[wp-hackers] Allow users to upload their own images - hook to use?

Nathaniel Taintor goldenapplesdesign at gmail.com
Thu Sep 12 18:17:06 UTC 2013 

Couple things here:

If you're letting users post the user ID to attach to a photo, then anyone
can post a picture to anyone else's user account if they know or can guess
the user ID. I would just use $current_user->ID on the back end rather than
a hidden field that has to be posted with user ID.

The insert_attachment() function you're using returns the post ID of the
image after a successful upload. Can you just use that ID to reference the
image in the custom table you're building, rather than $_FILES['file']? Its
simple enough to retrieve an image given its post ID using functions like
wp_get_attachment_url() or wp_get_attachment_image_src(). That seems like a
simple approach than trying to store the image url in your custom table.


Nathaniel Taintor, Designer/Developer
*Golden Apples Design*
http://goldenapplesdesign.com

@GoldenApples | 717.434.3226
goldenapplesdesign at gmail.com


On Thu, Sep 12, 2013 at 9:25 AM, Gregory Lancaster <
greglancaster71 at gmail.com> wrote:

> Im not sure how that would work.  Right now I am using a form I made, using
> wpdb to drop it into my custom table.  But the file is handles by the
> insert_attachment. It creates a post attachment, but I dont see a way to
> link up the post attachment ID to my custom table since it all happens on
> submit.
>
> My code:
>
>
> ///FORM CODE///
>
>
> <form name="log_data" method="post" action="" enctype="multipart/form-data"
> onsubmit="setTimeout('location.reload()', 500);" />
>   <input type="hidden" name="user_id" value="<?php echo $current_user->ID
> ?>"/>
>   <input type="number" step="any" class="form-control" placeholder="Value"
> name="length" value="" />
>   <br />
>   <input type="number" step="any" class="form-control" placeholder="Value"
> name="ground" value="" />
>   <br />
>   <label for="date">Week Of:</label>
>   <input type="date" name="date" class="form-control" value="" />
>   <br />
> <input type="file" name="file" value="">
>   <br />
>   <input type="submit" name="submit" value="submit" class="btn
> btn-primary"/>
> </form>
> </div>
>
> ///SUBMIT FORM CODE
>
> $post_id = NULL;
> global $wpdb;
> if ($_FILES) {
>   foreach ($_FILES as $key => $value) {
>     $newupload = insert_attachment($file, $post_id);
>     // $newupload returns the attachment id of the file that
>     // was just uploaded. Do whatever you want with that now.
>
>
>
>
> if (isset($_POST['submit'])) {
> $wpdb->insert(wp_jo_plugin_options, array (
>     'user_id' => $_POST['user_id'],
>     'length'  => $_POST['length'],
>     'ground'  => $_POST['ground'],
>     'date'    => $_POST['date'],
> 'file' => $_FILES['file'],
> ));
>         }
>     }
> }
>
>
> ///FILE HANDLING FUNCTION
>
> function insert_attachment($file_handler,$post_id,$setthumb='false') {
>
>   // check to make sure its a successful upload
>   if ($_FILES[$file_handler]['error'] !== UPLOAD_ERR_OK) __return_false();
>
>   require_once(ABSPATH . "wp-admin" . '/includes/image.php');
>   require_once(ABSPATH . "wp-admin" . '/includes/file.php');
>   require_once(ABSPATH . "wp-admin" . '/includes/media.php');
>
>   $attach_id = media_handle_upload( $file_handler, $post_id );
>
>   return $attach_id;
> }
>
>
>
>
> On Thu, Sep 12, 2013 at 6:35 AM, J.D. Grimes <jdg at codesymphony.co> wrote:
>
> >
> > On Sep 11, 2013, at 7:01 PM, BenderisGreat <greglancaster71 at gmail.com>
> > wrote:
> >
> > > Wait this could be the answer to everything I need done.  You said I
> can
> > > attach it to a post, so each users uploads would be associated to their
> > > specific post.  If I am doing that is it also possible to associate the
> > data
> > > I am saving with my form to that post as well?  How would that be done?
> > > custom fields or something?
> >
> > Yes, you can do that using post metadata AKA custom fields.
> >
> > http://codex.wordpress.org/Function_Reference/add_post_meta
> >
> > > Last followup question - how
> > > would I take the post->id from the image upload and drop it into my
> > table.
> > > (so each entry is properly matched up with the correct image)
> >
> >
> > The post ID is returned by wp_insert_attachment():
> >
> >
> >
> http://codex.wordpress.org/Function_Reference/wp_insert_attachment#Return_Values
> >
> > So you would just need to use $wpdb->insert() with that post ID (if you
> > are going to use the custom table instead of post meta).
> >
> > http://codex.wordpress.org/Class_Reference/wpdb#INSERT_rows
> >
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>

More information about the wp-hackers mailing list