FILES[$fieldname]['tmp_name'])
or error('only image uploads are allowed', $uploadForm);
// make a unique filename for the uploaded file and check it is
// not taken... if it is keep trying until we find a vacant one
$now = time();
while(file_exists($uploadFilename = $uploadsDirectory.$now.'-'.$_FILES[$fieldname]['name']))
{
$now++;
}
@move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadFilename)
or error('receiving directory insuffiecient permission', $uploadForm);
header('Location: ' . $uploadSuccess);
function error($error, $location, $seconds = 5)
{
header("Refresh: $seconds; URL=\"$location\"");
echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"'."\n".
'"http://www.w3.org/TR/html4/strict.dtd">'."\n\n".
'<html lang="en">'."\n".
' <head>'."\n".
' <meta http-equiv="content-type" content="text/html; charset=iso-8859-1">'."\n\n".
' <link rel="stylesheet" type="text/css" href="stylesheet.css">'."\n\n".
' <title>Upload error</title>'."\n\n".
' </head>'."\n\n".
' <body>'."\n\n".
' <div id="Upload">'."\n\n".
' <h1>Upload failure</h1>'."\n\n".
' <p>An error has occured: '."\n\n".
' <span class="red">' . $error . '...</span>'."\n\n".
' The upload form is reloading</p>'."\n\n".
' </div>'."\n\n".
'</html>';
exit;
}
$con=mysqli_connect("localhost","cybermart","calm","php");
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$file1 = $now.'-'.$_FILES[$fieldname]['name'];
$name = mysqli_real_escape_string($con, $_POST['pname']);
$code = mysqli_real_escape_string($con, $_POST['code']);
$desc = mysqli_real_escape_string($con, $_POST['desc']);
$price = mysqli_real_escape_string($con, $_POST['price']);
$sql="INSERT INTO products
(product_code,product_name,product_desc,product_img_name,price)
VALUES ('$code','$name','$desc','$file1','$price')";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
header('Location: thank.html');
mysqli_close($con);
?>