[PHP] How upload files to protected directories?
Hello I post my question here because I can't understand what host support is trying to say to me: I use paid host with PHP and MySql facilities, all working fine for me (both PHP and MySql). I offer to customers ability for storing updating and retrieving MySql records using HTML commands. My problem begins when I want customers also be allowed to upload images (.GIF and .JPG files) linked to their records. If possible, I would prefer store these images into BLOB MySql fields and then show image stream using PHP GD functions, but this appears difficult because host PHP doesn't have GD library. Next solution is to store GIF/JPG files into some directory and then use html commands to show pictures. But POST commands are denied on this host (as well as ftp commands) because they don't want somebody uploading trojan programs there. Support said to me: "the only way around this is to write a cgi script which uploads/writes to a file - there are commercial products that do this safely or maybe you can find a free script on one of the many cgi script sites - most commercial classified ad scripts have a function such as this." Does somebody know what this means?. If ftp commands and all PHP filesystem commands are disallowed, how could CGI script solve it? And also, what are 'classified ad scripts'? Sorry I live in Brazil and don't catch all english expressions: are these scripts to post classified ads? Any other solution will be welcome. Thanks in advance Mig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] How upload files to protected directories?
Keith Vance wrote: > You should be able to do something using PHP, try looking here, > http://www.php.net/manual/cs/features.file-upload.php > I think there is just a communication problem between you and your hosting > company. They don't allow ftp uploads, but as long as you are doing it > through http, it should work fine. There is also some good stuff about > this on http://www.phpbuilder.com. I do it all the time and my hosting > company couldn't care less, but your's may be different and you may have > to switch or should switch to someone else if you can't get the http > upload to work. > > Keith Hello Keith, thanks very much. Sorry because I forgot explain following: picture files really are uploaded to host server, because I check temp file and they are ok (I check $userfile_temp variable). My problem is: I can't move, copy, rename or anything else other than 'open and read' this file. Whenever I try exec copy commands I receive 'copy command denied for /web/.'. You know temp files will be deleted when script terminates, so I die with my pictures in hand. Thanks again Mig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] How upload files to protected directories?
Kathleen Ballard wrote:
> Mig,
> This is some code I was sent when I needed to display images that were
> located outside of the web dir.
>
> ~~
> If you want the images outside the web-tree, your image tag would be more
> like this:
>
>
>
> Then display.php3 would look not unlike:
>
>header("Content-type: image/gif");
> header("Content-length: " . filesize("C:/hide/images/$imagefile"));
> //Caching headers here.
> //And Content-disposition
> //And Content-filename
> //and so on.
> readfile("C:/hide/images/$imagefile");
> ?>
Hello Kathleen
Thanks very much, I checked your idea and must say it works nice with files, but
when I need pass strings like parameters for PHP program, things become difficult.
I will follow your clever idea, because I know it will work, but first need solve two
problems (sorry I am newer to PHP and sometimes confused the way PHP treat variables ).
First problem is: how store content of image file (jpg or gif) into MySql BLOB fields?
Mysql update command uses variable='value' to update (or insert) values. Image data
has lot of ' " ' and " ' " in between, so I receive 1054 ERROR when trying to pass
update image='$image', because $image variable expands before sending data to database.
Second problem is:
how to pass later same string $image recovered from MySql to display.php3 program?
In your example, your are passing file name, a very single string that wouldn't cause
any confusion, but when passing display.php3?stream-image=$image things will become
hard.
Probably I will need to reopen Mysql database into display.php3 program and so I would
pass only record number to display.php3, letting this program to search again record.
Anyway, I modified display.php3 program to execute $image = fread(file...) and then
echo $image, and it works fine.., that's to say, it is just question of string
treatment, and really GD library is not necessary.
Thanks
Miguel
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] managing image files with PHP/Mysql
Hello, I want to thank Kathleen and other people for ideas about uploading / displaying images using PHP and Mysql. I checked these ideas and they work very well, so I will use them into my program. For storing and retrieving image streams, I used addslashes and stripslashes PHP functions. The only problem still remaining is on client-side point of view. When somebody going to upload file, browsers open little box to let user choose file (). I wish user to know somewhat is the image he/she is going to upload, so I want to display this image before user uploading. For this action, I would be able to control the 'BROWSE' button that appears on form. Since this button doesn't apply to POST method, nor it will execute function on Form command, how can I control this action? Is there some doc explaining features of these objects? Thanks Miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] How no-cache some object?
Hello, this probably no related to PHP, but I don't know where to ask. When retrieving and updating images from MySql record, I noticed Netscape sometimes fooled by cache values, then it won't show correct image but previous image instead. How can say to browsers 'hey, please don't cache this statement"? Note inside src there is PHP program http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] What's wrong with Apache + php + mysql on Windows?
Hello, I can't understand the reason apache server running locally on my Win98 machine delays so much to respond browser when accesing php scripts in the form http://localhost/myscript.php When I transfer php scripts to host server via FTP, script execution is immediate, even remote server being in another continent. I was running apache + php + mysql on Win95 and delay was terrible. Now I moved to Win98 and delay became still worse. I know some parameter in httpd.conf or php.ini should be changed, but how to kwow which parameter?. Thanks for any idea. Mig -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] unset() in a class
Hi Why doesn't unset($this) work inside a instance of a class? I have found a workaround, but it isn't so smart... Laus Brandt -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
