<?
mysql_query("SET NAMES TIS620");
$fileName = $_FILES['up1']['name'];
$dataFile = $_FILES["up1"]["tmp_name"];
$fileSize = $_FILES['up1']['size'];
$fileType = $_FILES['up1']['type'];
$fileError = $_FILES['up1']['error'];
$date = date("Y/m/d");
$time = date("H:i:s");
$dir = "upload/";
$name =$_POST['n_student'];
$idstudent = $_POST['studentID'];
$subject = $_POST['subject'];
$nameteacher = $_POST['n_teacher'];
if (($fileType = $_FILES["up1"]["type"] == "image/gif" ) || ($fileType = $_FILES["up1"]["type"] == "image/pjpeg")
&& ($filesize = $_FILES["up1"]["size"] < 20000))
{
if ($fileError = $_FILES["up1"]["error"] > 0)
{
echo "Error: " .$_FILES["up1"]["error"] . "<br>";
}
else
{
}
mysql_connect("localhost","root","1234")or die("connect fail!");
mysql_select_db("sendfile")or die("db die."); //ลงฐานข้อมูล
$sql = "insert into upload_file (file_name, file_size, file_type, file_time, file_date, name_student, istudentID, subject, name_teacher) value ('$fileName', '$fileSize', '$fileType', '$time', '$date', '$name', '$idstudent', '$subject', '$nameteacher')";
// Copy File ไว้ที่ Folder File
if(move_uploaded_file($dataFile,$dir.$fileName) && mysql_query($sql))
{
echo "<script>location='upload_complete.php'</script>";
}
else {
echo "<script>location='notupload.php'</script>";
}
}
mysql_error();
?>
--------------------------------------------------------------------------
คือ มันรันได้ค่ะ แต่ไม่ตรวจสอบประเภทไฟล์ กะขนาดให้เลยค่ะ
พัฒนาเว็บไซต์
