Я пытаюсь загрузить изображения в систему с помощью php, его работа отлично работает с другими файлами, но когда изображение содержит одинарные кавычки, функция не работает. Код ниже я использую для загрузки и изменения размера изображения с использованием определенного класса. вот мои коды.
$filename = strtolower($_FILES['file']['name']); $filename=mysql_real_escape_string($filename); $filename=stripslashes($filename); $whitelist = array('jpg', 'png', 'gif', 'jpeg'); #example of white list //$backlist = array('php', 'php3', 'php4', 'phtml','exe'); #example of black list if(@in_array(end(explode('.', $filename)), $whitelist)) { $direc=$school_index; If(!file_exists($direc)) { /* wherever this particular script will be installed, I want to create a subfolder */ /* Step 1. I need to know the absolute path to where I am now, ie where this script is running from...*/ $thisdir = getcwd(); /* Step 2. From this folder, I want to create a subfolder called "myfiles". Also, I want to try and make this folder world-writable (CHMOD 0777). Tell me if success or failure... */ if(mkdir($thisdir ."/$direc" , 0777)) { $msg= "Directory has been created successfully..."; } else { $msg= "Failed to create directory..."; } } $filename = strtolower($_FILES['file']['name']); $file=strtolower($_FILES['file']['name']); $path =$direc; $ext=pathinfo($file,PATHINFO_EXTENSION); $name=pathinfo($path,PATHINFO_FILENAME); echo "File alredy exists .So name is changed automatically & moved"; //$path1="$folder/"; $leng=strlen($name); $name=substr($name,$leng); $new_name=$name.$_SESSION['candidate_photo_name'].".".$ext; $new_name=addslashes($new_name); $upload=mysql_real_escape_string($_FILES['file']['tmp_name']); $file_upload=move_uploaded_file($_FILES['file']['tmp_name'],$school_index."/".$new_name); if(!$file_upload){ $int=$_SESSION['candidate_id']; $serial=$_SESSION['candidate_serial']; $msg="Sory,we are unable to upload this file due to file name to contain unrequired characters,please try again later!"; $_SESSION["photo_entry_msg"]=$msg; header("location:client.php?page=upload_student_photo&student_id=$int&serial=$serial"); exit; } $filename=mysql_real_escape_string($new_name); $filename=$school_index."/".$filename; require"php/image_resize.class.php"; $resize = new ResizeImage($filename); $resize->resizeTo(100, 100, 'maxHeight'); $resize->saveImage($filename); //$resize->move_uploaded_file($_FILES["file"]["tmp_name"],"images/" . $_FILES["file"]["name"]); // our sql query //echo $_POST['st_int']; $sql_update = mysql_query("UPDATE photo_entry SET photo='{$filename}' where id='{$int}'") or die("".mysql_error()); //$sql_select = mysql_query("SELECT teacher_name from class_teachers where id='{$int}'"); // if(!$sql_update){ $int=$int; $msg=strtoUpper('Error occured during uploading signature for '.$name); header("location:client.php?page=view_upload_photo&t_id=$int&e=".urlencode($msg)); exit; } elseif($sql_update){ $int=$int; $msg=strtoUpper('Congratulation for uploading photo for '.$_SESSION['cand_name']); $_SESSION["photo_entry_msg"]=$msg; header("location:client.php?page=view_upload_photo"); exit; } }