Navigation

PHP - File upload

<p>
<INPUT type="file" name="uploadedfile" size="62">

$trimmed=htmlspecialchars($_FILES["uploadedfile"]["name"]);
$trimmed=substr($trimmed, -3, 3);
$retez=$num_rows.".".$trimmed;

mysql_query("INSERT INTO quads (nazev,popis,cena,razeni,typ) VALUES ('$x_nazev','$x_popis','$x_cena','$x_razeni','$trimmed')");

$result=mysql_query("SELECT * FROM quads where nazev='$x_nazev' and popis='$x_popis'");
$cislo = @mysql_fetch_array($result);
//echo"$cislo[0]"; echo"<br>";
$uploaddir = './pictures/';
$uploadfile = $uploaddir . $cislo[0] . "." . $trimmed;

$tmp_name=$num_rows;

if (@move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $uploadfile)) {
echo "<center>Soubor je v pořádku a byl úspěšně nahrán na server.</center>\n";
} else 
if (@$_POST['uploadedfile']<>"") { echo "<center>Possible file upload attack!</center>\n"; } else { echo "<center>Nebyl vybran soubor!</center>\n"; }

</p>