what is the problem in my code

i came again

i have to problem this filter not working as well : when i use ahmed!@hotmail.com he save the same in database without filter any thing

images didn't uploaded


<?php

class mysql{
	
	private $localhost="***";
	private $db_users="**";
	private $db_password="***";
	private $db_name="***";

	function __construct(){
		
	mysql_connect($this->localhost,$this->db_users,$this->db_password);
	mysql_select_db($this->db_name);
	
	}
	
	function sql(){
		
		if ($_POST['submit'] && !empty($_FILES)){
			
				
			$user_name=$_POST['us_name'];
			$password=$_POST['password'];
			$retype=$_POST['retype'];
			$co_name=$_POST['co_name'];
			$co_email=$_POST['co_email'];
			$co_mobile=$_POST['co_mobile'];
			$country_code=$_POST['country_code'];
			$city=$_POST['city'];
			$Designation=$_POST['Designation'];
			$co_web=$_POST['co_web'];
			$co_Landline=$_POST['co_Landline'];
			$CompanyType=$_POST['CompanyType'];
			$no_of_employees=$_POST['no_of_employees'];
			$Address=$_POST['Address'];
			$IATA=$_POST['IATA'];
			$TAAI=$_POST['TAAI'];
			$TAFI=$_POST['TAFI'];
			$IATO=$_POST['IATO'];
			$ADTOI=$_POST['ADTOI'];
			$ASTA=$_POST['ASTA'];
			$PATA=$_POST['PATA'];
			$OTOAI=$_POST['OTOAI'];
			
			if (empty($user_name) && empty($co_name) && empty($co_email) && empty($co_mobile)){
				
				echo "<script type='text/javascript'> alert('please insert data to proceed')</script>";
			}
			else{
				
					if ($password==$retype){
											
						/// validate vars
									
						$filter_user_name=filter_var($user_name, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
						$filter_password=filter_var($password, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
						$filter_co_name=filter_var($co_name, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
						$filter_co_email=filter_var($co_email, FILTER_SANITIZE_EMAIL, FILTER_FLAG_STRIP_HIGH);
						$co_mobile=filter_var($co_mobile, FILTER_SANITIZE_NUMBER_INT);
						$country_code=$_POST['country_code'];
						$filter_city=filter_var($city, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
						$filter_Designation=filter_var($Designation, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
						$co_web=$_POST['co_web'];
						$co_Landline=$_POST['co_Landline'];
						$CompanyType=$_POST['CompanyType'];
						$no_of_employees=$_POST['no_of_employees'];
						$filter_Address=filter_var($Address, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
						$IATA=$_POST['IATA'];
						$TAAI=$_POST['TAAI'];
						$TAFI=$_POST['TAFI'];
						$IATO=$_POST['IATO'];
						$ADTOI=$_POST['ADTOI'];
						$ASTA=$_POST['ASTA'];
						$PATA=$_POST['PATA'];
						$OTOAI=$_POST['OTOAI'];			
						
						// file vars
	
						$path=$_FILES['upload']['tmp_name'];
						$name=$_FILES['upload']['name'];
						$size=$_FILES['upload']['size'];
						$type=$_FILES['upload']['type'];
						$error=$_FILES['upload']['error'];
						
						if(is_uploaded_file($path)){
							if(in_array($type,array('image/png','image/x-png','image/jpeg','image/gif'))){
								if(filesize($path) > 800000){
									$content=file_get_contents($path);
									$safeimage=mysql_real_escape_string($content);
								
									$sqlimage="insert into images(name,size,type,content) values ('$name','$size','$type','$safeimage')";
								
									$queryimage=mysql_query($sqlimage);
								}
							}
						}
						
							/// save all in database.
						$sql="INSERT INTO users(user_name,password,co_name,co_email,co_mobile,country_code,city,Designation,co_web,co_Landline,CompanyType,no_of_employees,Address,IATA,TAAI,TAFI,IATO,ADTOI,ASTA,PATA,OTOAI) VALUES('$filter_user_name','$filter_password','$filter_co_name','$co_email','$co_mobile','$country_code','$filter_city','$filter_Designation','$co_web','$co_Landline','$CompanyType','$no_of_employees','$filter_Address','$IATA','$TAAI','$TAFI','$IATO','$ADTOI','$ASTA','$PATA','$OTOAI')";
															
						$result=mysql_query($sql);
							if (!$result) {
									echo "<script type='text/javascript'> alert('Query: {$sql} failed with ' . mysql_error($connect)')</script>";
							}
							else {								
									echo "<script type='text/javascript'>alert('saved successfully...')</script>";
							}
					}
			}
		}
	}	
}	
$use=new mysql;
$use->sql();

?>

Open in new window


				<form action="<?php echo $PHP_SELF; ?>" method="post" enctype="multipart/form-data">

Open in new window


<div class="row">
						<div class="col-lg-4"><label>Upload Company Logo<span style="color:#900">*</span> :<br><br></label></div>
						<div class="col-lg-8">
                        <input type="hidden" name="MAX_FILE_SIZE" value="800000" />
                        <input class="form-control" type="file" name="upload"><span style="color:red;">Optional</span></div>
					</div>

Open in new window

AHMED SAMYownerAsked:
Who is Participating?
 
NerdsOfTechTechnology ScientistCommented:
First, you didn't invoke move_uploaded_file() to actually upload the image to the server.

Also, the script is attempting to upload the temp image into the same directory as the script.

In this case, the permissions for the folder is likely set differently than needed for the upload to proceed.

I recommend creating a target directory for the temp file such as 'uploads/' then CHMOD'ing to 775 to appropriately allow for upload.

Also 800000 might sound big but it is only roughly 800KB (781.25KB). You probably want it to be higher, for instance, 10485760 (10MB).

if(filesize($path) > 10485760){
    ...
}

Open in new window


Next is the logic error of allowing the script to proceed with the database entry even when there is an error with the file. The control flow should only be allowed to continue if no errors are encountered. I'll try to post additional recommendations.
0
 
Chris StanyonCommented:
Hi Ahmed,

In your form you're setting the MAX size to 800000 and then in your code you have this:

if(filesize($path) > 800000){
    ...
}

Open in new window

So the image will only get inserted into the database if the size is GREATER that 800000!
0
 
AHMED SAMYownerAuthor Commented:
the same still not uploading
0
 
Chris StanyonCommented:
OK. Time to add in some debugging info. I would suggest you turn on error reporting and then start to echo out some message to see the flow of your code. Take a look at this for an idea of what I mean:

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);

class mysql{
    
    private $localhost="***";
    private $db_users="**";
    private $db_password="***";
    private $db_name="***";

    function __construct()
    {
        mysql_connect($this->localhost,$this->db_users,$this->db_password);
        mysql_select_db($this->db_name);
    }
    
    function sql()
    {
        if ($_POST['submit'] && !empty($_FILES))
        {
            echo "We have some form data" . PHP_EOL;

            $user_name=$_POST['us_name'];
            $password=$_POST['password'];
            $retype=$_POST['retype'];
            $co_name=$_POST['co_name'];
            $co_email=$_POST['co_email'];
            $co_mobile=$_POST['co_mobile'];
            $country_code=$_POST['country_code'];
            $city=$_POST['city'];
            $Designation=$_POST['Designation'];
            $co_web=$_POST['co_web'];
            $co_Landline=$_POST['co_Landline'];
            $CompanyType=$_POST['CompanyType'];
            $no_of_employees=$_POST['no_of_employees'];
            $Address=$_POST['Address'];
            $IATA=$_POST['IATA'];
            $TAAI=$_POST['TAAI'];
            $TAFI=$_POST['TAFI'];
            $IATO=$_POST['IATO'];
            $ADTOI=$_POST['ADTOI'];
            $ASTA=$_POST['ASTA'];
            $PATA=$_POST['PATA'];
            $OTOAI=$_POST['OTOAI'];
            
            if (empty($user_name) && empty($co_name) && empty($co_email) && empty($co_mobile))
            {
                echo "<script type='text/javascript'> alert('please insert data to proceed')</script>";
            }
            else
            {
                if ($password==$retype)
                {
                    echo "We have the correct info" . PHP_EOL;

                    // validate vars
                    $filter_user_name=filter_var($user_name, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
                    $filter_password=filter_var($password, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
                    $filter_co_name=filter_var($co_name, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
                    $filter_co_email=filter_var($co_email, FILTER_SANITIZE_EMAIL, FILTER_FLAG_STRIP_HIGH);
                    $co_mobile=filter_var($co_mobile, FILTER_SANITIZE_NUMBER_INT);
                    $country_code=$_POST['country_code'];
                    $filter_city=filter_var($city, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
                    $filter_Designation=filter_var($Designation, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
                    $co_web=$_POST['co_web'];
                    $co_Landline=$_POST['co_Landline'];
                    $CompanyType=$_POST['CompanyType'];
                    $no_of_employees=$_POST['no_of_employees'];
                    $filter_Address=filter_var($Address, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
                    $IATA=$_POST['IATA'];
                    $TAAI=$_POST['TAAI'];
                    $TAFI=$_POST['TAFI'];
                    $IATO=$_POST['IATO'];
                    $ADTOI=$_POST['ADTOI'];
                    $ASTA=$_POST['ASTA'];
                    $PATA=$_POST['PATA'];
                    $OTOAI=$_POST['OTOAI'];         
                    
                    // file vars
                    $path=$_FILES['upload']['tmp_name'];
                    $name=$_FILES['upload']['name'];
                    $size=$_FILES['upload']['size'];
                    $type=$_FILES['upload']['type'];
                    $error=$_FILES['upload']['error'];
                        
                    if (is_uploaded_file($path))
                    {
                        echo "We have an uploaded file" . PHP_EOL;

                        if (in_array($type,array('image/png','image/x-png','image/jpeg','image/gif')))
                        {
                            echo "It's an image" . PHP_EOL;

                            if (filesize($path) > 800000)
                            {
                                echo "The FileSize is OK". PHP_EOL;

                                $content=file_get_contents($path);
                                $safeimage=mysql_real_escape_string($content);
                            
                                $sqlimage="insert into images(name,size,type,content) values ('$name','$size','$type','$safeimage')";
                                $queryimage=mysql_query($sqlimage);
                            }
                        }
                    }
                        
                    // save all in database.
                    $sql="INSERT INTO users(user_name,password,co_name,co_email,co_mobile,country_code,city,Designation,co_web,co_Landline,CompanyType,no_of_employees,Address,IATA,TAAI,TAFI,IATO,ADTOI,ASTA,PATA,OTOAI) VALUES('$filter_user_name','$filter_password','$filter_co_name','$co_email','$co_mobile','$country_code','$filter_city','$filter_Designation','$co_web','$co_Landline','$CompanyType','$no_of_employees','$filter_Address','$IATA','$TAAI','$TAFI','$IATO','$ADTOI','$ASTA','$PATA','$OTOAI')";
                                                            
                    $result=mysql_query($sql);

                    if (!$result)
                    {
                        echo "<script type='text/javascript'> alert('Query: {$sql} failed with ' . mysql_error($connect)')</script>";
                    }
                    else
                    {                              
                        echo "<script type='text/javascript'>alert('saved successfully...')</script>";
                    }
                }
            }
        }
    }   
}   

$use=new mysql;
$use->sql();

?>

Open in new window

0
 
NerdsOfTechTechnology ScientistCommented:
Create a subdirectory 'uploads/' CHMOD to 775 and try:

<?php

class mysql
{
	
	private $localhost="***";
	private $db_users="**";
	private $db_password="***";
	private $db_name="***";

	function __construct()
	{	
		mysql_connect($this->localhost,$this->db_users,$this->db_password);
		mysql_select_db($this->db_name);
	}
	
	function sql(){
		
		if ($_POST['submit'] && !empty($_FILES)){
			
				
			$user_name=$_POST['us_name'];
			$password=$_POST['password'];
			$retype=$_POST['retype'];
			$co_name=$_POST['co_name'];
			$co_email=$_POST['co_email'];
			$co_mobile=$_POST['co_mobile'];
			$country_code=$_POST['country_code'];
			$city=$_POST['city'];
			$Designation=$_POST['Designation'];
			$co_web=$_POST['co_web'];
			$co_Landline=$_POST['co_Landline'];
			$CompanyType=$_POST['CompanyType'];
			$no_of_employees=$_POST['no_of_employees'];
			$Address=$_POST['Address'];
			$IATA=$_POST['IATA'];
			$TAAI=$_POST['TAAI'];
			$TAFI=$_POST['TAFI'];
			$IATO=$_POST['IATO'];
			$ADTOI=$_POST['ADTOI'];
			$ASTA=$_POST['ASTA'];
			$PATA=$_POST['PATA'];
			$OTOAI=$_POST['OTOAI'];
			
			if (empty($user_name) && empty($co_name) && empty($co_email) && empty($co_mobile)){				
				echo "<script type='text/javascript'> alert('please insert data to proceed')</script>";
			}
			else{
				
				if ($password==$retype){
										
					/// validate vars
								
					$filter_user_name=filter_var($user_name, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
					$filter_password=filter_var($password, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
					$filter_co_name=filter_var($co_name, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
					$filter_co_email=filter_var($co_email, FILTER_SANITIZE_EMAIL, FILTER_FLAG_STRIP_HIGH);
					$co_mobile=filter_var($co_mobile, FILTER_SANITIZE_NUMBER_INT);
					$country_code=$_POST['country_code'];
					$filter_city=filter_var($city, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
					$filter_Designation=filter_var($Designation, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
					$co_web=$_POST['co_web'];
					$co_Landline=$_POST['co_Landline'];
					$CompanyType=$_POST['CompanyType'];
					$no_of_employees=$_POST['no_of_employees'];
					$filter_Address=filter_var($Address, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
					$IATA=$_POST['IATA'];
					$TAAI=$_POST['TAAI'];
					$TAFI=$_POST['TAFI'];
					$IATO=$_POST['IATO'];
					$ADTOI=$_POST['ADTOI'];
					$ASTA=$_POST['ASTA'];
					$PATA=$_POST['PATA'];
					$OTOAI=$_POST['OTOAI'];			
					
					// upload checks

					$target_dir = "uploads/";
					$target_file = $target_dir . basename($_FILES["upload"]["name"]);
					$uploadOk = 1;
					$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
					// Check if image file is a actual image or fake image
					if(isset($_POST["submit"])) {
						$check = getimagesize($_FILES["upload"]["tmp_name"]);
						if($check !== false) {
							echo "File is an image - " . $check["mime"] . ".";
							$uploadOk = 1;
						} else {
							echo "File is not an image.";
							$uploadOk = 0;
						}
					}
					// Check if file already exists
					if ($uploadOk && file_exists($target_file)) {
						echo "ERROR: file already exists.";
						$uploadOk = 0;
					}
					// Check file size
					if ($uploadOk && $_FILES["upload"]["size"] > 10485760) {
						echo "ERROR: your file is too large.";
						$uploadOk = 0;
					}
					// Allow certain file formats
					if($uploadOk && $imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
					&& $imageFileType != "gif" ) {
						echo "ERROR: only JPG, JPEG, PNG & GIF files are allowed.";
						$uploadOk = 0;
					}
					// Check if $uploadOk is set to FALSE (0) by an error
					if (!$uploadOk) {
						echo "ERROR: your file was not uploaded.";
					// if everything is ok, try to upload file
					} else {
						if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
							echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";

							// save all in database.
							$sql="INSERT INTO users (user_name,
							 password,
							 co_name,
							 co_email,
							 co_mobile,
							 country_code,
							 city,
							 Designation,
							 co_web,
							 co_Landline,
							 CompanyType,
							 no_of_employees,
							 Address,
							 IATA,
							 TAAI,
							 TAFI,
							 IATO,
							 ADTOI,
							 ASTA,
							 PATA,
							 OTOAI) VALUES ('$filter_user_name',
							 '$filter_password',
							 '$filter_co_name',
							 '$co_email',
							 '$co_mobile',
							 '$country_code',
							 '$filter_city',
							 '$filter_Designation',
							 '$co_web',
							 '$co_Landline',
							 '$CompanyType',
							 '$no_of_employees',
							 '$filter_Address',
							 '$IATA',
							 '$TAAI',
							 '$TAFI',
							 '$IATO',
							 '$ADTOI',
							 '$ASTA',
							 '$PATA',
							 '$OTOAI'
							 )";
							 $result=mysql_query($sql);
							 if (!$result)
							 {
							  echo "<script type='text/javascript'> alert('Query: {$sql} failed with ' . mysql_error($connect)')</script>";
							 }
							 else
							 {                              
							  echo "<script type='text/javascript'>alert('saved successfully...')</script>";
							 }
						} else {
							echo "ERROR: there was a problem uploading your file.";
						}
					}
				}
			}
		}
	}		
}
$use=new mysql;
$use->sql();
?>

Open in new window


Ref:
https://www.w3schools.com/php/php_ref_filesystem.asp

https://www.w3schools.com/php/php_file_upload.asp
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.