Jump to content

Archived

This topic is now archived and is closed to further replies.

Solarpitch

I'd love some help with this Guys! Love some!

Recommended Posts

Hey Guys, wondering if you can help me with the following code. I am creating a site that involves a user needing to upload a picture of a product they wish to sell.
I have never done this in an application before and this code is just  "practice" code before I implement.


This just creats a page that allows a user to select a file from thier system, give it a name a save it to the database . . however . . it doesnt save it at all!!

<html><head>
<title>Upload an image to a database</title>
<body>

<h2>Please upload a new picture and title</h2>

<form enctype=multipart/form-data method=post>
<input type=hidden name=MAX_FILE_SIZE value=150000>
<input type=hidden name=completed value=1>

Please choose an image to upload: <input type=file name=imagefile><br>
Please enter the title of that picture: <input name=whatsit><br>
then: <input type=submit></form><br>

<?php

// Connect to database

$mysql_connect = new mysqli("localhost", "root", "admin");
$mysql_connect->select_db('demoimage');


if ($_REQUEST[completed] == 1) {

        move_uploaded_file($_FILES['imagefile']['tmp_name'],"latest.img");
        $instr = fopen("latest.img","rb");
        $image = addslashes(fread($instr,filesize("latest.img")));
        if (strlen($instr) < 149000) {
                mysqli_query ($mysql_connect,"insert into pix (title, imgdata) values (\"".
                $_REQUEST[whatsit].
                "\", \"".
                $image.
                "\")");
        } else {
                $errmsg = "Too large!";
        }
}


?>


</body>
</html>

Cheers! :-\

Share this post


Link to post
Share on other sites
First things first...please change the title of your post to identify what you need help with.  It's a PHP Help forum so it's fair to assume people posting need help, we'd like to know what with.  Secondly, in any code, development or production and especially in development stages, you need to have it coded with full error/debug checking.  For instance, when using move_uploaded_file() you need to be checking if it has actually moved it; when running a database query, always make sure it actually ran the query, etc. 

I understand this is your first time on this kind of application, and that makes it all the more important to thoroughly check for any possible errors at key 'choke points' in the script.  Likely you will see what the error is almost straight away if you do. 

It would help if you could also say if it's not inserting the image into the database, into the filesystem, or if it's not installing any record at all into the database?  Also, have you made sure your database field that you're saving the image to is set as BLOB?  This is the datatype needed for binary data to be stored.  Another small note, I'm fairly sure you don't need to be adding addslashes to the image data as it should be checked prior to this if the datatype is correct, ie: "is this a jpeg/gif" and if it passes the test, this will be satisfactory to prevent someone using SQL Injection within the filedata.

Hope this helps,

Dest

Share this post


Link to post
Share on other sites
Oh . . sorry about the title . . my bad!

Thanks for the advice! What I would really like to do is to stor the image in a folder and store the path in the database. Bit I am unsure as to how that would work in terms of storing the image and selecting it to be displayed!

Share this post


Link to post
Share on other sites
No worries, I'm sorry if I seemed a little sharp, I was in a bit of a hurry when I wrote the last post ;)

The best resource for when you're starting out with file uploads is the manual itself.  There's a section specifically for how to handle file uploads which can be viewed here: http://www.php.net/manual/en/features.file-upload.php

Essentially all you need to do is write the file, and update the database with a location.  Then when you want to view it you use the location ie: <img src="$fileLocation" alt="$fileName"/> assuming you've populated those variables or use your own etc. 

As for the error checking/debugging, what I mean is:

[code]
<?php
if(is_uploaded_file($_FILES['userfile']['tmp_name']))
{
    $allowed = array("image/jpeg");
    if(in_array($allowed, $_FILES['userfile']['type']))
    {
        if(move_uploaded_file($_FILES['userfile']['tmp_name'], "latest.jpeg")
        {
            $query = mysql_query("INSERT INTO `images` (`name`,`url`) VALUES ('latest','latest.jpeg')");
            if($query)
            {
                echo "Image uploaded, Database updated<br/>\n";
            }
            else
            {
                echo "Database error occurred<br/>\n";
            }
        }
        else
        {
            echo "File error occurred, unable to copy file<br/>\n";
        }
    }
    else
    {
        echo "Filetype not accepted<br/>\n";
    }
}
else
{
    echo "File is not an uploaded file<br/>\n";
}
?>
[/code]

That's a little convoluted but it checks at every point to make sure if an error has occurred or not, including checking if the file is a jpeg file.  This is not infallible and you will need to check tutorials/examples elsewhere but it will help you get started along this path. 

An interesting note and it comes from the php manual...

[quote]
You could use the $_FILES['userfile']['type'] variable to throw away any files that didn't match a certain type criteria, but use this only as first of a series of checks, because this value is completely under the control of the client and not checked on the PHP side.
[/quote]

There are ways to do this using the GD library functions by storing the file first, checking its mime-type and deleting it if it doesn't match.  (just something for you to look into when you start really getting on a roll ;))

Hope this helps, but do ask any questions you may have,

Dest

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.