Jump to content

Uploading Image and Inserting to Database

Moorcam

By Moorcam
in PHP Coding Help

 Share
Go to solution Solved by Jacques1,

Recommended Posts

Moorcam Advanced Member

Moorcam

Posted
Posted

Hi guys and Gals,

 

This has my head wrecked to be honest.

I am trying to upload an image to a directory, which is working. However, I also want to put the file name into MySQL. This will work if the image upload script is removed. With the script enabled, the file uploads but I get "Undefined index: userPic" from the following line:

$userPic = mysqli_real_escape_string($mysqli, $_POST['userPic']);

Here is the complete code:

 	if(isset($_POST['Submit'])){//if the submit button is clicked
	$company_name = mysqli_real_escape_string($mysqli, $_POST['company_name']);
	$company_abn = mysqli_real_escape_string($mysqli, $_POST['company_abn']);
	$company_email = mysqli_real_escape_string($mysqli, $_POST['company_email']);
	$address = mysqli_real_escape_string($mysqli, $_POST['address']);
	$company_phone = mysqli_real_escape_string($mysqli, $_POST['company_phone']);
	$company_slogan = mysqli_real_escape_string($mysqli, $_POST['company_slogan']);
	$userPic = mysqli_real_escape_string($mysqli, $_POST['userPic']);
	// Upload Image
if (isset($_FILES["userPic"]["name"])) {

    $name = $_FILES["userPic"]["name"];
    $tmp_name = $_FILES['userPic']['tmp_name'];
    $error = $_FILES['userPic']['error'];

    if (!empty($name)) {
        $location = 'uploads/';

        if  (move_uploaded_file($tmp_name, $location.$name)){
            echo 'Uploaded';
        }

    } else {
        echo 'please choose a file';
    }
}
	$sql="UPDATE company_settings SET company_name='$company_name', company_slogan='$company_slogan', company_abn='$company_abn', company_email='$company_email', address='$address', company_phone='$company_phone', userPic='$userPic'";
	$mysqli->query($sql) or die("Cannot update");//update or error
	}

Has anyone got any ideas where I am going wrong (besides not using PDO) and how I can solve it?

 

Thanks in advance.

Link to comment
Share on other sites
Jacques1 Prolific Member

Jacques1

Posted
Posted

I don't think you understand what I'm saying.

 

There is no $_POST['userPic']. It does not exist. You cannot put it anywhere.

 

The userPic parameter is your uploaded file which can be accessed via the $_FILES superglobal. You already know that, because you're processing that exact file just one line later. Yet for some reason you also expect something in $_POST['userPic']. What would that be? The file content? The filename? The path to the file? This wouldn't make any sense.

 

All upload-related data is in $_FILES. That's what you need to use.

Link to comment
Share on other sites
Moorcam Advanced Member

Moorcam

Posted
  • Author
Posted

I don't think you understand what I'm saying.

 

There is no $_POST['userPic']. It does not exist. You cannot put it anywhere.

 

The userPic parameter is your uploaded file which can be accessed via the $_FILES superglobal. You already know that, because you're processing that exact file just one line later. Yet for some reason you also expect something in $_POST['userPic']. What would that be? The file content? The filename? The path to the file? This wouldn't make any sense.

 

All upload-related data is in $_FILES. That's what you need to use.

I think I am getting you now. lol

I have changed the errored line from $_POST['userPic'] to $_FILES['userPic'] and now getting the following for the same line:

[11-Jun-2017 21:36:58 Australia/Melbourne] PHP Warning:  mysqli_real_escape_string() expects parameter 2 to be string, array given in /home/danethic/public_html/cms/admin/settings.php on line 16
Link to comment
Share on other sites
  • Solution
Jacques1 Prolific Member

Jacques1

Posted
  • Solution
Posted

C'mon now.

 

Your own code says that $_FILES['userPic'] is an array. Not a string. An array with different data. You cannot put an array into a database table. You have to pick one value (like the filename) and insert that.

 

Again: You already know that -- unless you've copied and pasted the entire code and have no idea what it's actually doing.

Link to comment
Share on other sites
Moorcam Advanced Member

Moorcam

Posted
  • Author
Posted

C'mon now.

 

Your own code says that $_FILES['userPic'] is an array. Not a string. An array with different data. You cannot put an array into a database table. You have to pick one value (like the filename) and insert that.

 

Again: You already know that -- unless you've copied and pasted the entire code and have no idea what it's actually doing.

LOL It's late mate. :D

Changed the troubled line to:

$userPic = $_FILES['userPic']['name'];

It works now

Thank you. :)

Link to comment
Share on other sites
Moorcam Advanced Member

Moorcam

Posted
  • Author
Posted

The code allows anybody to upload and execute arbitrary malware on your server, so to avoid getting yourself into deep trouble, you should think about this again.

I will be. At the moment it is only for my use while learning.

Thank you. :)

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.