mrsaywho Posted March 14, 2012 Share Posted March 14, 2012 How would I go about adding a timestamp to my image uploads so I don't erase image files with the same name? Also, what would be the correct use of the mysql_escape_string <?php require_once('storescripts/connect.php'); mysql_select_db($database_phpimage,$phpimage); $uploadDir = 'upload/'; if(isset($_POST['upload' . $config])) { foreach ($_FILES as $file) { $fileName = $file['name']; $tmpName = $file['tmp_name']; $fileSize = $file['size']; $fileType = $file['type']; if($fileName==""){ $filePath = 'upload/'; } else{ $filePath = $uploadDir . $fileName; } $filePath = str_replace(" ", "_", $filePath); $result = move_uploaded_file($tmpName, $filePath); if(!get_magic_quotes_gpc()) { $fileName = addslashes($fileName); $filePath = addslashes($filePath); } $fileinsert[]=$filePath; } } $mid = mysql_real_escape_string(trim($_POST['mid'])); $cat = mysql_real_escape_string(trim($_POST['cat'])); $item = mysql_real_escape_string(trim($_POST['item'])); $price = mysql_real_escape_string(trim($_POST['price'])); $about = mysql_real_escape_string(trim($_POST['about'])); $fields = array(); $values = array(); $updateVals = array(); for($i=1; $i<=4; $i++) { $fields[$i] = 'name'.$i; $values[$i] = mysql_real_escape_string(basename(trim($_FILES[$fields[$i]]['name']))); if($values[$i] != '') { $updateVals[] = "{$fields[$i]} = '{$values[$i]}'"; } } $updateNames = ''; if(count($updateVals)) { $updateNames = ", " . implode(', ', $updateVals); } $update = "INSERT INTO image (mid, cid, item, price, about, name1, name2, name3, name4) VALUES ('$mid', '$cat', '$item', '$price', '$about', '$values[1]', '$values[2]', '$values[3]', '$values[4]') ON DUPLICATE KEY UPDATE cid = '$cat', item = '$item', price = '$price', about = '$about' $updateNames"; $result = mysql_query($update) or die (mysql_error()); $id = mysql_insert_id(); ?> <p style="font-size:35px; font-family:Arial, Helvetica, sans-serif; color:#255E67; margin-left:25px;">Your Item Has Been Uploaded!</p> <script type="text/javascript"> setTimeout('ourRedirect()', 2000) function ourRedirect() { location.href='protator_php.php?mid=<?php echo $id ?>' } </script> Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted March 14, 2012 Share Posted March 14, 2012 your using mysql_real_escape_string() properly already. mas for a timestamp, It's been a while but I'm sure it's just something like : $filename .= time(); although you would need to do that before you add the extension obviously... What I found easier to manage (and I suppose more secure as well) was to use a substring of a md5 encrytipted time : $filename .= "_" . strtolower(substr(md5(time)), 0, 4)); I found it more manageable for generating unique codes for delivery notes. Quote Link to comment Share on other sites More sharing options...
mrsaywho Posted March 14, 2012 Author Share Posted March 14, 2012 wow really... $filename .= "_" . strtolower(substr(md5(time)), 0, 4)); I can't find a way to fit it in the code without an error. and i can't get the timestamp to work either Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted March 14, 2012 Share Posted March 14, 2012 yeah, I missed out the function brackets for time() in that last one there. I just ran the following code: <?php $filename = "myfile"; $filename .= "_" . strtolower(substr(md5(time()), 0, 4)); $filename .= ".jpg"; echo $filename; ?> and got as a result : myfile_9e97.jpg let me know if that helps Quote Link to comment Share on other sites More sharing options...
mrsaywho Posted March 14, 2012 Author Share Posted March 14, 2012 I think my problem is that I don't know where exactly to insert it into my code. The code runs fine but it won't add that unique identifier Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted March 14, 2012 Share Posted March 14, 2012 try here: $fileName = $file['name']; $fileName .= "_" . strtolower(substr(md5(time()), 0, 4)); $tmpName = $file['tmp_name']; $fileSize = $file['size']; $fileType = $file['type']; Quote Link to comment Share on other sites More sharing options...
mrsaywho Posted March 14, 2012 Author Share Posted March 14, 2012 no well the problem isn't getting it into my file folder but getting it into mysql...... its the multiple uploads that i don't even understand what the code means. <?php require_once('storescripts/connect.php'); mysql_select_db($database_phpimage,$phpimage); $penis = strtolower(substr(md5(time()), 0, 4)); $uploadDir = 'upload/'; if(isset($_POST['upload' . $config])) { foreach ($_FILES as $file) { $fileName = $file['name']; $tmpName = $file['tmp_name']; $fileSize = $file['size']; $fileType = $file['type']; if($fileName==""){ $filePath = 'upload/'; } else{ $filePath = $uploadDir . $penis . $fileName; } $filePath = str_replace(" ", "_", $filePath); $result = move_uploaded_file($tmpName, $filePath); if(!get_magic_quotes_gpc()) { $fileName = addslashes($fileName); $filePath = addslashes($filePath); } $fileinsert[]=$filePath; } } $mid = mysql_real_escape_string(trim($_POST['mid'])); $cat = mysql_real_escape_string(trim($_POST['cat'])); $item = mysql_real_escape_string(trim($_POST['item'])); $price = mysql_real_escape_string(trim($_POST['price'])); $about = mysql_real_escape_string(trim($_POST['about'])); $fields = array(); $values = array(); $updateVals = array(); for($i=1; $i<=4; $i++) { $fields[$i] = 'name'.$i; $values[$i] = mysql_real_escape_string(basename(trim($_FILES[$fields[$i]]['name']))); if($values[$i] != '') { $updateVals[] = "{$fields[$i]} = '{$values[$i]}'"; } } $updateNames = ''; if(count($updateVals)) { $updateNames = ", " . implode(', ', $updateVals); } $update = "INSERT INTO image (mid, cid, item, price, about, name1, name2, name3, name4) VALUES ('$mid', '$cat', '$item', '$price', '$about', '$values[1]', '$values[2]', '$values[3]', '$values[4]') ON DUPLICATE KEY UPDATE cid = '$cat', item = '$item', price = '$price', about = '$about' $updateNames"; $result = mysql_query($update) or die (mysql_error()); $id = mysql_insert_id(); ?> <p style="font-size:35px; font-family:Arial, Helvetica, sans-serif; color:#255E67; margin-left:25px;">Your Item Has Been Uploaded!</p> <script type="text/javascript"> setTimeout('ourRedirect()', 2000) function ourRedirect() { location.href='protator_php.php?mid=<?php echo $id ?>' } </script> Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted March 14, 2012 Share Posted March 14, 2012 you would be looking to make some changes in and around here: for($i=1; $i<=4; $i++) { $fields[$i] = 'name'.$i; $values[$i] = mysql_real_escape_string(basename(trim($_FILES[$fields[$i]]['name']))); if($values[$i] != '') { $updateVals[] = "{$fields[$i]} = '{$values[$i]}'"; } } but if you don't have a clue what the code is doing I'm going to have say that you need to learn before you start editing it. Check the php manual site for $_FILES() and associated information. p.s. could you please use or [ code ] [/code ] BBtags when posting actual code as it makes it much easier to read. Quote Link to comment Share on other sites More sharing options...
mrsaywho Posted March 14, 2012 Author Share Posted March 14, 2012 yea its too difficult Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted March 14, 2012 Share Posted March 14, 2012 When posting code, enclose it within the forum's . . . BBCode tags. Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted March 14, 2012 Share Posted March 14, 2012 yea its too difficult sorry, what's too difficult? Quote Link to comment Share on other sites More sharing options...
mrsaywho Posted March 15, 2012 Author Share Posted March 15, 2012 its to difficult to figure this out. i have been at it for 24 hours or so. but thats to this board and people like you I can see the code better and understand more. I just don't understand why i can't take the same value i passed to to folder (i believe its $filePath) and pass it to the database. Quote Link to comment Share on other sites More sharing options...
kicken Posted March 15, 2012 Share Posted March 15, 2012 What I found easier to manage (and I suppose more secure as well) was to use a substring of a md5 encrytipted time That code would be no better than just using a timestamp directly in the name really. If two people uploaded a same-named image during the same second, you'd still generate the same final name for each. You need some kind of randomness to prevent this. I prefer to simply use the uniqid function for this. As an additional safeguard you'd want to include the code in a loop checking if a filename exists. based on the OP's code: foreach ($_FILES as $file) { $fileName = $file['name']; $tmpName = $file['tmp_name']; $fileSize = $file['size']; $fileType = $file['type']; if ($fileName != ""){ $filePath = $uploadDir; $fileName = str_replace(" ", "_", $fileName); //Split the name into the base name and extension $pathInfo = pathinfo($fileName); $fileName_base = $pathInfo['filename']; $fileName_ext = $pathInfo['extension']; //now we re-assemble the file name, sticking the output of uniqid into it //and keep doing this in a loop until we generate a name that //does not already exist (most likely we will get that first try) do { $fileName = $fileName_base . uniqid() . '.' . $fileName_ext; } while (file_exists($filePath.$fileName)); $result = move_uploaded_file($tmpName, $filePath.$fileName); } } Quote Link to comment Share on other sites More sharing options...
mrsaywho Posted March 15, 2012 Author Share Posted March 15, 2012 where exactly would you put this? above the if(!get_magic_quotes_gpc()) { $fileName = addslashes($fileName); $filePath = addslashes($filePath); } $fileinsert[]=$filePath; } } and replace everything after if(isset($_POST['upload' . $config])) { Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted March 15, 2012 Share Posted March 15, 2012 That code would be no better than just using a timestamp directly in the name really. If two people uploaded a same-named image during the same second, you'd still generate the same final name for each. ... nah, my systems for a company dispatch note generator, the time's only appended at the end, there are other factors used to build the id, including operator prefix and last 5 digits of IP, there is also a delay after each slip is generated for printing. The md5 was only really flung on there so no one could make sense of the file id when it was shipped on the dispatch slip, it's readable through a barcode into the company system, but other than that it's useless to human interpretation - that was why I had the more secure written in brackets. Quote Link to comment Share on other sites More sharing options...
mrsaywho Posted March 17, 2012 Author Share Posted March 17, 2012 Ok so i am getting an sql error from editing my mysql table with this query below. It is throwing in an extra equal sign right before the last value in the query $udateNames. I want a timestamp value in mysql when i edit just one picture at a time. Almost there..... Here is the error i printed INSERT INTO image (mid, cid, item, price, about, name1, name2, name3, name4) VALUES ('167', 'hats', 'zzz', 'zz', 'zz', '4f64105aad275.jpg', '', '', '') ON DUPLICATE KEY UPDATE cid = 'hats', item = 'zzz', price = 'zz', about = 'zz' , = '4f64105aad275.jpg' and here is the sql error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= '4f6411fb6dfb2.png'' at line 6 Here is the php: <?php require_once('storescripts/connect.php'); mysql_select_db($database_phpimage,$phpimage); $uploadDir = 'upload/'; if(isset($_POST['upload'])) { foreach ($_FILES as $file) { $fileName = $file['name']; $tmpName = $file['tmp_name']; $fileSize = $file['size']; $fileType = $file['type']; if ($fileName != ""){ $filePath = $uploadDir; $fileName = str_replace(" ", "_", $fileName); //Split the name into the base name and extension $pathInfo = pathinfo($fileName); $fileName_base = $pathInfo['fileName']; $fileName_ext = $pathInfo['extension']; //now we re-assemble the file name, sticking the output of uniqid into it //and keep doing this in a loop until we generate a name that //does not already exist (most likely we will get that first try) do { $fileName = $fileName_base . uniqid() . '.' . $fileName_ext; } while (file_exists($filePath.$fileName)); $file_names [] = $fileName; $result = move_uploaded_file($tmpName, $filePath.$fileName); } if(!get_magic_quotes_gpc()) { $fileName = addslashes($fileName); $filePath = addslashes($filePath); } $fileinsert[] = $filePath; } } $mid = mysql_real_escape_string(trim($_POST['mid'])); $cat = mysql_real_escape_string(trim($_POST['cat'])); $item = mysql_real_escape_string(trim($_POST['item'])); $price = mysql_real_escape_string(trim($_POST['price'])); $about = mysql_real_escape_string(trim($_POST['about'])); $fields = array(); $values = array(); $updateVals = array(); for($i = 0; $i < 4; $i++) { $values[$i] = isset($file_names[$i]) ? mysql_real_escape_string($file_names[$i]) : ''; if($values[$i] != '') { $updateVals[] = "{$fields[$i]} = '{$values[$i]}'"; } } $updateNames = ''; if(count($updateVals)) { $updateNames = ", " . implode(', ', $updateVals); } $update = "INSERT INTO image (mid, cid, item, price, about, name1, name2, name3, name4) VALUES ('$mid', '$cat', '$item', '$price', '$about', '$values[0]', '$values[1]', '$values[2]', '$values[3]') ON DUPLICATE KEY UPDATE cid = '$cat', item = '$item', price = '$price', about = '$about' $updateNames"; $result = mysql_query($update) or die (mysql_error()); Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted March 19, 2012 Share Posted March 19, 2012 you are not assigning the contents of the $updateNames variable to a field. that's why you are getting the error. you either need to tell the query what field you want that information in, or leafe the variable out of that part of the query. : ON DUPLICATE KEY UPDATE cid = '$cat', item = '$item', price = '$price', about = '$about' $updateNames";//<<<--problem line here Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.