conect php with mysql in order to upload image

[bonito1]

This is the code that im trying to connect my sql database with php in order to upload images

everything works perfect except the fact that the image doesn't upload to the database

plzz i want help .... HEEEEEEEEEEEEEEEEEEEEEEELLLPPPP

 

 

 

 

 

<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "login.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) 
  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php define ('MAX_FILE_SIZE', 1024 * 300000000000); ?>
<?php require_once('../Connections/check_mag.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "uploadImage")) {
// make sure it's a genuine file upload
if (is_uploaded_file($_FILES['image']['tmp_name'])) {
  // replace any spaces in original filename with underscores
  $filename = str_replace(' ', '_', $_FILES['image']['name']);
  // get the MIME type $mimetype = $_FILES['image']['type'];
  if ($mimetype == 'image/pjpeg') {
    $mimetype= 'image/jpeg';
  }
  // create an array of permitted MIME types
  $permitted = array('image/gif', 'image/jpeg', 'image/png');

// upload if file is OK
if (in_array($mimetype, $permitted)
     && $_FILES['image']['size'] > 0
     && $_FILES['image']['size'] <= MAX_FILE_SIZE) {
   switch ($_FILES['image']['error']) {
     case 0:
       // get the file contents
       $image = file_get_contents($_FILES['image']['tmp_name']);
       // get the width and height
       $size = getimagesize($_FILES['image']['tmp_name']);
       $width = $size[0];
       $height = $size[1];
  $insertSQL = sprintf("INSERT INTO images (filename, mimetype,
caption, image, width, height) VALUES (%s, %s, %s, %s, %s, %s)",
      GetSQLValueString($filename, "text"),
      GetSQLValueString($mimetype, "text"),
      GetSQLValueString($_POST['caption'], "text"),
      GetSQLValueString($image, "text"),
      GetSQLValueString($width, "int"),
      GetSQLValueString($height, "int"));

  mysql_select_db($database_check_mag, $check_mag);
  $Result1 = mysql_query($insertSQL, $check_mag) or die(mysql_error());
  if ($Result1) {
            $result = "$filename uploaded successfully.";
          } else {
            $result = "Error uploading $filename. Please try
again.";
          }
          break;
        case 3:
        case 6:
        case 7:
        case 8:
          $result = "Error uploading $filename. Please try again.";
          break;
        case 4:
          $result = "You didn't select a file to be uploaded.";
      }
    } else {
      $result = "$filename is either too big or not an image.";
    }
  }
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>File upload to database</title>
</head>

<body>
<?php
// if the form has been submitted, display result
if (isset($result)) {
  echo "<p><strong>$result</strong></p>";
}
?>
<form action="<?php echo $editFormAction; ?>" method="POST" enctype="multipart/form-data" name="uploadImage" id="uploadImage">
    <p>
	<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MAX_FILE_SIZE; ?>" />
        <label for="image">Upload image:</label>
        <input type="file" name="image" id="image" /> 
    </p>
    <p>
      <label for="caption">Caption:</label>
      <input type="text" name="caption" id="caption" />
    </p>
    <p>
        <input type="submit" name="upload" id="upload" value="Upload" />
    </p>
    <input type="hidden" name="MM_insert" value="uploadImage" />
</form>
</body>
</html>

[blacknight]

insted of using is_uploaded_file try using move_uploaded_file($_FILES['image']['tmp_name'], $target_path)) $target_path would be where it is stored on the server this will also pass a true or false if the file uploads the db query should go thru at that point...

[phpnerd]

Step 1: Create a folder named images located in the path you are planning to place the php script you are about to create. Make sure it has write rights for everybody or the scripts won't work ( it won't be able to upload the files into the directory).

 

Step 2: Paste the following code into a php file.

 

Please read carefuly the comments. All steps are explained there.

 

<?php

//define a maxim size for the uploaded images in Kb

define ("MAX_SIZE","100");

 

//This function reads the extension of the file. It is used to determine if the file is an image by checking the extension.

function getExtension($str) {

$i = strrpos($str,".");

if (!$i) { return ""; }

$l = strlen($str) - $i;

$ext = substr($str,$i+1,$l);

return $ext;

}

 

//This variable is used as a flag. The value is initialized with 0 (meaning no error found)

//and it will be changed to 1 if an errro occures.

//If the error occures the file will not be uploaded.

$errors=0;

//checks if the form has been submitted

if(isset($_POST['Submit']))

{

//reads the name of the file the user submitted for uploading

$image=$_FILES['image']['name'];

//if it is not empty

if ($image)

{

//get the original name of the file from the clients machine

$filename = stripslashes($_FILES['image']['name']);

//get the extension of the file in a lower case format

$extension = getExtension($filename);

$extension = strtolower($extension);

//if it is not a known extension, we will suppose it is an error and will not upload the file,

//otherwise we will do more tests

if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif"))

{

//print error message

echo '<h1>Unknown extension!</h1>';

$errors=1;

}

else

{

//get the size of the image in bytes

//$_FILES['image']['tmp_name'] is the temporary filename of the file

//in which the uploaded file was stored on the server

$size=filesize($_FILES['image']['tmp_name']);

 

//compare the size with the maxim size we defined and print error if bigger

if ($size > MAX_SIZE*1024)

{

echo '<h1>You have exceeded the size limit!</h1>';

$errors=1;

}

 

//we will give an unique name, for example the time in unix time format

$image_name=time().'.'.$extension;

//the new name will be containing the full path where will be stored (images folder)

$newname="images/".$image_name;

//we verify if the image has been uploaded, and print error instead

$copied = copy($_FILES['image']['tmp_name'], $newname);

if (!$copied)

{

echo '<h1>Copy unsuccessfull!</h1>';

$errors=1;

}}}}

 

//If no errors registred, print the success message

if(isset($_POST['Submit']) && !$errors)

{

echo "<h1>File Uploaded Successfully! Try again!</h1>";

}

 

?>

 

<!--next comes the form, you must set the enctype to "multipart/frm-data" and use an input type "file" -->

<form name="newad" method="post" enctype="multipart/form-data" action="">

<table>

<tr><td><input type="file" name="image"></td></tr>

<tr><td><input name="Submit" type="submit" value="Upload image"></td></tr>

</table>

</form>