|
Posted by Toby A Inkster on 03/28/07 10:44
CorfuVBProgrammer wrote:
> class image_manipulation
> {
> private $height;
> private $width;
> public $image;
>
> public function __construct()
> {
> $this->width = 0;
> $this->height = 0;
> }
This is fairly useless.
> public function __destruct()
> {
> $this->width = 0;
> $this->height = 0;
> }
This is entirely useless.
> public function setImageSize($img_tmp)
> {
> $img_info = getimagesize($img_tmp);
> $filetype = $img_info['mime'];
> $this->width = $img_info[0];
> $this->height = $img_info[1];
>
> return $this->manipulate_jpeg($img_tmp);
> }
Considering the main purpose of this function (i.e. to get a manipulated
copy of the image) the above function is bizarrely named.
> <snip rest of class definition>
> $query = "INSERT INTO " . TABLE_NAME . "(img_data) VALUES('" .
> $image_object->setImageSize(FILE_LOCATION) . "')";
You need to escape the result of $image_object->setImageSize using, for
example, mysql_real_escape_string.
--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux
* = I'm getting there!
Navigation:
[Reply to this message]
|