Issue
I know this is very close to complete. My aim is to re-size the image a user is uploading by a factor of 0.5. I have achieved in returning the width and height of the image uploaded and have achieved halving those values. Code below:
//get image attributes
$target = "Images/";
$target = $target . basename($_FILES['myFile']['name']);
$thumbnailsize = 0.5;
//Get uploaded image width and height.
list($width, $height) = getimagesize($target);
//Half the current image in size.
$newWidth = $width * $thumbnailsize;
$newheight = $height * $thumbnailsize;
$new_target = imagecreatefromjpeg($target);
$image = imagecreate($newWidth, $newheight);
imagecopyresized($image, $new_target, 0, 0, 0, 0, $newWidth, $newheight, $width, $height);
$pic = $_FILES['myFile']['name'];
move_uploaded_file($_FILES['myFile']['tmp_name'], $target);
I think I am now going wrong with my variable use and UPDATE SQL statement, see below:
$tUser_SQLselect = "UPDATE User SET imageLocation='" . $pic . "' ";
$tUser_SQLselect .= "WHERE ID = '" . $userID . "' ";
Any advice will appreciated, thanks.
Solution
You're not calling imagejpeg()
in there anywhere, so your resized file is not saved anywhere. And unless you're planning on saving the original file alongside the resized one, you cannot use move_uploaded_files() on the copy - m_u_l() exists specifically to apply certain security checks on the uploaded files, so no tampering can occur after the upload completes but before the file's moving around - your resized image would trigger the safety check.
You are also wide-open to SQL injection attacks via that $pic
variable - the ['name']
parameter in the $_FILES array is user-supplied data, and can be used to subvert your server.
Answered By - Marc B Answer Checked By - Clifford M. (PHPFixing Volunteer)
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.