This is from my upload page
<?php
session_start();
function StrippedChars($strWords) {
$badChars = array('/select/i', '/drop/i', '/;/i', '/--/i', '/insert/i', '/delete/i', '/xp_/i','/SELECT/i', '/DROP/i', '/INSERT/i', '/DELETE/i', '/XP_/i', '/Xp_/i', '/xP_/i','/sELECT/i', '/dROP/i', '/iNSERT/i', '/dELETE/i','/seLECT/i', '/drOP/i', '/inSERT/i', '/deLETE/i','/selECT/i', '/droP/i', '/insERT/i', '/delETE/i','/seleCT/i','/inseRT/i', '/deleTE/i','/selecT/i','/inserT/i', '/deletE/i', '/dOPp/i', '/DroP/i', '/DrOp/i', '/dRoP/i');
$replaceChars = array('','','','','','','');
$newChars = preg_replace($badChars,$replaceChars,$strWords);
return $newChars;
}
include_once("connection/connection.php");
if (!(isset($_SESSION['Order_Id']))) {
header('Location: index.php');
}
if (trim($_SESSION['Order_Id']) == "") {
header('Location: index.php');
}
require_once 'UploadedFiles.php';
$absGalleryPath = "../../order_images/mood/";
function saveUploadedFiles() {
global $absGalleryPath;
while(($file = UploadedFiles::fetchNext()) !== null) {
$FileName = $file->getSourceFile()->getSafeFileName($absGalleryPath);
$Ext = strtolower(substr(trim($FileName),-3,3));
$Image_Number = $_POST ['Image_Number_' . $file->getFileIndex()];
$NewFileName = "Order_" . $_SESSION['Order_Id'] . "_Image_" . $Image_Number . "." . $Ext;
$file->getSourceFile()->save($absGalleryPath . '/' . $NewFileName);
$Text = StrippedChars(Substr(trim($_POST ['Text_' . $file->getFileIndex()]),0,25));
$sqlstring = "select Id from Order_Style_Photos where Order_id = '" . MakesSafeForDb($_SESSION['Order_Id']) . "' and Photo_Name = '" . MakesSafeForDb($NewFileName) . "'";
if (!($result = @ mysql_query($sqlstring, $connection))) {
die("An error has occured when selecting the record from the Database");
}
else {
$num_rows = mysql_num_rows($result);
while ($row = mysql_fetch_array($result)) {
$Id = $row['Id'];
}
if ($num_rows == 0) {
$sqlstring = "insert into Order_Mood_Photos (Order_Id, Photo_Name, Photo_Text) Values('" . MakesSafeForDb($_SESSION['Order_Id']) . "','" . MakesSafeForDb($NewFileName) . "','" . MakesSafeForDb($Text) . "')";
if (!($result = @ mysql_query($sqlstring))) {
die("An error has occured when inserting the record into the Database" . " - " . mysql_error());
}
else {
$sqlstring = "update Order_Mood_Photos set Photo_Name = '" .MakesSafeForDb($NewFileName) . "', Photo_Text = '" . MakesSafeForDb($Text) . "' where Id = " . MakesSafeForDb($Id);
if (!($result = @ mysql_query($sqlstring, $connection))) {
die("An error has occured when updating the fifteenth record in the Database" ." - " . mysql_error());
}
}
}
}
}
}
saveUploadedFiles();
This is from my Image upload page
<?php
$iu = new ImageUploader('ImageUploader1', 650, 250);
//Configure license keys.
$iu->setLicenseKey('71060-4440C-00000-0C083-1CB3E;72060-4440C-00000-025C0-F22BF');
//Configure appearance.
$iu->setPaneLayout('ThreePanes');
$iu->setFolderView('Thumbnails');
$iu->setBackgroundColor('#ffffff');
$iu->setShowUploadListButtons(true);
$iu->setButtonRemoveFromUploadListText('');
$iu->setButtonRemoveAllFromUploadListText('');
$iu->setShowDescriptions(false);
$iu->setAllowRotate(false);
$iu->setShowButtons(false);
//Hide standard upload pane.
$iu->setFolderPaneHeight(-1);
//Configure thumbnail settings.
$iu->setUploadThumbnail1FitMode('width');
$iu->setUploadThumbnail1Width(240);
$iu->setUploadThumbnail1JpegQuality(60);
//Configure URL files are uploaded to.
$iu->setAction('images_mood_upload.php');
//Configure URL where to redirect after upload.
$iu->setRedirectUrl('images_mood_confirm.php');
//Add event handlers.
$iu->addClientUploadFileCountChange('ImageUploader1_UploadFileCountChange');
$iu->addClientBeforeUpload('ImageUploader1_BeforeUpload');
$iu->addClientFullPageLoad('ImageUploader1_FullPageLoad');
//Configure installation progress.
$iu->getInstallationProgress()->setVisible(true);
$iu->getInstallationProgress()->setProgressCssClass("ScreenStyle");
$iu->getInstallationProgress()->setInstructionsCssClass("ScreenStyle");
$iu->render();
?>
This is my script file
var imageUploader1 = null;
var uniqueId = 0;
var prevUploadFileCount = 0;
var dragAndDropEnabled = true;
var allowDrag = false;
function ImageUploader1_FullPageLoad() {
imageUploader1 = getImageUploader(imageUploader1ID);
var UploadPane = document.getElementById("UploadPane");
while (UploadPane.childNodes.length > 0) {
UploadPane.removeChild(UploadPane.childNodes[0]);
}
//Fix Opera applet z-order bug
if (IUCommon.browser.isOpera) {
UploadPane.style.height = "auto";
}
if (dragAndDropEnabled) {
//Handle drag & drop.
if (IUCommon.browser.isIE || IUCommon.browser.isSafari || IUCommon.browser.isChrome) {
var target = IUCommon.browser.isIE || IUCommon.browser.isChrome ? UploadPane : document.body;
target.ondragenter = function() {
var e = window.event;
var data = e.dataTransfer;
if (data.getData('Text') == null) {
this.ondragover();
data.dropEffect = "copy";
allowDrag = true;
}
else {
allowDrag = false;
}
}
target.ondragover = function() {
var e = window.event;
e.returnValue = !allowDrag;
}
target.ondrop = function() {
var e = window.event;
this.ondragover();
e.dataTransfer.dropEffect = "none";
processDragDrop();
}
}
else {
window.captureEvents(Event.DRAGDROP);
window.addEventListener("dragdrop", function(e) {
e.stopPropagation();
e.preventDefault();
processDragDrop();
}, true);
}
}
}
function processDragDrop() {
alert("Adding files with drag & drop can not be implemented in standard version due security reasons. However it can be enabled in private-label version."
+ "\r\n\r\nFor more information please contact us at
sales@aurigma.com");
if (imageUploader1) {
//imageUploader1.AddToUploadList();
}
}
//To identify items in upload list, GUID are used. However it would work
//too slow if we use GUIDs directly. To increase performance, we will use
//hash table which will map the guid to the index in upload list.
//This function builds and returns the hash table which will be used for
//fast item search.
function getGuidIndexHash() {
var uploadFileCount = imageUploader1.getUploadFileCount();
var guidIndexHash = new Object();
for (var i = 1; i <= uploadFileCount; i++) {
guidIndexHash[new String(imageUploader1.getUploadFileGuid(i))] = i;
}
return guidIndexHash;
}
//This function returns HTML which represent the single item in the custom upload pane.
//It contains of the Thumbnail object and form elements for each piece of data (in our
//case - title). If you want to upload extra data, you should write
//additional form elements here.
//
//It is highly recommended not to copy this function into the main HTML page to
//avoid problems with activation of ActiveX controls in Internet Explorer with
//security update 912945. You can read more detailed about activation on Microsoft website:
//
//http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/overview/activating_activex.asp
function addUploadFileHtml(index){
var guid = new String(imageUploader1.getUploadFileGuid(index));
var fileName = new String(imageUploader1.getUploadFileName(index));
var h = "<table cellspacing=\"5\"><tbody>";
h += "<tr>";
h += "<td class=\"Thumbnail\" align=\"center\" valign=\"middle\">";
//Add thumbnail control and link it with Image Uploader by its name and GUID.
var tn = new ThumbnailWriter("Thumbnail" + uniqueId, 96, 96);
//Copy codebase and version settings from ImageUploaderWriter instance.
var iu = eval(imageUploader1ID + "_w");
tn.activeXControlCodeBase = iu.activeXControlCodeBase;
tn.activeXControlVersion = iu.activeXControlVersion;
tn.javaAppletCodeBase = iu.javaAppletCodeBase;
tn.javaAppletJarFileName = iu.javaAppletJarFileName;
tn.javaAppletCached = iu.javaAppletCached;
tn.javaAppletVersion = iu.javaAppletVersion;
tn.addParam("ParentControlName", "ImageUploader1");
tn.addParam("Guid", guid);
tn.addParam("FileName", fileName);
h += tn.getHtml();
h += "</td>";
h += "<td class='text' valign=\"top\">";
//Add Title element.
h += "Text:<br />";
h += "<input id=\"Text" + uniqueId + "\" class='test' maxlength='25' size='40' alt='Text for the image' title='Text for the image' type=\"text\" value='max. 9 words' onfocus='clearText(this)' onblur='clearText(this)' /><br />";
h += "Image number:<br />";
h += "<input id=\"Image_Number" + uniqueId + "\" class='test' size='2' maxlength='2' alt='Image number for the image' title='Image number for the image' type=\"text\" /><br />";
h += "</td>";
h += "</tr>";
h += "<tr>";
h += "<td align=\"center\"><a href=\"#\" onclick=\"return Remove_click('" + guid + "');\">Remove</a></td>";
h += "<td></td>";
h += "</tr>";
h += "</tbody></table>";
//Create DIV element which will represent the upload list item.
var div = document.createElement("div");
div.className = "UploadFile";
div.innerHTML = h;
div._guid = guid;
//_uniqueId is used for fast access to the Title.
div._uniqueId = uniqueId;
//Append this upload list item to the custom upload pane.
document.getElementById("UploadPane").appendChild(div);
//Increase the ID to guaranty uniqueness.
uniqueId++;
}
//Synchronize custom upload pane with Image Uploader upload list when
//some files are added or removed.
function ImageUploader1_UploadFileCountChange() {
if (imageUploader1) {
var uploadFileCount = imageUploader1.getUploadFileCount();
//Files are being added.
if (prevUploadFileCount <= uploadFileCount) {
for (var i = prevUploadFileCount + 1; i <= uploadFileCount; i++){
addUploadFileHtml(i);
}
}
//Files are being removed.
else {
var guidIndexHash = getGuidIndexHash();
var UploadPane = document.getElementById("UploadPane");
var i = UploadPane.childNodes.length - 1;
while (i >= 0) {
if (guidIndexHash[new String(UploadPane.childNodes[i]._guid)] == undefined){
UploadPane.removeChild(UploadPane.childNodes[i]);
}
i--;
}
}
prevUploadFileCount = uploadFileCount;
document.getElementById("UploadButton").disabled = (uploadFileCount == 0);
if (uploadFileCount > 15) {
document.getElementById("UploadButton").disabled = true
alert("You have selected more than the maximum of 15 images");
}
if (uploadFileCount < 9) {
document.getElementById("UploadButton").disabled = true
}
}
}
//Append the additional data entered by the user (title)
//to the upload. If you add more fields, do not forget to modify this event
//handler to call AddField for these fields.
function ImageUploader1_BeforeUpload() {
var guidIndexHash = getGuidIndexHash();
var UploadPane = document.getElementById("UploadPane");
for (var i = 0; i < UploadPane.childNodes.length; i++) {
var div = UploadPane.childNodes[i];
var index = guidIndexHash[div._guid];
//Title will be sent as a custom Title_N POST field, where N is an
//index of the file.
imageUploader1.AddField("Text_" + index, document.getElementById("Text" + div._uniqueId).value);
imageUploader1.AddField("Image_Number_" + index, document.getElementById("Image_Number" + div._uniqueId).value);
}
}
//This function is used to handle Remove link click. It removes an item
//from the custom upload pane by specified GUID.
function Remove_click(guid) {
var guidIndexHash = getGuidIndexHash();
imageUploader1.UploadFileRemove(guidIndexHash[guid]);
return false;
}
//This function posts data on server.
function UploadButton_click() {
imageUploader1.Send();
}
function UploadButton_select() {
var uploadFileCount = imageUploader1.getUploadFileCount();
if (uploadFileCount > 15) {
alert("You have selected more than the maximum of 15 images");
}
if (uploadFileCount < 9) {
alert("You haven't selected the minimum of 9 images");
}
if (uploadFileCount < 16 & uploadFileCount > 8) {
var Image_Number_Count = 0
for (var i = 1; i < uploadFileCount; i++) {
if (trim(document.getElementById("Image_Number" + i).value) == "") {
Image_Number_Count++
}
}
if (Image_Number_Count > 0) {
document.getElementById("UploadButton").disabled = true
alert("Not all the image numbers have been completed");
document.getElementById("UploadButton").disabled = true;
}
else {
document.getElementById("UploadButton").disabled = (Image_Number_Count !== 0);
}
}
}
function clearText(field){
if (field.defaultValue == field.value) field.value = "";
else if (field.value == "") field.value = field.defaultValue;
}
function trim(str) {
if (str == "") {
return str
}
else {
return str.replace(/^\s*|\s*$/g,"");
}
}
The upload script is only loading the first image and sometimes it is not even doing that and it doesn't write to the database. I presume it must be going wrong after $Text = StrippedChars(Substr(trim($_POST ['Text_' . $file->getFileIndex()]),0,25)); but how can I trace what it is doing? I tried putting in Die() to get it to stop but that didn't work. Otherwise can anyone spot what the problem is please
Thanks