PHPFixing
  • Privacy Policy
  • TOS
  • Ask Question
  • Contact Us
  • Home
  • PHP
  • Programming
  • SQL Injection
  • Web3.0

Tuesday, October 11, 2022

[FIXED] How do I upload my reformatted image?

 October 11, 2022     gd, image-processing, image-resizing, php     No comments   

Issue

I know this is very close to complete. My aim is to re-size the image a user is uploading by a factor of 0.5. I have achieved in returning the width and height of the image uploaded and have achieved halving those values. Code below:

//get image attributes
    $target = "Images/";
    $target = $target . basename($_FILES['myFile']['name']);

    $thumbnailsize = 0.5;

    //Get uploaded image width and height.
    list($width, $height) = getimagesize($target);

    //Half the current image in size.
    $newWidth = $width * $thumbnailsize;
    $newheight = $height * $thumbnailsize;

    $new_target = imagecreatefromjpeg($target);
    $image = imagecreate($newWidth, $newheight);

    imagecopyresized($image, $new_target, 0, 0, 0, 0, $newWidth, $newheight, $width, $height);

    $pic = $_FILES['myFile']['name'];
    move_uploaded_file($_FILES['myFile']['tmp_name'], $target);

I think I am now going wrong with my variable use and UPDATE SQL statement, see below:

$tUser_SQLselect = "UPDATE User SET imageLocation='" . $pic . "' ";
$tUser_SQLselect .= "WHERE ID = '" . $userID . "' ";

Any advice will appreciated, thanks.


Solution

You're not calling imagejpeg() in there anywhere, so your resized file is not saved anywhere. And unless you're planning on saving the original file alongside the resized one, you cannot use move_uploaded_files() on the copy - m_u_l() exists specifically to apply certain security checks on the uploaded files, so no tampering can occur after the upload completes but before the file's moving around - your resized image would trigger the safety check.

You are also wide-open to SQL injection attacks via that $pic variable - the ['name'] parameter in the $_FILES array is user-supplied data, and can be used to subvert your server.



Answered By - Marc B
Answer Checked By - Clifford M. (PHPFixing Volunteer)
  • Share This:  
  •  Facebook
  •  Twitter
  •  Stumble
  •  Digg
Newer Post Older Post Home

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...

Subscribe To

Posts
Atom
Posts
Comments
Atom
Comments

Copyright © PHPFixing