Coding Help!!! I'm a noob.

lamusica

New Member
Messages
4
Reaction score
0
Points
1
How can I get My Users for this chat I'm Working on. I have been trying this code...

HTML
<form action="uploadavatar.php" method="post" enctype="mulipart/form-data">
<input type="file" name="file" />
<input type="submit" name="submit" class="button" />
</form>
PHP

<?php
if (move_uploaded_file($_FILES['file']['tmp_name'], "../avatar/")) {
print "Received {$_FILES['file']['name']} - its size is {$_FILES['userfile']['size']}";
} else {
print "Upload failed!";
}
?>

Here's the URL to my beta right now.
http://vago.x10.mx/chat3/index.php
 

essellar

Community Advocate
Community Support
Messages
3,295
Reaction score
227
Points
63
Okay — the HTML form and PHP snippet have nothing to do with the question you asked up top (they're just about uploading an avatar image file), and your URL requires a registration and login to see anything. It's really hard to help given those circumstances.

Can you simply explain what it is you're trying to do?
 

lamusica

New Member
Messages
4
Reaction score
0
Points
1
Okay — the HTML form and PHP snippet have nothing to do with the question you asked up top (they're just about uploading an avatar image file), and your URL requires a registration and login to see anything. It's really hard to help given those circumstances.

Can you simply explain what it is you're trying to do?
Sorry, Here is a testing account.
User: Test@Test.com
Pass: test
What Im trying to do is allow the users to upload a avatar.
I was thinking about making it through mysql. (blobs).
 

caftpx10

Well-Known Member
Messages
1,534
Reaction score
114
Points
63
Sorry, Here is a testing account.
User: Test@Test.com
Pass: test
What Im trying to do is allow the users to upload a avatar.
I was thinking about making it through mysql. (blobs).
Are you also uploading the actual files to the server?, if so then that could possibly violate the ToS.

If you're wanting to just store the image links to the database so they can be used as an avatar then that's good enough.

What you need to do is have a connection to the MySQL server and the database itself, use the universal variable '$_POST['NAMEOFTEXTBOX']' , use real escape (to avoid SQL injections), use a query pointing to that username and then update a row from that user's column (avatar) so that it has the URL.
You will of course need to use a PHP function which checks if it exists and the file extension, which shouldn't take long since there are many functions which can do the job.
(Please note that this is from the top of my head, I've not created this myself yet.)

Talking about file extension checking, your script doesn't seem to check so anyone could upload a malicious script (PHP) and execute it without you knowing.
Believe me, there's one function I know that ALL webhosts should block if you're not using a VPS.
So, I would really sort all of these things out before releasing it to the public.
 
Last edited:

leafypiggy

Manager of Pens and Office Supplies
Staff member
Messages
3,819
Reaction score
163
Points
63
Don't use mysql_real_escape_string or any of the mysql_* functions/libraries. They're deprecated, old, and useless. Use PDO, or Mysqli.
 

Skizzerz

Contributors
Staff member
Contributors
Messages
2,929
Reaction score
118
Points
63
To clarify, allowing users to upload avatar images does not constitute a ToS violation. Where a violation could occur is if they are uploading lewd images to use as avatars (in which case you should be policing your site and deleting them and warning/banning such members), or if you allow general file uploads/hosting.
 

caftpx10

Well-Known Member
Messages
1,534
Reaction score
114
Points
63
To clarify, allowing users to upload avatar images does not constitute a ToS violation. Where a violation could occur is if they are uploading lewd images to use as avatars (in which case you should be policing your site and deleting them and warning/banning such members), or if you allow general file uploads/hosting.
Ah, I just thought that images irrelevant to the site aren't allowed but according to you avatars are allowed if they're appropriate, thanks for the information!
 
Top