你能帮我编辑这段代码吗?编辑和裁剪上传的图像
function insert_lenses(){
// to get userid
$reg=$_SESSION['myusername'];
$result_users = mysql_query("SELECT * FROM users WHERE user_name='$reg'");
while($row_users = mysql_fetch_array($result_users))
{
$uid=$row_users[id];
}
$uploader = $_POST['uploader'];
$path = 'photos/';
$image=$_FILES['img_name'];
$img_title=$_POST['title'];
$img_tag=$_POST['tags'];
$img_desc=$_POST['description'];
$img_status=$_POST['status'];
$lenses_id=$_POST['lenses'];
$cam_id=$_POST['cams'];
$date = date("d.m.Y");
//------------------------------------------
$image_size=$_FILES['img_name']['size'];
$filename = stripslashes($_FILES['img_name']['name']);
$extension = getExtension($filename);
$extension = strtolower($extension);
$image_name=time().'.'.$extension;
$newname=$path.$image_name;
$copied = copy($_FILES['img_name']['tmp_name'], $newname);
if ($copied) {
$sql=mysql_query("insert into images (uid, lid, imageurl, img_date, imagesize, imagedesc, imagetitle, imagetag, status,cam,lens,user_name,img_w,img_h)
VALUES('$uid','$lenses_id','$newname','$date','$image_size','$img_desc','$img_title','$img_tag','$$img_status','$cam_id','$lenses_id','$uploader','$w','$h')");
return true;
}else{
echo "<center><h3>There are An Errors In Uploading!</h3></center>";
return false;
}
}
function getExtension($str) {
$i = strrpos($str,".");
if (!$i) { return ""; }
$l = strlen($str) - $i;
$ext = substr($str,$i+1,$l);
return $ext;
}
$reg=$_SESSION['myusername'];
$result_users = mysql_query("SELECT * FROM users WHERE user_name='$reg'");
while($row_users = mysql_fetch_array($result_users))
{
$getid=$row_users[id];
}
我需要在这个函数调整大小和裁剪图像像Flickr和Facebook IMG加,我做了一个新的文件夹:/ img_croped
我想插入这个文件夹在新的图像(调整大小和作物58 * 58px)
和:
mysql_query("insert into images (small_img) VALUES('$croped')"); // URL VALUE
什么是可能的图像类型? – sdleihssirhc 2011-03-10 04:32:14
除了明显的SQL注入漏洞,不要使用$ _FILES数组中的'size','name'和'type'值 - 它们是用户提供的,可以被破坏。另外,不要使用'copy'。有一个专门用于处理文件上传的'move_uploaded_file'函数。 – 2011-03-10 05:04:57