h20boynz Posted April 14, 2010 Share Posted April 14, 2010 Hello I am very new to PHP and have been progressing quite well up until now. I'm building my first PHP/mySQL site (I've worked with .net before now) for a local club I am a member of. Their existing site was a shocker so I have offered to see what I could do The issue I have struck is regarding image uploading and storage. I would like users to be able to upload multiple images to a directory on the server, with a link stored in the database which I can then reference throughout the site. I've found bits of code here and there for uploading to a directory, code for uploading images into a DB, but nothing simple that I can follow to do both. I don't need thumbnailing at this stage but would like to resize images to a maximum dimension if over a set size. (I can live without this should this be too difficult or time consuming for anyone to get into with me.) I am at my wits end and would really appreciate any information offered. Quote Link to comment Share on other sites More sharing options...
Wolphie Posted April 14, 2010 Share Posted April 14, 2010 It's pretty straight forward to do, I haven't tested this so it might not work straight out of the box. <?php if (isset($_POST['submit'])) { // This defines a directory separator, i.e. "/" define('DS', DIRECTORY_SEPARATOR); // The directory you're uploading to (if in the same directory as this script) $target = dirname(__FILE__) . DS .'uploads'; if ((!empty($_FILES['uploaded_file']) && ($_FILES['uploaded_file']['error']) == 0)) { // Secure the input somewhat foreach ($_FILES['uploaded_file'] as $key => $val) { $_FILES['uploaded_file'][$key] = mysql_real_escape_string($val); } // The name of the file you're uploading $filename = $_FILES['uploaded_file']['name']; $filetype = $_FILES['uploaped_file']['type']; $filesize = $_FILES['uploaded_file']['size']; $tempfile = $_FILES['uploaded_file']['tmp_name']; // File extension $extension = substr($filename, strrpos($filename, '.') + 1); // Only JPEG images are accepted if ($ext == 'jpg' && $filetype == 'image/jpeg') { // Only files below 1MB if ($filesize < 1024) { if (!file_exists($target . DS . $filename)) { if (move_uploaded_file($tempfile, $target . DS . $filename)) { // Insert the data into the database $sql = "INSERT INTO images ( name, type, size, extension, path ) VALUES ( '%s', '%s', '%s', '%s', '%s' )"; $result = mysql_query(sprintf($sql, $filename, $filetype, $filesize, $extension, $target . DS . $filename)); echo 'You have successfully uploaded the file.'; } else { echo 'Error: A problem has occurred during the file upload.'; } } else { echo 'Error: The file <strong>'. $filename .'</strong> already exists.'; } } else { echo 'The file you have uploaded exceeded the upload limit.'; } } else { echo 'Error: Invalid file.'; } } } ?> <html> <body> <form name="upload" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data"> <input type="hidden" name="MAX_FILE_SIZE" value="1024" /> <input type="file" name="uploaded_file" /> <input type="submit" name="submit" value="Upload" /> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
h20boynz Posted April 14, 2010 Author Share Posted April 14, 2010 Thank you Wolphie... I've gone home for the night and the pc I'm using for the build is at work so I won't have a chance to try this out until tomorrow. It looks fairly easy to understand but looking at it, this looks like one file at a time. I imagine the users (club administrators) would like to add maybe 3 at a time. I understand simple loops but I'm not sure how to modify your code to account for this. I'll give it a go tomorrow and post back my results. Thank you again for your assistance! Quote Link to comment Share on other sites More sharing options...
Wolphie Posted April 14, 2010 Share Posted April 14, 2010 I've actually tested it now and it works okay but improved error handling is required for the SQL queries and connection handler. <?php if (isset($_POST['submit'])) { ///// BETTER ERROR HANDLING IS REQUIRED ///// $conn = mysql_connect('localhost', 'dbname', 'dbpass'); if ($conn) { mysql_select_db('dbname'); } // This defines a directory separator, i.e. "/" define('DS', DIRECTORY_SEPARATOR); // The directory you're uploading to (if in the same directory as this script) $target = dirname(__FILE__) . DS .'uploads'; // Maximum file size for file upload (currently 1MB) $max_file_size = round(1024 * 1024); if ((isset($_FILES['uploaded_file']) && ($_FILES['uploaded_file']['error']) == 0)) { // The name of the file you're uploading $filename = $_FILES['uploaded_file']['name']; $filetype = $_FILES['uploaded_file']['type']; $filesize = $_FILES['uploaded_file']['size']; $tempfile = $_FILES['uploaded_file']['tmp_name']; // File extension $extension = substr($filename, strrpos($filename, '.') + 1); // Only JPEG images are accepted if ($extension == 'jpg' && $filetype == 'image/jpeg') { if ($filesize < $max_file_size) { if (!file_exists($target . DS . $filename)) { if (move_uploaded_file($tempfile, $target . DS . $filename)) { // Insert the data into the database $sql = "INSERT INTO images ( name, type, size, extension, path ) VALUES ( '%s', '%s', '%s', '%s', '%s' )"; $result = mysql_query(sprintf($sql, $filename, $filetype, $filesize, $extension, $target . DS . $filename), $conn); if ($result) { echo 'You have successfully uploaded the file.'; } else { // You should never use this kind of error handling in production, this is just for testing die (mysql_error()); } } else { echo 'Error: A problem has occurred during the file upload.'; } } else { echo 'Error: The file <strong>'. $filename .'</strong> already exists.'; } } else { echo 'The file you have exceeded the upload limit.'; } } else { echo 'Error: Invalid file.'; } } else { echo 'Error: No file selected.'; } } ?> <html> <body> <form name="upload" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data"> <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $max_file_size; ?>" /> <input type="file" name="uploaded_file" /> <input type="submit" name="submit" value="Upload" /> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
h20boynz Posted April 15, 2010 Author Share Posted April 15, 2010 Hello! I've been abale to get the above code to work for a single file upload but have a couple of problems. Firstly I am passing a value to the page for a reference to record in another table: echo "<td width='85'><a href='addphotos.php?id=$getid'>Add Photos</a></td></tr>"; and using $eventid = $_GET['id'] to assign this to a value on the 'addphotos.php' page. I echo'd out the $eventid variable on page load to check and it has the correct value. So now I'm trying to add this variable to a field in the photo table but it won't seem to go in. Heres the code as I have it now: <?php $eventid = $_GET['id']; echo "$eventid"; if (isset($_POST['submit'])) { ///// BETTER ERROR HANDLING IS REQUIRED ///// $conn = mysql_connect('localhost', 'xxx', 'xxx'); if ($conn) { mysql_select_db('xxx'); } // This defines a directory separator, i.e. "/" define('DS', DIRECTORY_SEPARATOR); // The directory you're uploading to (if in the same directory as this script) $target = dirname(__FILE__) . DS .'../images'; // Maximum file size for file upload (currently 1MB) $max_file_size = round(1024 * 1024); if ((isset($_FILES['uploaded_file']) && ($_FILES['uploaded_file']['error']) == 0)) { // The name of the file you're uploading $filename = $_FILES['uploaded_file']['name']; $filetype = $_FILES['uploaded_file']['type']; $filesize = $_FILES['uploaded_file']['size']; $tempfile = $_FILES['uploaded_file']['tmp_name']; // File extension $extension = substr($filename, strrpos($filename, '.') + 1); // Only JPEG images are accepted if ($filesize < $max_file_size) { if (!file_exists($target . DS . $filename)) { if (move_uploaded_file($tempfile, $target . DS . $filename)) { // Insert the data into the database $sql = "INSERT INTO Photos ( Event_ID, name, type, size, extension, path ) VALUES ( '%s','%s', '%s', '%s', '%s', '%s' )"; $result = mysql_query(sprintf($sql, $eventid, $filename, $filetype, $filesize, $extension, $target . DS . $filename), $conn); if ($result) { echo 'You have successfully uploaded the file.<br />'; echo '$eventid'; } else { // You should never use this kind of error handling in production, this is just for testing die (mysql_error()); } } else { echo 'Error: A problem has occurred during the file upload.'; } } else { echo 'Error: The file <strong>'. $filename .'</strong> already exists.'; } } else { echo 'The file you have selected exceeded the upload limit.'; } } else { echo 'Error: No file selected.'; } } ?> <body> <form name="upload" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data"> <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $max_file_size; ?>" /> <input type="file" name="uploaded_file" /> <input type="submit" name="submit" value="Upload" /> </form> When I echo out the $eventid variable after running the script it shows the actual text $eventid rather than the variables value and the value doesn't go into the table. I also had to remove the following line from the original code: if ($extension == 'jpg' && $filetype == 'image/jpeg') { because I was getting the file type error for every file. I also notice that in the photo table the type comes up as image/pjpeg. Not sure why this is and wonder if this has something to do with the file type error I'm getting with the if clause? In terms of my above post about multiple images...complete flop on my part. If anyone can help point me in the right direction it would be awesome! Thanks again Quote Link to comment Share on other sites More sharing options...
seniramsu Posted May 5, 2010 Share Posted May 5, 2010 take the quotes off from around the $eventid. Quotes aren't needed around variables. echo $eventid; It's been a couple weeks, so I don't know if you found the answer for that already or not. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.