Could anybody post an example of using MySQL's ENUM option for specific file uploads please? Thanks

SQL doesn't handle the file upload, so there is no reason to use ENUM. ENUM is there to allow only specific values to be entered into that field of the database. (set is the same thing). What would you like to do and maybe we can go from there...?

I would like to upload images to a database that are jpegs, pngs, and gifs only. I thought you could control this with the enum option as it allows only certain values. Guess I'm wrong.

nah, you can't really do that using ENUM... there are two ways to do that:

+check the file name(easy to hack, just rename the file)
+check the actual contents of the file(harder to hack, harder to implement)

You could look into the GD (image) functions in PHP. Gif's are a no-no though, because of copyright issues.

well you would do a check in the actual upload script.

with PHP it would look like:



if(substr($_FILES['userfile']['name'], -3) == "jpg"){
// upload script here....
}


something like that would work for you...

you don't actually upload the image into the database, you upload the path of the image to be stored in the database. But its not really necessary to make the SQL do the work in the case, because you still have to check the extension with PHP, its better to just include the extension-checker in the PHP code.

say you wanted to allow gifs, jpgs, and pngs...



<?
$allowed_ext = ("jpg", "gif", "png");

$file = $_FILES['userfile'['tmp_name'];
$destination = $_FILES['userfile']['name'];

for($x=0;$x<count($allowed_ext);$x++){
if(substr($dest, -3) != $allowed_ext[$x]){
die("Not a valid file format.");
}
}

copy($file, $destination) or die("Couldn't upload the file!");
?>


like njs said, this is pretty easy to hack tho. If you want you can actually check the file-type with a more complex function, but this will work if you don't want something that is super secure.

Thanks a lot guys. could u give me a link where i could look up the more secure way in case i needed it?

actually Jubba, you can store images directly in a database :)

http://phpbuilder.com/columns/florian19991014.php3

but it's a lot easier to save the path.

I'm not absolutely positive how well this would work, but I was thinking something along the lines of this:



$path = $_FILES["userfile"["tmp_name"]];
$im = @imagecreatefromgif($path);
if($im){
$isValidGif = true;
}
imagedestroy($im);
if(!$isValidGif){
$im = @imagecreatefromjpeg($path);
if($im){
$isValidJpeg = true;
}

}
imagedestroy($im);
if(!($isValidGif && $isValidJpeg)){
$im = @imagecreatefrompng($path);
if($im){
$isValidPNG = true;
}
}
imagedestroy($im);
if(!($isValidGif || $isValidJpeg || $isValidPNG)){
die("Please upload a file of the right format.");
}
//do copy and everything like that here...

How would u save the path?

njs: I didn't say it wasn't possible, just not really non-feasible. :) Nice link tho. Also i don't really see a reason to bring the GD-lib into thise problem. Well actually you only need getimagesize()... check out the link here:

http://www.php.net/manual/en/function.getimagesize.php

that will tell you the type of the file and then you can run a check thru on that.

Hamza: You save the path by using the destination: $_FILES['userfile']['name'] And you just place that value into the database.

Thanks a million Jubba :thumb:

Originally posted by Vash
njs: I didn't say it wasn't possible, just not really non-feasible. :) Nice link tho. Also i don't really see a reason to bring the GD-lib into thise problem. Well actually you only need getimagesize()... check out the link here:

http://www.php.net/manual/en/function.getimagesize.php

that will tell you the type of the file and then you can run a check thru on that.

Hamza: You save the path by using the destination: $_FILES['userfile']['name'] And you just place that value into the database.

Hmm, I didn't know that. Thanks for letting me know :)