html

</div> <iframe style="display: none;" name="h_iframe" width="1" height="1"></iframe> <form action="" method="post" name="img_upload" enctype="multipart/form-data" target="h_iframe"> <div id="imageId"> </div> <p><input type="file" name="upload_photo" onchange="img_upload.submit();" /></p> </form> <div id="image_upload_status"></div>

module

 public function upload(){ if (is_uploaded_file($_FILES['upload_photo']['tmp_name'])) { // загружаем изображение на сервер, если оно соответствует требованиям (формат: gif/jpeg/png и размер файла ~ 500 kB) if ( ( $_FILES['upload_photo']['type'] == 'image/jpeg') && $_FILES['upload_photo']['size'] <= 512000 ) { $upload_photo= $_FILES['upload_photo']['name']; $puth = copy($_FILES['upload_photo']['tmp_name'],"image/uploads/".uniqid($upload_photo). '.jpeg'); echo "<script type=\"text/javascript\">parent.document.getElementById(\"imageId\").innerHTML = '<img src=\"image/uploads/demo.png\">'; parent.document.getElementById(\"image_upload_status\").innerHTML = '<p class=\"image_success\">Файл успешно загружено</p>';</script>"; }elseif ($_FILES['upload_photo']['type'] == 'image/png' && $_FILES['upload_photo']['size'] <= 512000){ $upload_photo= $_FILES['upload_photo']['name']; $puth = copy($_FILES['upload_photo']['tmp_name'],"image/uploads/".uniqid($upload_photo). '.png'); echo "<script type=\"text/javascript\">parent.document.getElementById(\"imageId\").innerHTML = '<img src=\"image/uploads/demo.png\">'; parent.document.getElementById(\"image_upload_status\").innerHTML = '<p class=\"image_success\">Файл успешно загружено</p>';</script>"; }elseif ($_FILES['upload_photo']['type'] == 'application/msword' && $_FILES['upload_photo']['size'] <= 512000){ $upload_photo= $_FILES['upload_photo']['name']; $puth = copy($_FILES['upload_photo']['tmp_name'],"image/uploads/".uniqid($upload_photo). '.doc'); echo "<script type=\"text/javascript\">parent.document.getElementById(\"imageId\").innerHTML = '<img src=\"image/uploads/demo.png\">'; parent.document.getElementById(\"image_upload_status\").innerHTML = '<p class=\"image_success\">Файл успешно загружено</p>';</script>"; }elseif ($_FILES['upload_photo']['type'] == 'application/pdf' && $_FILES['upload_photo']['size'] <= 512000){ $upload_photo= $_FILES['upload_photo']['name']; $puth = copy($_FILES['upload_photo']['tmp_name'],"image/uploads/".uniqid($upload_photo). '.pdf'); echo "<script type=\"text/javascript\">parent.document.getElementById(\"imageId\").innerHTML = '<img src=\"image/uploads/demo.png\">'; parent.document.getElementById(\"image_upload_status\").innerHTML = '<p class=\"image_success\">Файл успешно загружено</p>';</script>"; }elseif ($_FILES['upload_photo']['type'] == 'application/vnd.ms-excel' && $_FILES['upload_photo']['size'] <= 512000){ $upload_photo= $_FILES['upload_photo']['name']; $puth = copy($_FILES['upload_photo']['tmp_name'],"image/uploads/".uniqid($upload_photo). '.xls'); echo "<script type=\"text/javascript\">parent.document.getElementById(\"imageId\").innerHTML = '<img src=\"image/uploads/demo.png\">'; parent.document.getElementById(\"image_upload_status\").innerHTML = '<p class=\"image_success\">Файл успешно загружено</p>';</script>"; } // уведомление об ошибке else if (($_FILES['upload_photo']['type'] != 'image/gif' && $_FILES['upload_photo']['type'] != 'image/jpeg' && $_FILES['upload_photo']['type'] != 'image/png')) { echo "<script type=\"text/javascript\">parent.document.getElementById(\"image_upload_status\").innerHTML = '<p class=\"image_error\">Недопустимый тип файла</p>';</script>"; } else if ($_FILES['upload_photo']['size'] > 512000) { echo "<script type=\"text/javascript\">parent.document.getElementById(\"image_upload_status\").innerHTML = '<p class=\"image_error\">Недопустимый размер файла</p>';</script>"; } else { echo "<script type=\"text/javascript\">parent.document.getElementById(\"image_upload_status\").innerHTML = '<p class=\"image_error\">Произошла ошибка при загрузке файла</p>';</script>"; } } }

I do this on the order page so that the name of the attached file is included with the order and written into the database. I do:

 $this->db->query("INSERT INTO `" . DB_PREFIX . "order` SET invoice_prefix = '" . $this->db->escape($data['invoice_prefix']) . "', store_id = '" . (int)$data['store_id'] . "', **file** = '" . **$puth** . "', store_name = '" . $this->db->escape($data['store_name']) . "', store_url = '" . $this->db->escape($data['store_url']) . "', customer_id = '" . (int)$data['customer_id'] . "', customer_group_id = '" . (int)$data['customer_group_id'] . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', telephone = '" . $this->db->escape($data['telephone']) . "', fax = '" . $this->db->escape($data['fax']) . "', payment_firstname = '" . $this->db->escape($data['payment_firstname']) . "', payment_lastname = '" . $this->db->escape($data['payment_lastname']) . "', payment_company = '" . $this->db->escape($data['payment_company']) . "', payment_company_id = '" . $this->db->escape($data['payment_company_id']) . "', payment_tax_id = '" . $this->db->escape($data['payment_tax_id']) . "', payment_address_1 = '" . $this->db->escape($data['payment_address_1']) . "', payment_address_2 = '" . $this->db->escape($data['payment_address_2']) . "', payment_city = '" . $this->db->escape($data['payment_city']) . "', payment_postcode = '" . $this->db->escape($data['payment_postcode']) . "', payment_country = '" . $this->db->escape($data['payment_country']) . "', payment_country_id = '" . (int)$data['payment_country_id'] . "', payment_zone = '" . $this->db->escape($data['payment_zone']) . "', payment_zone_id = '" . (int)$data['payment_zone_id'] . "', payment_address_format = '" . $this->db->escape($data['payment_address_format']) . "', payment_method = '" . $this->db->escape($data['payment_method']) . "', payment_code = '" . $this->db->escape($data['payment_code']) . "', shipping_firstname = '" . $this->db->escape($data['shipping_firstname']) . "', shipping_lastname = '" . $this->db->escape($data['shipping_lastname']) . "', shipping_company = '" . $this->db->escape($data['shipping_company']) . "', shipping_address_1 = '" . $this->db->escape($data['shipping_address_1']) . "', shipping_address_2 = '" . $this->db->escape($data['shipping_address_2']) . "', shipping_city = '" . $this->db->escape($data['shipping_city']) . "', shipping_postcode = '" . $this->db->escape($data['shipping_postcode']) . "', shipping_country = '" . $this->db->escape($data['shipping_country']) . "', shipping_country_id = '" . (int)$data['shipping_country_id'] . "', shipping_zone = '" . $this->db->escape($data['shipping_zone']) . "', shipping_zone_id = '" . (int)$data['shipping_zone_id'] . "', shipping_address_format = '" . $this->db->escape($data['shipping_address_format']) . "', shipping_method = '" . $this->db->escape($data['shipping_method']) . "', shipping_code = '" . $this->db->escape($data['shipping_code']) . "', comment = '" . $this->db->escape($data['comment']) . "', total = '" . (float)$data['total'] . "', affiliate_id = '" . (int)$data['affiliate_id'] . "', commission = '" . (float)$data['commission'] . "', language_id = '" . (int)$data['language_id'] . "', currency_id = '" . (int)$data['currency_id'] . "', currency_code = '" . $this->db->escape($data['currency_code']) . "', currency_value = '" . (float)$data['currency_value'] . "', ip = '" . $this->db->escape($data['ip']) . "', forwarded_ip = '" . $this->db->escape($data['forwarded_ip']) . "', user_agent = '" . $this->db->escape($data['user_agent']) . "', accept_language = '" . $this->db->escape($data['accept_language']) . "', sum_ = '" . (float)$sum_ . "', date_added = NOW(), date_modified = NOW()");

if you do not make checks, then the file name and the database comes to the server, but then there is the possibility that two files with the same name will not be recorded.

How to make an entry in the database so that the name is not taken

 $_FILES['upload_photo']['name']

but

 $puth = copy($_FILES['upload_photo']['tmp_name'],"image/uploads/".uniqid($upload_photo). '.jpeg');
  • I tried to describe the answer. Something fits? I think this is about what you need - Aleksey Shimansky

1 answer 1

Do not quite understand. Well, I'll try.

  1. All your footcloth with iphas can be clearly reduced.
  2. The path of the directory where the picture is copied must be kept in the class property, and not inside the hardcode method.
  3. The link already to the downloaded and copied file can also be stored in the class field.

There will be something like this:

 class MySuperNothingClass { private $uploadDir = "image/uploads/"; private $uploadedImgPath = ''; private $flashMessage = ''; public function upload(){ if (is_uploaded_file($_FILES['upload_photo']['tmp_name'])) { $ext = ''; if ($_FILES['userfile']['error'] !== UPLOAD_ERR_OK) { $this->$flashErrorMessage = "<script type=\"text/javascript\">parent.document.getElementById(\"image_upload_status\").innerHTML = '<p class=\"image_error\">Произошла ошибка при загрузке файла</p>';</script>"; return false; } if ($_FILES['upload_photo']['size'] > 512000) { $this->$flashErrorMessage = "<script type=\"text/javascript\">parent.document.getElementById(\"image_upload_status\").innerHTML = '<p class=\"image_error\">Недопустимый размер файла</p>';</script>"; return false; } $ext = pathinfo($_FILES['upload_photo']['name'], PATHINFO_EXTENSION); if ($ext != 'gif' && $ext != 'jpeg' && $ext != 'jpg' && $ext != 'png') { $this->$flashErrorMessage = "<script type=\"text/javascript\">parent.document.getElementById(\"image_upload_status\").innerHTML = '<p class=\"image_error\">Недопустимый тип файла</p>';</script>"; return false; } $upload_photo = $_FILES['upload_photo']['name']; $uploadedPath = $this->uploadDir . uniqid($upload_photo); if (copy($_FILES['upload_photo']['tmp_name'], $uploadedPath)) { $this->uploadedImgPath = $uploadedPath; $this->$flashErrorMessage = "<script type=\"text/javascript\">parent.document.getElementById(\"imageId\").innerHTML = '<img src=\"image/uploads/demo.png\">'; parent.document.getElementById(\"image_upload_status\").innerHTML = '<p class=\"image_success\">Файил успешно загружено</p>';</script>"; return true; } return false; } } public function actionUploadImage() { if (!$this->upload()) { echo $this->flashMessage; return false; } // здесь работа с БД // ... $this->db->query("INSERT INTO `" . DB_PREFIX . "order` SET invoice_prefix = '" . $this->db->escape($data['invoice_prefix']) . "', store_id = '" . (int)$data['store_id'] . "', file = '" . $this->uploadedImgPath . "', store_name = '" . $this->db->escape($data['store_name']) . "', ... ... и т.д" ); echo $this->flashMessage; } }

As you can see, the text of the error also made in the class field. Now in the method of a certain handler we ask the upload() method: did everything go well or not? If not, then we throw away the saved error text and finish the work. But if everything is fine, then only we save to the database and display the inscription that the file is loaded.

Well and most importantly, in fact, in the upload method we see if copy() executes correctly, then we add the path to the $uploadedImgPath field and already use it in the request.

PS in the method of copy you were writing in vain . $ext . $ext . This had to be done if you separated somewhere the file name from the extension and now you need to glue it. However, you did not do this, so the addition is not required.

PPS to check whether a particular type of image can be used exif_imagetype , instead of what I wrote. Read about it yourself.

PPPS in general, this code can still be infinitely improved. But not knowing exactly what was cooking inside, I almost left everything as it is.

  • Thanks for the help - Roman Yushko
  • @ Romanyushko if it helped - you can click the daw)) if it didn’t help - sorry - Alexey Shimansky