Secure Image Upload with PHP
Security is an important thing for a php application. For this reason I tried to learn it. This case exist in the process of uploading a picture. To avoid undesirable I use the secure image are written by Mesut Timur. In addition I have also included an image filter .
Download Script
Example Usage:
HTML code:
PHP code:
Download Script
Example Usage:
HTML code:
<!DOCTYPE HTML> <head> <meta http-equiv="content-type" content="text/html" /> <meta name="author" content="Boomer" /> <title>Secure Image Upload</title> </head> <body> <form action="upload.php" method="post" enctype="multipart/form-data" > <input type="file" name="images" /> <input type="submit" value="Upload" /> </form> </body> </html>
PHP code:
<?php include 'inc/upload.php'; include 'inc/SecureImage.php' ; include 'inc/NudityFilter.class.php'; class Image_Upload { public $massage = ""; public $secure = true; public $nudity_filter = false; public $allowed_image = "jpg|png|jpeg|gif"; public $destination = ""; function upload( $parameter, $path ) { if( !class_exists( 'Secure_Upload')) { $this->massage = 'Upload Class not exists'; return false; } $upload = new Secure_Upload(); $proses = $upload->upload( $parameter , $path ); if( !$proses ) { $this->massage = $upload->massage; return false; } if( $this->secure && class_exists( 'SecureImage' )) { $image = new SecureImage($upload->file_destination); if( !$image->CheckIt()) { unlink( $upload->file_destination ); $this->massage = "Bad image"; return false; } } if( $this->nudity_filter && class_exists( 'NudityFilter' ) ) { $nfilter = new NudityFilter(); if( $nfilter->check( $upload->file_destination ) ) { $this->massage = "nude detected"; unlink( $upload->file_destination ); return false; } } $this->destination = $upload->destination; $this->massage = "Upload Sukses"; return true; } } $image = new Image_Upload(); $image->nudity_filter = true; $image->upload('images','images'); echo $image->massage; ?>
Simple PHP file cache
I try to share my experience
on write php code, in this time i will share simple php librarary for
caching content, this very simple. If you interesting you can get it
from my dropbox.
PHP Data Objects (PDO)
PDO adalah cara baru untuk mengakses database pada PHP ,kelebihannya adalah kemudahan dalam penggantian database engine yang digunakan karena dalam PDO query setiap database engine tetap sama yang membeakan hanyalah koneksinya.Oke dari pada berlama-lama mari kita mulai:
Sebelumnya pastikan dulu exstension PDO telah terinstall edit php.ini dan periksa pada baris extension=php_pdo.dll jika sebelumnya ada tanda ";" hapus terlebih dahulu lalu restart webserver anda.
class crud
{
public $db;
public function conn() {
$sgbd="mysql"; // DSN o banco
$host="localhost"; //ip do server do banco
$user="login do banco";
$pass="senha";
$database="nome do banco de dados";
//---------------------------------------------------------------------------
//CASO USE PostGreSQL $conn = new PDO("pgsql:host=$host dbname=$database", $user, $pass);
//CASO USE SQLite "sqlite:/opt/database/localblabla/seu_banco.sq3"
if (!$this->db instanceof PDO) {
$this->db = new PDO("$sgbd:host=$host;dbname=$database", $user, $pass);
$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
}
/***
*
* @select values from table
*
* @access public
*
* @param string $table The name of the table
*
* @param string $fieldname
*
* @param string $id
*
* @return array on success or throw PDOException on failure
*
*/
public function dbSelect($table, $fieldname=null, $id=null)
{
$this->conn();
$sql = "SELECT * FROM `$table` WHERE `$fieldname`=:id";
$stmt = $this->db->prepare($sql);
$stmt->bindParam(':id', $id);
$stmt->execute();
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
/**
*
* @execute a raw query
*
* @access public
*
* @param string $sql
*
* @return array
*
*/
public function rawSelect($sql)
{
$this->conn();
return $this->db->query($sql);
}
/**
*
* @run a raw query
*
* @param string The query to run
*
*/
public function rawQuery($sql)
{
$this->conn();
$this->db->query($sql);
}
/**
*
* @Insert a value into a table
*
* @acces public
*
* @param string $table
*
* @param array $values
*
* @return int The last Insert Id on success or throw PDOexeption on failure
*
*/
public function dbInsert($table, $values)
{
$this->conn();
/*** snarg the field names from the first array member ***/
$fieldnames = array_keys($values[0]);
/*** now build the query ***/
$size = sizeof($fieldnames);
$i = 1;
$sql = "INSERT INTO $table";
/*** set the field names ***/
$fields = '( ' . implode(' ,', $fieldnames) . ' )';
/*** set the placeholders ***/
$bound = '(:' . implode(', :', $fieldnames) . ' )';
/*** put the query together ***/
$sql .= $fields.' VALUES '.$bound;
/*** prepare and execute ***/
$stmt = $this->db->prepare($sql);
foreach($values as $vals)
{
$stmt->execute($vals);
}
}
/**
*
* @Update a value in a table
*
* @access public
*
* @param string $table
*
* @param string $fieldname, The field to be updated
*
* @param string $value The new value
*
* @param string $pk The primary key
*
* @param string $id The id
*
* @throws PDOException on failure
*
*/
public function dbUpdate($table, $fieldname, $value, $pk, $id)
{
$this->conn();
$sql = "UPDATE `$table` SET `$fieldname`='{$value}' WHERE `$pk` = :id";
$stmt = $this->db->prepare($sql);
$stmt->bindParam(':id', $id, PDO::PARAM_STR);
$stmt->execute();
}
/**
*
* @Delete a record from a table
*
* @access public
*
* @param string $table
*
* @param string $fieldname
*
* @param string $id
*
* @throws PDOexception on failure
*
*/
public function dbDelete($table, $fieldname, $id)
{
$this->conn();
$sql = "DELETE FROM `$table` WHERE `$fieldname` = :id";
$stmt = $this->db->prepare($sql);
$stmt->bindParam(':id', $id, PDO::PARAM_STR);
$stmt->execute();
}
}
?>
Sebelumnya pastikan dulu exstension PDO telah terinstall edit php.ini dan periksa pada baris extension=php_pdo.dll jika sebelumnya ada tanda ";" hapus terlebih dahulu lalu restart webserver anda.
class crud
{
public $db;
public function conn() {
$sgbd="mysql"; // DSN o banco
$host="localhost"; //ip do server do banco
$user="login do banco";
$pass="senha";
$database="nome do banco de dados";
//---------------------------------------------------------------------------
//CASO USE PostGreSQL $conn = new PDO("pgsql:host=$host dbname=$database", $user, $pass);
//CASO USE SQLite "sqlite:/opt/database/localblabla/seu_banco.sq3"
if (!$this->db instanceof PDO) {
$this->db = new PDO("$sgbd:host=$host;dbname=$database", $user, $pass);
$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
}
/***
*
* @select values from table
*
* @access public
*
* @param string $table The name of the table
*
* @param string $fieldname
*
* @param string $id
*
* @return array on success or throw PDOException on failure
*
*/
public function dbSelect($table, $fieldname=null, $id=null)
{
$this->conn();
$sql = "SELECT * FROM `$table` WHERE `$fieldname`=:id";
$stmt = $this->db->prepare($sql);
$stmt->bindParam(':id', $id);
$stmt->execute();
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
/**
*
* @execute a raw query
*
* @access public
*
* @param string $sql
*
* @return array
*
*/
public function rawSelect($sql)
{
$this->conn();
return $this->db->query($sql);
}
/**
*
* @run a raw query
*
* @param string The query to run
*
*/
public function rawQuery($sql)
{
$this->conn();
$this->db->query($sql);
}
/**
*
* @Insert a value into a table
*
* @acces public
*
* @param string $table
*
* @param array $values
*
* @return int The last Insert Id on success or throw PDOexeption on failure
*
*/
public function dbInsert($table, $values)
{
$this->conn();
/*** snarg the field names from the first array member ***/
$fieldnames = array_keys($values[0]);
/*** now build the query ***/
$size = sizeof($fieldnames);
$i = 1;
$sql = "INSERT INTO $table";
/*** set the field names ***/
$fields = '( ' . implode(' ,', $fieldnames) . ' )';
/*** set the placeholders ***/
$bound = '(:' . implode(', :', $fieldnames) . ' )';
/*** put the query together ***/
$sql .= $fields.' VALUES '.$bound;
/*** prepare and execute ***/
$stmt = $this->db->prepare($sql);
foreach($values as $vals)
{
$stmt->execute($vals);
}
}
/**
*
* @Update a value in a table
*
* @access public
*
* @param string $table
*
* @param string $fieldname, The field to be updated
*
* @param string $value The new value
*
* @param string $pk The primary key
*
* @param string $id The id
*
* @throws PDOException on failure
*
*/
public function dbUpdate($table, $fieldname, $value, $pk, $id)
{
$this->conn();
$sql = "UPDATE `$table` SET `$fieldname`='{$value}' WHERE `$pk` = :id";
$stmt = $this->db->prepare($sql);
$stmt->bindParam(':id', $id, PDO::PARAM_STR);
$stmt->execute();
}
/**
*
* @Delete a record from a table
*
* @access public
*
* @param string $table
*
* @param string $fieldname
*
* @param string $id
*
* @throws PDOexception on failure
*
*/
public function dbDelete($table, $fieldname, $id)
{
$this->conn();
$sql = "DELETE FROM `$table` WHERE `$fieldname` = :id";
$stmt = $this->db->prepare($sql);
$stmt->bindParam(':id', $id, PDO::PARAM_STR);
$stmt->execute();
}
}
?>