<P>
<form method="post" enctype="multipart/form-data">
<table width="350" border="1" cellpadding="1" cellspacing="1" class="box">
<tr>
<td width="246">
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
<input name="userfile" type="file" id="userfile">
</td>
<td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td>
</tr>
</table>
</form>
<P><HR><P>
<?php
include "../../dbdbdbdbdbdb.inc";
$uploadDir = '../My_ART/';
if(isset($_POST['upload']))
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$filePath = $uploadDir . $fileName;
$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading file";
exit;
}
if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}
$query = "INSERT INTO MyTable WHERE eMail ='[email protected]' AND password ='xxxx' (name, size, type, path)";
"VALUES ('$fileName', '$fileSize', '$fileType', '$filePath')";
mysql_query($query) or die('<font color=RED>Error, query failed : ' . mysql_error());
echo "<br>Files uploaded<br>";
}
?>
|
