Emblem Uploader Script

[alfredao]

Some people could not use the Rotana's Emblem Uploader Script.

I edited it and you no longer need to access using "?step=1"
Is only allowed to upload images and the maximum file size is 30Kb.

Credits:
Rotana
Alfredao

[MentaL]

[Zinoxity]

Nice, I remember that script since long ago (I haven't been on these forums in ages) even though I don't use this, great job!

[Ricky Blaze]

Oh cool, thx for posting dled. Imma test it ;o

[Joe9099]

i dont know why others had a problem with the upload script rotana made, it works fine for me

[eele]

i dont know why others had a problem with the upload script rotana made, it works fine for me

It worked great for me to, if you couldn't get to work, you had a wrong configurated Apache Server;)

[Military]

maybe because ppl used wamp or xammp

[eele]

maybe because ppl used wamp or xammp

Same for me lal.

[Zinoxity]

Most people were not able to redirect people to the "?step=1" part of the URL, and others had errors with the way the script was being used, and kind of confused people, so it became a hassle.

[pavan33]

rotana's worked fine for me too.. and ty for the release
Posted via Mobile Device

[Linear88]

I see the changes made. Thanks for this.

[marbogunz]

Dude i get error s..

"30720") { $err .= "Your file is too large.
"; $ok = 0; } if( !in_array(strtolower($extensao), $extensoes) ) { $err .= "Wrong File Type.
"; $ok = 0; } if ($ok == 0) { echo "Sorry your file was not uploaded
Verify this errors

"; echo "$err"; } else { if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { echo "Emblem uploaded and updated succesfully
"; mssql_query("UPDATE Clan SET EmblemChecksum = EmblemChecksum + 1 WHERE Name = '$CLID'"); mssql_query("UPDATE Clan SET EmblemUrl = 'upload/".$target."' WHERE Name = '$CLID'"); } else { echo "Sorry, there was a problem uploading your file."; } } } ?>

[alfredao]

Dude i get error s..

"30720") { $err .= "Your file is too large.
"; $ok = 0; } if( !in_array(strtolower($extensao), $extensoes) ) { $err .= "Wrong File Type.
"; $ok = 0; } if ($ok == 0) { echo "Sorry your file was not uploaded
Verify this errors

"; echo "$err"; } else { if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { echo "Emblem uploaded and updated succesfully
"; mssql_query("UPDATE Clan SET EmblemChecksum = EmblemChecksum + 1 WHERE Name = '$CLID'"); mssql_query("UPDATE Clan SET EmblemUrl = 'upload/".$target."' WHERE Name = '$CLID'"); } else { echo "Sorry, there was a problem uploading your file."; } } } ?>

You need a Web Server to use that script.

[Guy]

function anti_injection($value)
{
$value = preg_replace(sql_regcase("/(from|select|update|set|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$value);
$value = trim($value);
$value = strip_tags($value);
$value = addslashes($value);
$value = str_replace("'", "''", $value);
return( $value );
}

The two highlighted lines are the only ones that matter to prevent SQLi.

[randy1234]

thanku

[Asaki]

function anti_injection($value)
{
$value = preg_replace(sql_regcase("/(from|select|update|set|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$value);
$value = trim($value);
$value = strip_tags($value);
$value = addslashes($value);
$value = str_replace("'", "''", $value);
return( $value );
}

The two highlighted lines are the only ones that matter to prevent SQLi.

Wrong corrected : The two highlighted lines are the only ones that matter to prevent anti msSQL injections