Jump to content
Sign in to follow this  
DanEthical

Uploading Image and Inserting to Database

Recommended Posts

Hi guys and Gals,

 

This has my head wrecked to be honest.

I am trying to upload an image to a directory, which is working. However, I also want to put the file name into MySQL. This will work if the image upload script is removed. With the script enabled, the file uploads but I get "Undefined index: userPic" from the following line:

$userPic = mysqli_real_escape_string($mysqli, $_POST['userPic']);

Here is the complete code:

 	if(isset($_POST['Submit'])){//if the submit button is clicked
	$company_name = mysqli_real_escape_string($mysqli, $_POST['company_name']);
	$company_abn = mysqli_real_escape_string($mysqli, $_POST['company_abn']);
	$company_email = mysqli_real_escape_string($mysqli, $_POST['company_email']);
	$address = mysqli_real_escape_string($mysqli, $_POST['address']);
	$company_phone = mysqli_real_escape_string($mysqli, $_POST['company_phone']);
	$company_slogan = mysqli_real_escape_string($mysqli, $_POST['company_slogan']);
	$userPic = mysqli_real_escape_string($mysqli, $_POST['userPic']);
	// Upload Image
if (isset($_FILES["userPic"]["name"])) {

    $name = $_FILES["userPic"]["name"];
    $tmp_name = $_FILES['userPic']['tmp_name'];
    $error = $_FILES['userPic']['error'];

    if (!empty($name)) {
        $location = 'uploads/';

        if  (move_uploaded_file($tmp_name, $location.$name)){
            echo 'Uploaded';
        }

    } else {
        echo 'please choose a file';
    }
}
	$sql="UPDATE company_settings SET company_name='$company_name', company_slogan='$company_slogan', company_abn='$company_abn', company_email='$company_email', address='$address', company_phone='$company_phone', userPic='$userPic'";
	$mysqli->query($sql) or die("Cannot update");//update or error
	}

Has anyone got any ideas where I am going wrong (besides not using PDO) and how I can solve it?

 

Thanks in advance.

Share this post


Link to post
Share on other sites

There is no $_POST['userPic']. The userPic is your uploaded file which you're processing just one line later.

 

Also, if you cannot or don't want to switch to PDO, then at least learn mysqli properly (prepared statements, error handling etc.).

Share this post


Link to post
Share on other sites

Thanks Jacques,

I am trying to learn. I will be updating it all over time with prepared statements etc.

At this moment I am in limbo as to where exactly I need to put the $_POST['userPic'] ?

Share this post


Link to post
Share on other sites

I don't think you understand what I'm saying.

 

There is no $_POST['userPic']. It does not exist. You cannot put it anywhere.

 

The userPic parameter is your uploaded file which can be accessed via the $_FILES superglobal. You already know that, because you're processing that exact file just one line later. Yet for some reason you also expect something in $_POST['userPic']. What would that be? The file content? The filename? The path to the file? This wouldn't make any sense.

 

All upload-related data is in $_FILES. That's what you need to use.

Share this post


Link to post
Share on other sites

I don't think you understand what I'm saying.

 

There is no $_POST['userPic']. It does not exist. You cannot put it anywhere.

 

The userPic parameter is your uploaded file which can be accessed via the $_FILES superglobal. You already know that, because you're processing that exact file just one line later. Yet for some reason you also expect something in $_POST['userPic']. What would that be? The file content? The filename? The path to the file? This wouldn't make any sense.

 

All upload-related data is in $_FILES. That's what you need to use.

I think I am getting you now. lol

I have changed the errored line from $_POST['userPic'] to $_FILES['userPic'] and now getting the following for the same line:

[11-Jun-2017 21:36:58 Australia/Melbourne] PHP Warning:  mysqli_real_escape_string() expects parameter 2 to be string, array given in /home/danethic/public_html/cms/admin/settings.php on line 16

Share this post


Link to post
Share on other sites

C'mon now.

 

Your own code says that $_FILES['userPic'] is an array. Not a string. An array with different data. You cannot put an array into a database table. You have to pick one value (like the filename) and insert that.

 

Again: You already know that -- unless you've copied and pasted the entire code and have no idea what it's actually doing.

Share this post


Link to post
Share on other sites

C'mon now.

 

Your own code says that $_FILES['userPic'] is an array. Not a string. An array with different data. You cannot put an array into a database table. You have to pick one value (like the filename) and insert that.

 

Again: You already know that -- unless you've copied and pasted the entire code and have no idea what it's actually doing.

LOL It's late mate. :D

Changed the troubled line to:

$userPic = $_FILES['userPic']['name'];

It works now

Thank you. :)

Share this post


Link to post
Share on other sites

The code allows anybody to upload and execute arbitrary malware on your server, so to avoid getting yourself into deep trouble, you should think about this again.

Share this post


Link to post
Share on other sites

The code allows anybody to upload and execute arbitrary malware on your server, so to avoid getting yourself into deep trouble, you should think about this again.

I will be. At the moment it is only for my use while learning.

Thank you. :)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.