Uploading to a Database 2

[sariejayne]

Hi,

I just went through the tutorial on this thread for uploading pictures to a database. I have everything in place and when I upload a picture I get the error message:

Parse error: syntax error, unexpected ';' in /home/sariejay/public_html/terrabambino/productpages/upload.php on line 19

Any ideas?

Thanks!

[Redcore]

Post your code - there's probably just an extra ';' or maybe it's in the wrong place on line 19.

[sariejayne]

<?php
// if something was posted, start the process...
if(isset($_POST['upload']))
{

// define the posted file into variables
$name = $_FILES['picture']['name'];
$tmp_name = $_FILES['picture']['tmp_name'];
$type = $_FILES['picture']['type'];
$size = $_FILES['picture']['size'];

// get the width & height of the file (we don't need the other stuff)
list($width, $height, $typeb, $attr) = getimagesize($tmp_name);

// if width is over 600 px or height is over 500 px, kill it
if($width>600 || $height>500)
{
echo $name . "'s dimensions exceed the 600x500 pixel limit.";
echo ?> <a href="form.html">Click here</a> to try again. <? ;
die();
}

// if the mime type is anything other than what we specify below, kill it
if(!(
$type=='image/jpeg' ||
$type=='image/png' ||
$type=='image/gif'
)) {
echo $type . " is not an acceptable format.";
echo ?> <a href="form.html">Click here</a> to try again. <? ;
die();
}

// if the file size is larger than 350 KB, kill it
if($size>'350000') {
echo $name . " is over 350KB. Please make it smaller.";
echo ?> <a href="form.html">Click here</a> to try again. <? ;
die();
}




// if your server has magic quotes turned off, add slashes manually
if(!get_magic_quotes_gpc()){
$name = addslashes($name);
}

// open up the file and extract the data/content from it
$extract = fopen($tmp_name, 'r');
$content = fread($extract, $size);
$content = addslashes($content);
fclose($extract);





// if your server has magic quotes turned off, add slashes manually
if(!get_magic_quotes_gpc()){
$name = addslashes($name);
}

// open up the file and extract the data/content from it
$extract = fopen($tmp_name, 'r');
$content = fread($extract, $size);
$content = addslashes($content);
fclose($extract);


// connect to the database
include "connect.php";

// the query that will add this to the database
$addfile = "INSERT INTO files (name, size, type, content ) ".
"VALUES ('$name', '$size', '$type', '$content')";

mysql_query($addfile) or die(mysql_error());

// get the last inserted ID if we're going to display this image next
$inserted_fid = mysql_insert_id();

mysql_close();




// display the image
?>
<div align="center">
<strong><? echo $name; ?><br>
</strong><img name="<? echo $name; ?>" src="getpicture.php?fid=<? echo $inserted_fid; ?>" alt="Unable to view image #<? echo $inserted_fid; ?>">
<br>
<a href="form.html">upload more images</a>
</div>
<?
// we still have to close the original IF statement. If there was nothing posted, kill the page.
}else{die("No uploaded file present");
}
?>

[Redcore]

Ugh. Yeah, this is a PHP5 issue. That's just ugly code that needs to be fixed (I petitioned to be able to change it a long time ago, but never heard back). Any time you echo HTML code outside of PHP, it's not welcomed in PHP5.

So instead of this:

PHP Code:

echo ?> <a href="form.html">Click here</a> to try again. <? ;

It needs to be like this:

PHP Code:

echo "<a href='form.html'>Click here</a> to try again."; 


There are other pieces of the code that need this update too (it'll be the same error). Maybe I'll just remake the thread and be more thorough with some added database security stuff (preventing SQL injection etc) since some have asked for it...I just hate to lose the page views and the confusion of having two separate threads on the same subject.

[sariejayne]

To Chumstar: it's for my business and there are hundreds of product pics and it better to be able to pull the pic from a database.

Thank you, Redcore. Sorry to be so much trouble :) I'll look through the code and try to fix as much as I can. I know a little PHP but probably only enough to be dangerous with it. LOL

[Redcore]

No trouble at all - it's my fault that the problem is there, really - so my apologies. Let me know if you need anything else. Make sure to sanitize the variables with mysql_real_escape_string so people can't hack your site/database.

[sariejayne]

It just went through and cleaned it up but it's still not working. I guess now is the time to throw in the towel. I'll look for some more code :(

[Redcore]

Well, I can't exactly fix code with that kind of vague comment.

Whatever you do, since you said you're pretty new to this and don't quite know how to troubleshoot (as you said, you threw in the towel pretty quickly) you really should post your code here when you're finally done so some of us can make sure your code isn't going to get hacked. A great deal of sample code out there is not optimized for security because they're published with the assumption that you know what you're doing and that you already know how to secure your applications. :)