Jump to content

How to include user uploaded files to index.php


Recommended Posts


how can i link the files stored in directory


to the index.php


eg: if a user upload's a file it should also be linked in index.php as


i tried this




<img src=\"$path\" >


but it only show's the file when it is uploaded.


can any help me?

Link to comment
Share on other sites

I would personally go with the database approach.


Set up a database to store user uploads, possible columns:

1 - id

2 - uploaded_by

3 - file_path

4 - upload_time


Then create the upload form/page, Upload page:

1 - Create upload form

2 - On successful upload, add new record to the table


Then on the Index page:

1 - Retrieve the records from the table and display them on the page.

Edited by PaulRyan
Link to comment
Share on other sites

I would do it in a more oop kind of way but since you don't know how to show all records from a db i have written this simple approach. Just call the function on any page you want to display the uploads.


    define("DB_SERVER", "server");
    define("DB_USER", "username");
    define("DB_PASS", "password");
    define("DB_NAME", "database_name");

  $connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
  if(mysqli_connect_errno()) {
    die("Database connection failed: " .
         mysqli_connect_error() .
         " (" . mysqli_connect_errno() . ")"
    function display_all_uploads() {
        // Make the connection
        global $connection;

        // check to see if we are looking for a particlar set of records
            $query  = "SELECT * ";
            $query .= "FROM table_name ";
            $query .= "ORDER BY value ASC";
            // query the database
            $upload_set = mysqli_query($connection, $query);
        // use the results
        while($upload = mysqli_fetch_assoc($upload_set)) {
            // do something here
            $output = "";
        // return the output
        return $output;
    function confirm_query($result_set) {
        if (!$result_set) {
            die("Database query failed.");


To do the insert just use the insert statement...i have 3 oop functions that i use all the time. I just call it when i need it. All my classes that require db actions inherit from this one.



class DatabaseObject {

    public static function find_all() {
        return static::find_by_sql("SELECT * FROM ".static::$table_name);
  public static function find_by_id($id=0) {
      global $database;
    $result_array = static::find_by_sql("SELECT * FROM ".static::$table_name." WHERE id=".$database->escape_value($id)." LIMIT 1");
        return !empty($result_array) ? array_shift($result_array) : false;
  public static function find_by_sql($sql="") {
    global $database;
    $result_set = $database->query($sql);
    $object_array = array();
    while ($row = $database->fetch_array($result_set)) {
      $object_array[] = static::instantiate($row);
    return $object_array;

    public static function count_all() {
      global $database;
      $sql = "SELECT COUNT(*) FROM ".static::$table_name;
      $result_set = $database->query($sql);
      $row = $database->fetch_array($result_set);
          return array_shift($row);

    private static function instantiate($record) {
        // Could check that $record exists and is an array
        $class_name = get_called_class();
        $object = new $class_name;
        foreach($record as $attribute=>$value){
          if($object->has_attribute($attribute)) {
            $object->$attribute = $value;
        return $object;
    private function has_attribute($attribute) {
      // We don't care about the value, we just want to know if the key exists
      // Will return true or false
      return array_key_exists($attribute, $this->attributes());

    protected function attributes() {
        // return an array of attribute names and their values
      $attributes = array();
      foreach(static::$db_fields as $field) {
        if(property_exists($this, $field)) {
          $attributes[$field] = $this->$field;
      return $attributes;
    public function save() {
      // A new record won't have an id yet.
      return isset($this->id) ? $this->update() : $this->create();
    protected function sanitized_attributes() {
      global $database;
      $clean_attributes = array();
      // sanitize the values before submitting
      // Note: does not alter the actual value of each attribute
      foreach($this->attributes() as $key => $value){
        $clean_attributes[$key] = $database->escape_value($value);
      return $clean_attributes;
    public function create() {
        global $database;
        $attributes = $this->sanitized_attributes();
      $sql = "INSERT INTO ".static::$table_name." (";
        $sql .= join(", ", array_keys($attributes));
      $sql .= ") VALUES ('";
        $sql .= join("', '", array_values($attributes));
        $sql .= "')";
      if($database->query($sql)) {
        $this->id = $database->insert_id();
        return true;
      } else {
        return false;

    public function update() {
      global $database;
        $attributes = $this->sanitized_attributes();
        $attribute_pairs = array();
        foreach($attributes as $key => $value) {
          $attribute_pairs[] = "{$key}='{$value}'";
        $sql = "UPDATE ".static::$table_name." SET ";
        $sql .= join(", ", $attribute_pairs);
        $sql .= " WHERE id=". $database->escape_value($this->id);
      return ($database->affected_rows() == 1) ? true : false;

    public function delete() {
        global $database;
      $sql = "DELETE FROM ".static::$table_name;
      $sql .= " WHERE id=". $database->escape_value($this->id);
      $sql .= " LIMIT 1";
      return ($database->affected_rows() == 1) ? true : false;


Edited by Matt_C
Link to comment
Share on other sites






// can any correct it?








if(copy($_FILES['uname']['tmp_name'], $path))







$sql="INSERT INTO image(id,uname) VALUES ('$id','$a')";






echo "error";



$sql1="SELECT * FROM image";






echo $r['id'];


echo "<img src=http://wapfull.site90.net/upload/.$pic>";






Link to comment
Share on other sites

This thread is more than a year old. Are you sure you have something important to add to it?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.