Jump to content

Uploading Image and Inserting to Database


Moorcam

Recommended Posts

Hi guys and Gals,

 

This has my head wrecked to be honest.

I am trying to upload an image to a directory, which is working. However, I also want to put the file name into MySQL. This will work if the image upload script is removed. With the script enabled, the file uploads but I get "Undefined index: userPic" from the following line:

$userPic = mysqli_real_escape_string($mysqli, $_POST['userPic']);

Here is the complete code:

 	if(isset($_POST['Submit'])){//if the submit button is clicked
	$company_name = mysqli_real_escape_string($mysqli, $_POST['company_name']);
	$company_abn = mysqli_real_escape_string($mysqli, $_POST['company_abn']);
	$company_email = mysqli_real_escape_string($mysqli, $_POST['company_email']);
	$address = mysqli_real_escape_string($mysqli, $_POST['address']);
	$company_phone = mysqli_real_escape_string($mysqli, $_POST['company_phone']);
	$company_slogan = mysqli_real_escape_string($mysqli, $_POST['company_slogan']);
	$userPic = mysqli_real_escape_string($mysqli, $_POST['userPic']);
	// Upload Image
if (isset($_FILES["userPic"]["name"])) {

    $name = $_FILES["userPic"]["name"];
    $tmp_name = $_FILES['userPic']['tmp_name'];
    $error = $_FILES['userPic']['error'];

    if (!empty($name)) {
        $location = 'uploads/';

        if  (move_uploaded_file($tmp_name, $location.$name)){
            echo 'Uploaded';
        }

    } else {
        echo 'please choose a file';
    }
}
	$sql="UPDATE company_settings SET company_name='$company_name', company_slogan='$company_slogan', company_abn='$company_abn', company_email='$company_email', address='$address', company_phone='$company_phone', userPic='$userPic'";
	$mysqli->query($sql) or die("Cannot update");//update or error
	}

Has anyone got any ideas where I am going wrong (besides not using PDO) and how I can solve it?

 

Thanks in advance.

Link to comment
Share on other sites

Thanks Jacques,

I am trying to learn. I will be updating it all over time with prepared statements etc.

At this moment I am in limbo as to where exactly I need to put the $_POST['userPic'] ?

Link to comment
Share on other sites

I don't think you understand what I'm saying.

 

There is no $_POST['userPic']. It does not exist. You cannot put it anywhere.

 

The userPic parameter is your uploaded file which can be accessed via the $_FILES superglobal. You already know that, because you're processing that exact file just one line later. Yet for some reason you also expect something in $_POST['userPic']. What would that be? The file content? The filename? The path to the file? This wouldn't make any sense.

 

All upload-related data is in $_FILES. That's what you need to use.

Link to comment
Share on other sites

I don't think you understand what I'm saying.

 

There is no $_POST['userPic']. It does not exist. You cannot put it anywhere.

 

The userPic parameter is your uploaded file which can be accessed via the $_FILES superglobal. You already know that, because you're processing that exact file just one line later. Yet for some reason you also expect something in $_POST['userPic']. What would that be? The file content? The filename? The path to the file? This wouldn't make any sense.

 

All upload-related data is in $_FILES. That's what you need to use.

I think I am getting you now. lol

I have changed the errored line from $_POST['userPic'] to $_FILES['userPic'] and now getting the following for the same line:

[11-Jun-2017 21:36:58 Australia/Melbourne] PHP Warning:  mysqli_real_escape_string() expects parameter 2 to be string, array given in /home/danethic/public_html/cms/admin/settings.php on line 16
Link to comment
Share on other sites

C'mon now.

 

Your own code says that $_FILES['userPic'] is an array. Not a string. An array with different data. You cannot put an array into a database table. You have to pick one value (like the filename) and insert that.

 

Again: You already know that -- unless you've copied and pasted the entire code and have no idea what it's actually doing.

Link to comment
Share on other sites

C'mon now.

 

Your own code says that $_FILES['userPic'] is an array. Not a string. An array with different data. You cannot put an array into a database table. You have to pick one value (like the filename) and insert that.

 

Again: You already know that -- unless you've copied and pasted the entire code and have no idea what it's actually doing.

LOL It's late mate. :D

Changed the troubled line to:

$userPic = $_FILES['userPic']['name'];

It works now

Thank you. :)

Link to comment
Share on other sites

The code allows anybody to upload and execute arbitrary malware on your server, so to avoid getting yourself into deep trouble, you should think about this again.

I will be. At the moment it is only for my use while learning.

Thank you. :)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.