Jump to content

Recommended Posts

Hello everyone,

 

I would like to upload an image to a directory and keep it's path saved in mysql.

Some people proposed me in the past to save the image directly in mysql but others were totally against it.

 

Here is my code, remember, it is connecting properly and at the moment what I receive in the "image" row of mysql is "uploads/" but no image name at all.

 

Don't worry about the form validation as of yet, I am just trying to understand the principle at the moment, I will do the form validation later on.

 

Thanks in advance for your help.(I did not include the connection file as it is connecting well)

The error I am also currently receiving is:

Error: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'image' cannot be null

 

<?php include "../common/header_admin.php"; ?>
 <?php include '../conn/db_connect.php'; ?>
       

        <!-- Navigation -->
        <nav class="navbar navbar-default navbar-static-top" role="navigation" style="margin-bottom: 0">
            <div class="navbar-header">
                <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
                    <span class="sr-only">Toggle navigation</span>

                </button>
                <a class="navbar-brand" href="index.html">PizzaByLuca.com</a>
            </div>
            <!-- /.navbar-header -->

            <ul class="nav navbar-top-links navbar-right">

                <!-- /.dropdown -->
                <li class="dropdown">
                    <a class="dropdown-toggle" data-toggle="dropdown" href="#">
                        <i class="fa fa-user fa-fw"></i>  <i class="fa fa-caret-down"></i>
                    </a>
               
             <?php include '../admin/login_area.php'; ?>
          
                </li>
         
            </ul>
          
            <!--Left Side Navigation Menu Starts-->
            <div class="navbar-default sidebar" role="navigation">
                <div class="sidebar-nav navbar-collapse">
                    <ul class="nav" id="side-menu">
                        <li class="sidebar-search">
                            <div class="input-group custom-search-form">
                                <input type="text" class="form-control" placeholder="Search...">
                                <span class="input-group-btn">
                                <button class="btn btn-default" type="button">
                                    <i class="fa fa-search"></i>
                                </button>
                            </span>
                            </div>
                            
                        </li>
                        <li>
                            <a class="active" href="#"><i class="fa fa-dashboard fa-fw"></i> Dashboard</a>
                        </li>
                        
                        <!--Menu Include Starts -->
                        <?php include '../admin/left_side_menus.php'; ?>
                        <!--Menu Include Ends -->
                    </ul>
                </div>
               
            </div>
            <!--Left Side Navigation Menu End-->
            
        </nav>

        <div id="page-wrapper">
            <div class="row">
                <div class="col-lg-12">
                    <h1 class="page-header"></h1>
                </div>
            </div>

<!--Content Here-->
<?php
$action = isset( $_POST['action'] ) ? $_POST['action'] : "";
        if($action == "create"){
        try{
             $query = "INSERT INTO top_picture_slider SET title = ?, desc_medium = ?, desc_small = ?, image = ?";
       
       $title = sanitize($_POST['title']);
       $desc_medium = sanitize($_POST['desc_medium']);
       $desc_small = sanitize($_POST['desc_small']);
       $image = $_FILES["file"]["name"];
        
        //prepare query for execution
        $stmt = $con->prepare($query);
 
        //this is the first question mark
        $stmt->bindParam(1, $_POST['title']);
 
        //this is the second question mark
        $stmt->bindParam(2, $_POST['desc_medium']);
 
        //this is the third question mark
        $stmt->bindParam(3, $_POST['desc_small']);
 
        //this is the fourth question mark
        $stmt->bindParam(4, $_FILES["file"]["name"]);
       

        // Execute the query
        if($stmt->execute()){
            echo "<div class='alert alert-success' role='alert'>Record was added!.</div>";
        }else{
            die("<div class='alert alert-danger' role='alert'>Unable to update record!</div>");
        }
         
    }catch(PDOException $exception){ //to handle error
        echo "Error: " . $exception->getMessage();
    }
}
?>

 
<!--we have our html form here where user information will be entered-->
<form action="#" method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
<input type="text" class="form-control" placeholder="Add Your Title" size="100" name="title" /><br /><br />
<textarea cols="50" class="form-control" rows="10" wrap="virtual" maxlength="150" placeholder="Add Your Medium Description" name="desc_medium"></textarea><br /><br />
<textarea cols="50" class="form-control" rows="10" wrap="virtual" maxlength="100" placeholder="Add Your Small Description" name="desc_small"></textarea><br /><br />
<input type="file" name="image" class="btn btn-default btn-lg" /><br /><br />
<input type="hidden" name="action" value="create" />
<input class="btn btn-primary btn-lg" type="submit" value="save" /><br /><br />
</form>




<!--Content Here-->


<?php include '../common/footer_admin.php'; ?>
 

 

 

 

 

 

 

 

Thank you so much jacques!!!

 

I cannot believe I missed that one, it is because I change the row name in the database and totally forgot about it...dang!

 

I am still on my beginner courses so mistakes will still be made for many years :-)

 

What I would like to ask you please is to tell me if my way of storing the url path is correct or right for a coder, at the moment it is saving fine, I have added a bit of code on the $path.

 

In the database it saved my picture as "uploads/10566448_749876155095516_711706263_n.jpg"

 

Perhaps I should add a random generated function that gives different picture names each time? I am not sure if I am going in the right direction to be honest....

 

 <?php include "../common/header_admin.php"; ?> <?php include '../conn/db_connect.php'; ?>                <!-- Navigation -->        <nav class="navbar navbar-default navbar-static-top" role="navigation" style="margin-bottom: 0">            <div class="navbar-header">                <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">                    <span class="sr-only">Toggle navigation</span>                 </button>                <a class="navbar-brand" href="index.html">PizzaByLuca.com</a>            </div>            <!-- /.navbar-header -->             <ul class="nav navbar-top-links navbar-right">                 <!-- /.dropdown -->                <li class="dropdown">                    <a class="dropdown-toggle" data-toggle="dropdown" href="#">                        <i class="fa fa-user fa-fw"></i>  <i class="fa fa-caret-down"></i>                    </a>               <?php include '../admin/login_area.php'; ?>                          </li>                     </ul>                      <!--Left Side Navigation Menu Starts-->            <div class="navbar-default sidebar" role="navigation">                <div class="sidebar-nav navbar-collapse">                    <ul class="nav" id="side-menu">                        <li class="sidebar-search">                            <div class="input-group custom-search-form">                                <input type="text" class="form-control" placeholder="Search...">                                <span class="input-group-btn">                                <button class="btn btn-default" type="button">                                    <i class="fa fa-search"></i>                                </button>                            </span>                            </div>                                                    </li>                        <li>                            <a class="active" href="#"><i class="fa fa-dashboard fa-fw"></i> Dashboard</a>                        </li> <!--Menu Include Starts -->                        <?php include '../admin/left_side_menus.php'; ?>                        <!--Menu Include Ends -->                    </ul>                </div>                           </div><!--Left Side Navigation Menu End-->                    </nav>         <div id="page-wrapper">            <div class="row">                <div class="col-lg-12">                    <h1 class="page-header"></h1>                </div>            </div> <!--Content Here--><?php$action = isset( $_POST['action'] ) ? $_POST['action'] : "";        if($action == "create"){        try{$query = "INSERT INTO top_picture_slider SET title = ?, desc_medium = ?, desc_small = ?, image = ?";         $path = "uploads/" . $_FILES['image']['name'];        move_uploaded_file($_FILES['image']['tmp_name'], "../".$path);   $title = sanitize($_POST['title']);       $desc_medium = sanitize($_POST['desc_medium']);       $desc_small = sanitize($_POST['desc_small']);  $image = $path;         //prepare query for execution        $stmt = $con->prepare($query);         //this is the first question mark        $stmt->bindParam(1, $_POST['title']);         //this is the second question mark        $stmt->bindParam(2, $_POST['desc_medium']);         //this is the third question mark        $stmt->bindParam(3, $_POST['desc_small']);         //this is the fourth question mark        $stmt->bindParam(4, $image);           // Execute the query        if($stmt->execute()){            echo "<div class='alert alert-success' role='alert'>Record was added!.</div>";        }else{            die("<div class='alert alert-danger' role='alert'>Unable to update record!</div>");        }             }catch(PDOException $exception){ //to handle error        echo "Error: " . $exception->getMessage();    }}?>  <!--we have our html form here where user information will be entered--><form action="#" method="post" enctype="multipart/form-data"><input type="hidden" name="MAX_FILE_SIZE" value="100000" /><input type="text" class="form-control" placeholder="Add Your Title" size="100" name="title" /><br /><br /><textarea cols="50" class="form-control" rows="10" wrap="virtual" maxlength="150" placeholder="Add Your Medium Description" name="desc_medium"></textarea><br /><br /><textarea cols="50" class="form-control" rows="10" wrap="virtual" maxlength="100" placeholder="Add Your Small Description" name="desc_small"></textarea><br /><br /><input type="file" name="image" class="btn btn-default btn-lg" /><br /><br /><input type="hidden" name="action" value="create" /><input class="btn btn-primary btn-lg" type="submit" value="save" /><br /><br /></form>    <!--Content Here-->  <?php include '../common/footer_admin.php'; ?> 

 
 
Thanks,
 
Ben
Edited by benoit1980

You indeed should randomize the filename. In fact, relying on the user-provided name is a very bad idea: If you're not careful, people will upload malicious scripts. And you'll quickly run into issues with duplicate filenames.

 

A common approach is to validate the file extension against a whitelist (e. g., only “.jpg”, “.png” and “.gif” are allowed), generate a random filename and then append the extension. To get a random string, you can use mcrypt_create_iv() or openssl_random_pseudo_bytes(), depending on which one is available. 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.