I have read numerous articles on stackoverflow and google regarding file upload and show directly in/from MYSQL BLOB column. I donot need to upload file anywhere because only one file is involved in my complete project and that is the logo file to be updated by the user.
Although I wanted to do the things with Codeigniter Upload library, but i couldn't complete the code so I was trying simple PHP solution, but it hasnot worked either.
Below is my code.
Code for Upload Form:
<?php echo form_open_multipart('UpdateCompanyInfo'); ?>
<div class="form-group">
<label>Logo</label>
<input type="file" class="form-control" name="logo">
[200 px (width)x200px (height)]
</div>
<div class="box-footer">
<button type="submit" class="btn btn-primary">Update Logo</button>
</div>
<?php echo form_close(); ?>
Code for Upload:
$check = getimagesize($_FILES["logo"]["tmp_name"]);
if($check !== false)
{
if($check[0]=="200" && $check[1]=="200" )
{
$image = $_FILES['logo']['tmp_name'];
$imageFileType = strtolower(pathinfo($_FILES['logo']['name'],PATHINFO_EXTENSION));
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg") {
return '<div class="alert alert-danger">'.$imageFileType.' Logo file of only jpg/png/jpeg type is acceptable.</div>';
}
$imgContent = addslashes(file_get_contents($image));
if($this->db->update("company", array('logo'=>$imgContent)))
{
return '<div class="alert alert-success">Logo has been updated successfully.</div>';
}
else
{
return '<div class="alert alert-danger">Error 101. Failed to update the logo.</div>';
}
}
else
return '<div class="alert alert-danger">Logo file of only 200px X 200px is acceptable.</div>';
}
Code to show the Image in View
echo '<img src="data:image/png;base64,'.base64_encode($companyinfo[0]->logo).'"/>';
I uploaded the png file, so I have used data:image/png
On inspecting the image element in view, I get the following output:
<img src="data:image/png;base64,iVBORw0KGgpcMFwwXDAN ....... v6/IDhCwtLWDE56vdo6CwCC07dMeva1dhgIGnEBikg7xODG0Pq+m61z8bC4Vqpzxpq6d8BhQK7Q1+rte/oyhK61mIAoGRznxWpiYmb8jaleunKEotrSaXy1Xb1lnxXhXvSAGgKtXBetZJOQEAIQkBAQAhCQEAIQkBACEJA8P7xP2GoiDrA7B2BXDBcMFwwXDBJRU5ErkJggg==">
All articles over internet are showing this solution, but why it is not working at my end?
You need to save image as base64_encode in database. Change your code as below line while uploading:
$imgContent = base64_encode(file_get_contents($image));
and when you need to show image, you just need to put content. No need to encode again. As below:
echo '<img src="data:image/png;base64,'.$companyinfo[0]->logo.'"/>';
Hope it helps you.
After trying the suggestions of #dnFer I tried using stripslashes while displaying the image. Things worked fine.
echo '<img src="data:image/png;base64,'.base64_encode(stripslashes($companyinfo[0]->logo)).'"/>';
But I have a Question. Somewhere I read: "As I was reading this I saw the problem was stripslashes(). Since the data is binary it might contain arbitrary characters that are equal to slashes so it will remove them. "
Will this be a problem? And is my data still safe after stripping away the slashes?
Short answer:
Change
$imgContent = addslashes(file_get_contents($image));
to
$imgContent = file_get_contents($image);
Long answer:
When applying addslashes(), the binary data of the image changes when it contains one or more single quote ('), double quote ("), backslash (\) or NUL (the NUL byte). It adds a backslash before those characters.
This is probably done to avoid SQL injection at the time prepared statements didn't exist or where rarely used.
Eg:
$imgContent = addslashes(file_get_contents($image));
$query = mysql_query ("insert into imageTable values ("INSERT INTO `product_images` (`id`, `image`, `image_name`) VALUES ('1', '{$imgContent}', '{$image_name}')"));
//Do Stuff like reading the image date from the database...
$imgContent = stripslashes($imgContent);
echo '<img src="data:image/png;base64,' . base64_encode($imgContent) . '"/>';
These days, not using prepared statements is bad practice and I suspect your database library makes use of it as well at the following line:
$this->db->update("company", array('logo'=>$imgContent));
Prepared statements (using mysqli or PDO) statements will prevent SQL injection, which make the use of addslashes() unnecessary.
Notes:
Make sure your database data field is large enough (TINYBLOB, BLOB,
MEDIUMBLOB, and LONGBLOB) to contain the complete image (data).
Do not store base64 encoded image data in the database as this data
is about 30% larger than the binary data.
Prefer to store images on the file server instead of the database, since storing lots of data can slow down the database server.
<form action="upload.php" method="POST" enctype="multipart/form-data">
<input type="file" name="image">
</form>
Php code upload.php
<?php
include_once 'dbconn.php';
$image = $_FILE['image'];
$name = $image['name'];
$tmpname = $image['tmp_name'];
$imgdestination = '../img/'.$name;
move_uploaded_file($tmpname, $imgdestination);
?>
Related
I want to ask you guys about my code in my php update form.
I use unlink($file_Path) to Remove my image file in my folder & my server and that work fine!
So I wonder when using "unlink($file_Path)" to removing an image, In my php page it show me an "Image File Icon " when there was no picture (The image file was removed) But it show me like that (Image file Icon) Because, I though It still has a some value (my value = "../filename.jpg")
so I put "value=" "/" (None Value to Reset a Value)
example :
<input type="hidden" name="newSubimage1" value=""/>
and that work fine when I use with "!empty($ro.."
example :
if (isset($row['subimage1']) && !empty($row['subimage1']))
{
echo "<img src='../images/images_products/".$row['subimage1']."'>";
} else {
echo "No Image Here"; }
`
to not show an "Image File Icon"
Is that a correct way ? that I used to Removing file / Not display an Image File Icon or you has any easy way or the best way that you want to suggest me.
thanks
$image_file_ext = array('jpg', 'png', 'bmp');
$file_ext = pathinfo($row['subimage1'],PATHINFO_EXTENSION);
if (isset($row['subimage1']) && !empty($row['subimage1']) && in_array($file_ext, $image_file_ext))
{
echo "<img src='../images/images_products/".$row['subimage1']."'>";
} else {
echo "No Image Here";
}
I am working in a simple form of html with php. I am adding some fields including file upload.
But I am facing a weird issue. When I upload image and submit form. It submits but when I do not upload image and submit the form. It says "Unsupported file format"
I checked that when I do not upload file and submit the form. It does not even post the form. Only "Unsupported file format" line come to the page and whole page blank.
This is my code:
<form action="" method="post" enctype="multipart/form-data">
<table class="form-table">
<tr>
<th>Title<font color="#ff0000">*</font></th>
<td><input name="title" type="text" value="<?=$_POST['title']?>" size="40" /></td>
</tr>
<tr>
<th>Image<font color="#ff0000">*</font></th>
<td><input type="file" name="file_name" /></td>
</tr>
<tr>
<th> </th>
<td> Dimensions: <?=$imgwidth?> x <?=$imgheight?> (Max: 2MB) <br />
JPG format is the one recommended.</td>
</tr>
<tr>
<th></th>
<td><input type="submit" name="btnAdd_cat" class="button" value="Add" /></td>
</tr>
</table>
</form>
Php code:
<?php
if(isset($_POST['btnAdd_cat'])){
$error = "";
$title = addslashes($_POST['title']);
if(empty($title)) $error .= "Please enter title.<br/>";
if(empty($error)){
$sql = "INSERT INTO ".CATEGORIES." (`title`, `status`) VALUES ('$title', '1')";
mysql_query($sql) or die(__LINE__.mysql_error());
$id = $insert_id = mysql_insert_id();
$success = "Successfuly added.<br/>";
$filename = $_FILES['file_name']['name'];
if(!empty($filename)){
$imgext = strtolower(substr($filename, -4));
$img = ereg_replace("[^a-z0-9._]", "",str_replace(" ", "-",str_replace("%20", "-", strtolower($title))));
$filename = "category-".$insert_id."-".$img.$imgext;
$savefile = "../pictures/".$filename;
//upload
if(copy($_FILES['file_name']['tmp_name'], $savefile)){
//echo "....Image uploaded ";
}else{$warning = "Failed to upload image!<br/>";}
chmod("$savefile",0777);
if(resize_picture("$savefile","$savefile","$imgwidth","$imgheight")){
//echo "....Image resized ";
}else{$warning = "Failed to resize image!<br/>";}
$image = $filename;
}
if(mysql_query("UPDATE ".CATEGORIES." SET image='".$image."' WHERE id='".$id."'")){
$success .= "Image added.<br/>";
unset($_GET);
} else {die(__LINE__.mysql_error());}
}
}
?>
This page comes when I submit without uploading file:
http://prntscr.com/706ght
Please help me in this.
Thanks
Put the file upload code block in if(isset($_FILES['file_name'])){} i.e. check whether the file is posted or not. because as you have said that the error occurred when you are not selecting any file so it better to check whether the file is posted before running the uploading code.
Hope this will help in solving your problem.
As you have said that when you don't select any file it's showing you an error then you need to update your if condition from
$filename = $_FILES['file_name']['name'];
if(!empty($filename))
to
$filename = $_FILES['file_name']['error'];
if($filename != 4) // Check no file is uploaded
There is a section in php documentation about file handling. You will find that you can check various errors and from file-upload-errors
UPLOAD_ERR_OK
Value: 0; There is no error, the file uploaded with success.
<...>
UPLOAD_ERR_NO_FILE
Value: 4; No file was uploaded.
I created a real instance of your code, suppressing what depends on your context (such as SQL-related, and so on): despite you have a number of points that should be enhanced (see below):
it never fired the error you mentioned
more interesting: POST was always done, while you report it was not the case for you
From this latter point I infer the issue should come from some control executed by your browser. So can you give more details about that: which browser are you using, with which plugins and under which OS?
Besides that, there are some points that don't matter for the issue you have pointed out, but should be more strictly coded:
as already mentioned, rather than using if(!empty(filename)), processing the uploaded file should be conditioned to something like if($_FILES['file_name']['error'] == UPLOAD_ERR_OK) before anything else
an important point is that ereg_replace() is deprecated as of PHP 5.3.0: you should use preg_replace() instead
when preparing to save title into database, use mysql_escape_string() rather than addslashes() (or turn using PDO, which takes care of that for you: look at http://php.net/manual/en/ref.pdo-mysql.php)
more generally, about your database processing, you had better to save data in a unique step when your image has been already processed; this way you optimize performance (with only one DB access), while you avoid getting incomplete records containing titles for which no image reference was finally registered
I having trouble with the move_uploaded_file function on my website.
The whole idea is that in a form, i insert the title, description and a screenshot of a project. Everything is working just fine. It saves the title and description with an id and the creation date in a mysql database and moves the file to a folder on the server.
The problem however is that some files are transferred to folder and some aren't. The problem seems to be in the files, but i can't seem to figure out what the problem is.
It is not the filesize; i have files of 5/6MB that are placed in the folder without any problems, and i have files that are around 3MB that arent. The extension isn't the problem either, they are both .jpg.
Are there any other requirements that a .jpg file should meet, in order to be uploaded?
I'm 99% certain the problem isn't in my code, as it uploads some files without a problem, but here is my code anyway.
The HTML part:
<form action="" method="post" enctype="multipart/form-data">
<h2>Title*</h2>
<input type="text" id="title" name="title">
<h2>Description*</h2>
<textarea id="descr" name="descr" cols="40" rows="4"></textarea>
<h2>Add file*</h2>
<input type="file" id="file" name="file">
<h2><input type="submit" id="submit" name="submit" value="Uploaden"></h2>
<p id="requirements">Fields marked with * are required.</p>
</form>
And this is the PHP part:
if (isset($_POST['submit'])) {
$destination = "../uploadedfiles/" . basename($_FILES['file']['name']);
if (move_uploaded_file($_FILES['file']['tmp_name'], $destination)) {
echo '<p id="succes">File has been uploaded</p>';
} else {
echo '<p id="error">File has not been uploaded</p>';
}
$title = $_POST['title'];
$descr = $_POST['descr'];
$name = ($_FILES['file']['name']);
include "../connect/connect.php";
if ($title == "" || $descr == "") {
echo '<p id="error">Fill in the required fields</p>';
} else {
$query = "INSERT INTO file(title, descr, name, created) VALUES ('{$title}', '{$descr}', '{$name}', NOW())";
$upload = $connect->query($query);
if ($upload) {
echo '<p id="succes">Info is stored in database</p>';
} else {
echo '<p id=error>Failed to store info in database</p>';
}
}
}
A bunch of stuff might be going wrong. move_uploaded_file is very pick and sometimes doesn't behave how it is documented. I had problems with it once and honestly, copy archive the same result in most cases if properly implemented.
There are reports of lone filenames causing trouble. 249 chars on $destination seems to be the limit.
not only upload_max_filesize must be set but also post_max_size
utf-8 names might be a problem
If you have problems where the uploaded file seems unaccessible, try to use copy() instead. There are reports of people not being able to find the file just after upload, move_uploaded_file just limits path over copy, the results are the same if you dont input any user var.
Thanks in advance for any help, I hope my explanation of my request is understandable.
I have a website where I upload various HTML pages with scripts, websites etc. that I have found useful over time... For the purpose of 1) a reference for myself, and 2) to share what I've found with others.
The website consists of 2 sections. A search page to find the script, and an admin page to upload it. The uploaded HTML file gets placed in a "docs/" directory on my server, and the details are added to a MySQL database for the search page.
The form looks like this:
<form name="upload" enctype="multipart/form-data" action="includes/add.php"
method="post" onsubmit="return validateForm();">
<label for="scriptname">Script Name</label><input class="inputarea" type="text"
name="scriptname"><br>
<label for="category">Category</label><input class="inputarea" type="text"
name="category"><br>
<label for="keywords">Keywords</label><input class="inputarea" type="text"
name="keywords"><br>
<label for="content">HTML File</label><input class="inputarea" type="file"
name="content"><br>
<input class="submit" type="submit" value="Add">
</form>
My question is this... Is there any way with JavaScript or PHP to do the following:
generate an automatic file name for the uploaded file (a few random digits would do)
In the "scriptname" input field, add text on submit so that it makes the Script name and file name into a hyperlink that's added to the database as text... eg. When submit button is pressed, the following is added to the database:
"scriptname_input"
Where the bold section is taken from the generated file name and the italic section is from the input field...
The purpose of this is so that in the search results, when the database column with the script name comes up, the script name is a link to the actual file. I have the search feature ready, and it is able to make a link from a database entry, but I just need to simplify the upload process.
If this is not possible, is there a different way to achieve this?
---EDIT---
Thank you all for your help! Much appreciated, I've worked it out using a combination of a few of the suggestions. However, I gave the credit to Ibere as his solution was the closest.
Here is the final code I used for the 'add.php' file that processed the upload and database addition, just in case it ever comes up again (I doubt it) :P
<?php
$filename = md5($_FILES['content']['name']);
$labelForUrl = $_POST['scriptname'];
$url = "$labelForUrl";
$target = "../docs/";
//This gets all the other information from the form
$name=$_POST['scriptname'];
$cat=$_POST['category'];
$key=$_POST['keywords'];
$link=$_POST['link'];
$file=($_FILES['content']['scriptname']);
// Connects to your Database
mysql_connect("localhost", "username", "password") or
die(mysql_error()) ;
mysql_select_db("scripts") or die(mysql_error()) ;
//Writes the information to the database
mysql_query("INSERT INTO scripttable (scriptname,category,keywords,link,content)
VALUES ('$url', '$cat', '$key', '$link', '$file')") ;
if(move_uploaded_file($_FILES['content']['tmp_name'], $target . $filename)) {
echo "The file ". $labelForUrl.
" has been uploaded";
}
else {
echo "There was an error uploading the file, please try again!";
}
?>
You can do something like this for the filename.
$filename = md5($_FILES['content']['name']);
$labelForUrl = $_POST['scriptname'];
md5 is not Random, but is good enough for generating a unreadable string for a filename.
Then you can create a url like this
<a href="docs/<?php echo $filename; ?>" ><?php echo $labelForUrl; ?></a>
Hope this helps.
EDIT: I forgot to add the extension to the filname. So the right code would be something like:
$filename = md5($_FILES['content']['name']).$_FILES['content']['type']
I recommend using uploadify for uploads. But, to do what you asked:
$randomFileName = rand(1000, 9999);
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $randomFileName . $_FILES["file"]["type"]);
// update your db with the location
$loc = "upload/" . $randomFileName . $_FILES["file"]["type"];
mysqli_query("insert into `myTable` (`loc`) values ('$loc')");
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
}
For file uploading help, look at http://www.w3schools.com/php/php_file_upload.asp
This is very easy, if you know codeigniter ( PHP Framework ).
You can use the Upload Class
You can easily create forms and submit them and also display them.
I would do it that way. If you are familiar with MVC you can do that in 10-15 mins.
To generate random file names, I usually find this does the work quite well: md5( rand( 0, 100000 ) );. If you wish to limit the size of the file name, you may use the substr function.
(Assuming a MySQL database), make the connection and then query the database using the INSERT command. This link shows how to do all of this.
I've trimmed my code down to the bare minimum to try to find why I cannot display any image that I upload & store via PHP into MySQL. If anyone can point out my error(s) I'd be most grateful.
On execution, the browser reports that the image cannot be displayed as it contains errors.
However, the image uploads & displays fine in other databases running in this same environment.
I've checked that the database holds a blob after upload.
I guess I'm missing something obvious.
Upload form..
<body>
<form enctype="multipart/form-data" action="imagetestprocess.php" method="post">
<input type="file" name="image">
<input type="submit" value="Submit">
</form>
Form handler..
<?php
include("../mylibrary/login.php");
login();
$imagefile = file_get_contents($_FILES['image']['tmp_name']);
$imagefile = mysql_real_escape_string($imagefile);
$query="UPDATE pieces SET image_full='$imagefile' WHERE assetno='1'";
$result = mysql_query($query);
?>
Image displayer..
<?php
include("../mylibrary/login.php");
login();
echo "<body>";
echo "before";
echo "<img src=\"showimage.php\" alt=\"showimage\">";
echo "after";
?>
called function...
<?php
include("../mylibrary/login.php");
login();
$query = "select * from pieces where assetno='1'";
$result=mysql_query($query);
$row=mysql_fetch_array($result, MYSQL_ASSOC);
$image=$row['image_full'];
header("Content-type: image/jpeg");
echo $image;
?>
change the image_full field type to MEDIUMBLOB / BLOB
user this $image = chunk_split(base64_encode(file_get_contents("image.jpg")));
instead of $imagefile = file_get_contents($_FILES['image']['tmp_name']);
and in show image function use image as below.
header("Content-type: image/jpeg");
echo base64_decode($image);
use mysql_escape_string or addslashes and clear your browser cache to see if it works
If the above solutions does not work for you.
Try increasing the length of the field in database.
if still it does not work,
You can check if the image format is RGB or CMYK.
format shoud be RGB to see on screen.
To make it sure you can try opening the same image file in browser.
I think it has something to do with your database encoding. some encoding does not support binary data.
If you cannot change the encoding, maybe you css base64 encode the data before saving and decode it when displaying. only thing is base64 will increase the size by 3.