FRIHOST • FORUMS • SEARCH • FAQ • TOS • BLOGS • COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


my project





gerimter
upload information and pictures.
1-index php

<form method="post" action="ekle.php"enctype="multipart/form-data">
<p><strong>
<label></label>
</strong></p>
<p>&nbsp;</p>
</div>
<p><strong><br>
<label></label>
<br>
</strong></p>

<p><strong>ADINIZ:
......(zorunlu değil)............

</strong><strong>
<input type="text" name="first" />
</strong></p>
<p><strong>HABER VEYA SORUN
:...............
</strong>
<textarea name="last" id="last"></textarea>
</p>
<p><strong>RESİM...................
<label>

<input name="resimler" type="file" id="resimler" style="float: left"/>

</label>
</strong></p>
<p><strong>
<input type="Submit" name="submit" value="KAYDI TAMAMLA" />
</strong></p>
</div>
<p><strong><br>
<label></label>
<br>
<label></label>
</strong><strong>
<label></label>
</strong></p>
</HTML>
<strong><a href="/index.htm">ANASAYFA</a></strong>
2------ekle.php
<?php

$db = mysql_connect("localhost", "root","");
mysql_select_db("hhh",$db);
$first = $_POST['first'];
$last = $_POST['last'];

$resimler = $_POST['resimler'];

$root= $_FILES["resimler"] ["tmp_name"]; // resimin geçici yüklendigi klasor (hafia gibi yani)
$resim_ad = $_FILES["resimler"] ["name"]; // Gözat ile aldigimiz dosyanin adi
$tip = $_FILES["resimler"] ["type"]; // aldigimiz dosyanin türü
$boyut = $_FILES["resimler"] ["size"]; // boyutu


// yukardaki koyu isaretledigim resim isimleri form.html de name vermistik.. name="resim"
// eyer sadece resim olarak kullanacaksaniz 1.elseif döngüsünü silmeyin, degilse silin

if($root== ""){

echo "Bir Dosya Seçmediniz"; // gözat butonu ile bir dosya seçmedi ise

} elseif(($tip !="image/pjpeg") && ($tip !="image/gif") && ($tip !="image/jpg") &&($tip !="image/x-png")) {

echo "Yüklemeye Çalistiginzi Dosya Bir Resim Dosyasi Degildir.";

}elseif ($boyut > 300000000000) {

echo "3 MB dan büyük bir dosya yüklemeyin";
}else {
$hedef = "dosyalar";



if(move_uploaded_file($root,$hedef."/".$resim_ad)) {
echo "
Resim Kayagi : ".$root.
"<br>Resim Adi: ".$resim_ad.
"<br>Resim Tipi: ".$tip.
"<br>Resim Boyutu: ".$boyut.
" byte<br>MD5 Adi : ".$md.
"<br>Yükleme Tamamdir..<br>";
} else {echo "Resim Yüklenemedi";}

} //else bitis





$sql = "INSERT INTO personnel (firstname, lastname, resimler)
VALUES ('$first','$last','$resim_ad')";

$result = mysql_query($sql);

// echo "<br>Thank you! Information entered.\n";
// echo "<br><a href=\"index.php\"> HOME </a> ";
?>

3----view.php
<HTML>
<body>



<?php
error_reporting(0);
$db = mysql_connect("localhost", "root","");
mysql_select_db("hhh",$db);
$result = mysql_query("SELECT * FROM personnel",$db);
echo "<TABLE BORDER=2 align=center> ";
echo"<TR><TD><b>id</b><td><B>AD SOYAD</B><TD><B>resimler</B><TD><B>Resim</B></TR>";
while ($myrow = mysql_fetch_array($result))
{
echo "<TR><TD>".$myrow["id"]."<td>".$myrow["firstname"].$myrow["firstname"]." ".$myrow["lastname"]."<TD>".$myrow["resimler"]."<TD>".$myrow["$resim"];
echo "<TD><a href=\"_view.php?id=".$myrow['id']."\"> DETAY </a>";




$isim = @mysql_result($tablo,0,"resimler");
echo $isim;
#echo "<img border='0' src='$row[resimler]' width='100' align='left'>" . $ozet . $str. "";
echo "<img src='dosyalar/".$myrow["resimler"]."' width='100' > ";
# echo "<img src='dosyalar/".$myrow["resimler"]."' width='250' > ";

#echo "<a href=dddddd".$row[id].".html>". $row["firstname"]."</a><br>";
#echo "<img border='0' src='$row[resimler]' width='100' align='left'>" . $ozet . $str. "";



echo "<TD><a href=\"_delete.php?id=".$myrow['id']."\"> SIL </a>";
#echo "<td><a href=\"_edit.php?id=".$myrow['id']."\"> DÜZENLE </a>";
}

echo "</TABLE>";
echo "<table width=\"23%\" border=\"1\" align=\"center\">


<tr>
<td><a href=\"index.php\">YENI KAYIT OLUSTUR</a></td>
</tr>
</table>";

?>



</HTML>

Send comments pls.
rvec
it's ugly, you didn't use code tags and it's easy to hack. Need more comments?
sonam
rvec wrote:
it's ugly, you didn't use code tags and it's easy to hack. Need more comments?


Yes!
Quote:
error_reporting(0);

Hidding errors is not good way in php codding. It is much better to see all off them. In that case you can solve any problem what can produce your script before you start to use it.

Sonam
rvec
sonam wrote:
rvec wrote:
it's ugly, you didn't use code tags and it's easy to hack. Need more comments?


Yes!
Quote:
error_reporting(0);

Hidding errors is not good way in php codding. It is much better to see all off them. In that case you can solve any problem what can produce your script before you start to use it.

Sonam

ok..
Take a look at this:
http://us2.php.net/manual/en/function.mysql-real-escape-string.php
To add some security to the script.

Take a look at this and always choose one when making a script:
http://en.wikipedia.org/wiki/Indent_style

Code:
Put your code between code tags to improve readability


And before working with file uploads read this:
http://tstarling.com/blog/2008/12/secure-web-uploads/
gerimter
Thank you for your comments.
gerimter
Do you non-security bugs in the problem?
Related topics
web-based project manager
[COMMUNITY PROJECT]Frihost Forum
My new project.
School Project
Need Your Advice: Final Project Idea
Frihost DC (Distributed Computing) Project
free 1 lvl shader project
Java project coupling problems
The "Project Freedom Network" goes live once again
Fresh New Project on the Ground (recruiting;))
School Project
Completed project
Sliding door project for school..
PLEASE HELP SUPPORT THIS SPORTING PROJECT
Looking for project contributors
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.