|
|
Posted by shimmyshack on 05/05/07 02:36
On May 4, 11:32 pm, Mike P2 <sumguyovrt...@gmail.com> wrote:
> On May 4, 4:01 pm, m...@londonstudent.co.uk wrote:
>
> > Does anyone know how I can change this form to get it to do what I
> > need?
>
> > Thanks for any help
>
> > Matt
>
> You have to move the uploaded file after you insert whatever it is you
> insert into the database so you can get the new ID number. The most
> efficient way of retrieving this incremented ID depends on how you are
> connecting to MySQL. If you are using the regular MySQL interface, you
> can get the ID number back out by using the mysql_insert_id() function
> immediately after your INSERT statement. If you are using MySQLi (non-
> procedural version), you can use $MySQLiObj->insert_id.
>
> Also, when dealing with uploaded files, for security reasons it's
> usually best to use the move_uploaded_file() function instead of
> copy(). But you may already be checking the uploaded file using
> is_uploaded_file(). move_uploaded_file() just does both at once.
>
> So here's an idea of what should work:
>
> <?php
> //...validation, DB connection, etc...
>
> if( !$db->query( "INSERT INTO `it` ( `...`, `...` ) VALUES ( '...',
> '...' )" ) )
> {
> $uhOh = "Query failed: $db->error";
>
> }
>
> else if( !move_uploaded_file( $_FILES['PhotoUpload']['tmp_name'],
> "directory/pictures/$db->insert_id.bmp" ) )
> {
> $uhOh = 'Could not move uploaded file';
>
> }
>
> //...
> ?>
>
> -Mike PII
mike has answered already, im just adding an off topic point, when you
say "another application" do you use the same table to authenticate
both sets of users as well as the same table to store data regarding
pictures and so on, if you do remember that while one app might be
"aunty mable's semi-naughty hen night shinanigans" the other might be
"important child protection work data" one day you might create a test/
test account for auntymabels friends who says she cant login, and
anyway you won't require strong passwords on the mabel app cos its
only a bunch of computer-phobics. This adds up to, cross contamination
of data, sql injection based on same privaledges for the mysql user
for boths apps, increasing the surface area for easy hacks to occur in
both apps.
It would be safer to [create a new db per app and] copy the table when
sets of users unmixed, and give each app a non-privaledged user which
just has usage of that particular app's auth table.
(I once knew a man from london whose mysql server was completely
undone - no honest I really did, for this very reason)
ttfn, m
Navigation:
[Reply to this message]
|