Problems with uploading

andregustavo_castro · November 7th, 2008, 10:02 AM

Hello personal, I have problems with an uploading system that I am developing.
The logic is the following, I have a form where I register a certain event, and sending an advertising image of that event. The information of the form, are going to the Database and the file for a paste. But no this being accomplished that task, the file not this being created in the paste, and his road no this being safe in the database.
Below they are all my codes, so that they can to verify and to help me with that problem.

UpLoadFunctions.asp

Code:

<%
' Upload Sem componentes ---------------------------------------
Sub BuildUploadRequest(RequestBin)
on error resume next

PosBeg = 1
PosEnd = InStrB(PosBeg, RequestBin, getByteString(Chr(13)))
boundary = MidB(RequestBin, PosBeg, PosEnd - PosBeg)
BoundaryPos = InStrB(1, RequestBin, boundary)

Do Until (BoundaryPos = InStrB(RequestBin, boundary & getByteString("--")))

Dim UploadControl
Set UploadControl = CreateObject("Scripting.Dictionary")

Pos = InStrB(BoundaryPos, RequestBin, getByteString("Content-Disposition"))
Pos = InStrB(Pos, RequestBin, getByteString("name="))
PosBeg = Pos + 6
PosEnd = InStrB(PosBeg, RequestBin, getByteString(Chr(34)))
Name = getString(MidB(RequestBin, PosBeg, PosEnd - PosBeg))
PosFile = InStrB(BoundaryPos, RequestBin, getByteString("filename="))
PosBound = InStrB(PosEnd, RequestBin, boundary)

If PosFile <> 0 And (PosFile < PosBound) Then
PosBeg = PosFile + 10
PosEnd = InStrB(PosBeg, RequestBin, getByteString(Chr(34)))
FileName = getString(MidB(RequestBin, PosBeg, PosEnd - PosBeg))
UploadControl.Add "FileName", FileName
Pos = InStrB(PosEnd, RequestBin, getByteString("Content-Type:"))
PosBeg = Pos + 14
PosEnd = InStrB(PosBeg, RequestBin, getByteString(Chr(13)))
ContentType = getString(MidB(RequestBin, PosBeg, PosEnd - PosBeg))
UploadControl.Add "ContentType", ContentType
PosBeg = PosEnd + 4
PosEnd = InStrB(PosBeg, RequestBin, boundary) - 2
Value = MidB(RequestBin, PosBeg, PosEnd - PosBeg)
Else
Pos = InStrB(Pos, RequestBin, getByteString(Chr(13)))
PosBeg = Pos + 4
PosEnd = InStrB(PosBeg, RequestBin, boundary) - 2
Value = getString(MidB(RequestBin, PosBeg, PosEnd - PosBeg))
End If

UploadControl.Add "Value", Value
UploadRequest.Add Name, UploadControl
BoundaryPos = InStrB(BoundaryPos + LenB(boundary), RequestBin, boundary)
Loop
End Sub

Function getByteString(StringStr)
For i = 1 To Len(StringStr)
Char = Mid(StringStr, i, 1)
getByteString = getByteString & ChrB(AscB(Char))
Next
End Function

Function getString(StringBin)
getString = ""
For intCount = 1 To LenB(StringBin)
getString = getString & Chr(AscB(MidB(StringBin, intCount, 1)))
Next
End Function

' Fim upload sem Componentes -----------------------------------------
%>

Now, the page form
form_addEvent.asp

Code:

<%@LANGUAGE="VBSCRIPT" codepage="65001" LCID="1046"  %>

<%Session.CodePage = 65001%>







<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
<!--
body,td,th {
    font-family: Verdana, Arial, Helvetica, sans-serif;
    font-size: 10px;
    color: #000000;
}
body {
    margin-left: 0px;
    margin-top: 0px;
    margin-right: 0px;
    margin-bottom: 0px;
    background-color: #FFE94F;
}
.style1 {
    font-size: 12px;
    font-weight: bold;
}
-->
</style></head>

<body>
<form action="salvaagenda.asp" method="post" enctype="multipart/form-data" name="form1" id="form1">
  <table width="100%" border="0" cellspacing="2" cellpadding="2">
    <tr>
      <td colspan="3"><div align="center" class="style1">Incluir Evento na Agenda </div></td>
    </tr>
    <tr>
      <td colspan="3"><div align="center">Preencha todos os campos</div></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td width="19%"><div align="right">Img Publicidade: </div></td>
      <td width="80%"><input name="txt_foto1" type="file" id="txt_foto1" style=" font-size:10px; font-family:Verdana, Arial, Helvetica, sans-serif; size:auto" size="35" /></td>
      <td width="1%">&nbsp;</td>
    </tr>
    <tr>
      <td><div align="right">Nome do Evento: </div></td>
      <td><input name="nome_evento" type="text" id="nome_evento" style=" font-size:10px; font-family:Verdana, Arial, Helvetica, sans-serif; size:auto"  size="35" /></td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td><div align="right">Local:</div></td>
      <td><input name="local" type="text" id="local" style=" font-size:10px; font-family:Verdana, Arial, Helvetica, sans-serif; size:auto"  size="35" /></td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td><div align="right">Data:</div></td>
      <td><input name="data1" type="text" id="data1" style=" font-size:10px; font-family:Verdana, Arial, Helvetica, sans-serif; size:auto" value="ex.: dd/mm/aaaa"  size="35" /> 
      (essa data aparecera na pagina principal) </td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td><div align="right">Data2:</div></td>
      <td><input name="dia" type="text" id="dia" style=" font-size:10px; font-family:Verdana, Arial, Helvetica, sans-serif; size:auto" value="dia"  size="3" /> 
        de 
        <input name="mes" type="text" id="mes" style=" font-size:10px; font-family:Verdana, Arial, Helvetica, sans-serif; size:auto" value="mes"  size="12" />
      de
      <input name="ano" type="text" id="ano" style=" font-size:10px; font-family:Verdana, Arial, Helvetica, sans-serif; size:auto" value="2008"  size="5" />
      (data da pagina agenda.Ex. <strong>01 de MarÃ§o de 2008</strong>) </td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td><div align="right">HorÃ¡rio:</div></td>
      <td><input name="horario" type="text" id="horario" style=" font-size:10px; font-family:Verdana, Arial, Helvetica, sans-serif; size:auto" value="00:00"  size="35" /></td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td><div align="right">Cidade/Estado:</div></td>
      <td><input name="cidade" type="text" id="cidade" style=" font-size:10px; font-family:Verdana, Arial, Helvetica, sans-serif; size:auto"  size="16" />
      &nbsp;
      <select name="TXTEstado" id="TXTEstado" style=" font-size:10px; font-family:Verdana, Arial, Helvetica, sans-serif; size:auto">
        <option value="-1">Selecione</option>
        <option value="AC">AC</option>
        <option value="AL">AL</option>
        <option value="AP">AP</option>
        <option value="AM">AM</option>
        <option value="BA">BA</option>
        <option value="CE">CE</option>
        <option value="DF">DF</option>
        <option value="ES">ES</option>
        <option value="GO" selected="selected">GO</option>
        <option value="MA">MA</option>
        <option value="MT">MT</option>
        <option value="MS">MS</option>
        <option value="MG">MG</option>
        <option value="PA">PA</option>
        <option value="PB">PB</option>
        <option value="PR">PR</option>
        <option value="PE">PE</option>
        <option value="PI">PI</option>
        <option value="RJ">RJ</option>
        <option value="RN">RN</option>
        <option value="RS">RS</option>
        <option value="RO">RO</option>
        <option value="RR">RR</option>
        <option value="SC">SC</option>
        <option value="SP">SP</option>
        <option value="SE">SE</option>
        <option value="TO">TO</option>
                        </select></td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td valign="top"><div align="right">DescriÃ§Ã£o da Festa:</div></td>
      <td><textarea name="txtdescri" cols="35" rows="4" wrap="physical" id="txtdescri"></textarea></td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td><div align="right"></div></td>
      <td><input type="submit" name="Submit" value="Incluir" /></td>
      <td>&nbsp;</td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
  </table>
</form>
</body>
</html>

savenew_event.asp

Code:

<%@LANGUAGE="VBSCRIPT" %>


<% RESPONSE.Expires=0 %>

<% 

Dim nDia, nMes, nAno, nDiaSemana
Dim sDiaSemana, sMes

nDia = day(Date)
nMes = month(Date)
nAno = year(Date)
nDiaSemana = weekday(Date)

select case nDiaSemana
case 1 sDiaSemana = "Domingo"
case 2 sDiaSemana = "Segunda-Feira"
case 3 sDiaSemana = "TerÃ§a-Feira"
case 4 sDiaSemana = "Quarta-Feira"
case 5 sDiaSemana = "Quinta-Feira"
case 6 sDiaSemana = "Sexta-Feira"
case 7 sDiaSemana = "S&aacute;bado"
end select

select case nMes
case 1 sMes = "01"
case 2 sMes = "02"
case 3 sMes = "03"
case 4 sMes = "04"
case 5 sMes = "04"
case 6 sMes = "06"
case 7 sMes = "07"
case 8 sMes = "08"
case 9 sMes = "09"
case 10 sMes = "10"
case 11 sMes = "11"
case 12 sMes = "12"
end select


%>
<% session("data2") = nDia & "/" & sMes & "/" & nAno  %>



<%
' Chamando FunÃ§Ãµes, que fazem o Upload funcionar
byteCount = Request.TotalBytes
RequestBin = Request.BinaryRead(byteCount)
Set UploadRequest = CreateObject("Scripting.Dictionary")
BuildUploadRequest RequestBin

dim byteCount , RequestBin , UploadRequest
' Recuperando os Dados Digitados ----------------------

    varNomeEvento = UploadRequest.Item("nome_evento").Item("Value")
    varLocal = UploadRequest.Item("local").Item("Value")
    varData1 = UploadRequest.Item("data1").Item("Value")
     varDia = UploadRequest.Item("dia").Item("Value")
    varMes = UploadRequest.Item("mes").Item("Value")
    varAno = UploadRequest.Item("ano").Item("Value")
    varHorario = UploadRequest.Item("horario").Item("Value")
    varCidade = UploadRequest.Item("cidade").Item("Value")
    varEstado = UploadRequest.Item("TXTEstado").Item("Value")
    varDescricao = UploadRequest.Item("txtdescri").Item("Value")
    DataCadastro = session("data2")


 ' Tipo de arquivo que esta sendo enviado
tipo_foto1 = UploadRequest.Item("txt_foto1").Item("ContentType")


' Caminho completo dos arquivos enviados
caminho_foto1 = UploadRequest.Item("txt_foto1").Item("FileName")


' Nome dos arquivos enviados
nome_foto1 = Right(caminho_foto1,Len(caminho_foto1)-InstrRev(caminho_foto1,"\"))

' Conteudo binario dos arquivos enviados
foto1 = UploadRequest.Item("txt_foto1").Item("Value")


' pasta onde as imagens serao guardadas
pasta = Server.MapPath("imagens_agenda/")
nome_foto1 = "/"&nome_foto1


' pasta + nome dos arquivos

cfoto1 = "imagens_agenda" + nome_foto1


' Fazendo o Upload do arquivo selecionado

if foto1 <> "" then
Set ScriptObject = Server.CreateObject("Scripting.FileSystemObject")
Set MyFile = ScriptObject.CreateTextFile(pasta & nome_foto1)
For i = 1 to LenB(foto1)
MyFile.Write chrB(AscB(MidB(foto1,i,1)))
Next
MyFile.Close
end if

' Conecta-se ao Banco de Dados
call abreconexao

function LimparTexto(str)
str = trim(str)
str = lcase(str)
str = replace(str,"=","")
str = replace(str,"'","")
str = replace(str,"""""","")
str = replace(str," or ","")
str = replace(str," and ","")
str = replace(str,"(","")
str = replace(str,")","")
str = replace(str,"<","[")
str = replace(str,">","]")
str = replace(str,"update","")
str = replace(str,"-shutdown","")
str = replace(str,"--","")
str = replace(str,"'","")
str = replace(str,"#","")
str = replace(str,"$","")
str = replace(str,"%","")
str = replace(str,"Â¨","")
str = replace(str,"&","")
str = replace(str,"'or'1'='1'","")
str = replace(str,"--","")
str = replace(str,"insert","")
str = replace(str,"drop","")
str = replace(str,"delet","")
str = replace(str,"xp_","")
str = replace(str,"select","")
str = replace(str,"*","")
LimparTexto = str
end function
%>
<%

CALL LimparTexto(varNomeEvento)
CALL LimparTexto(varLocal)
CALL LimparTexto(varData1)
CALL LimparTexto(varDia)
CALL LimparTexto(varMes)
CALL LimparTexto(varAno)
CALL LimparTexto(varHorario)
CALL LimparTexto(varCidade)
CALL LimparTexto(varEstado)
CALL LimparTexto(varDescricao)


' cadastra os dados no banco de dados
sql = " Insert into agenda ( Foto, NomeFesta , Local , MiniData , DiaFesta , MesFesta , AnoFesta , Horario , Cidade , Estado , Descricao , Data) values ( '"&cfoto&"', '"&varNomeEvento&"', '"&varLocal&"', '"&varData1&"', '"&varDia&"', '"&varMes&"', '"&varAno&"', '"&varHorario&"', '"&varCidade&"', '"&varEstado&"', '"&varDescricao&"', '"&DataCadastro&"')"

SET rsSQL = ConexaoDB.Execute(sql)




response.Redirect("agenda.asp")

%>