I have a peace of code that stores profile images in the map "images/profiles" and stores the URL in the database. I want to define the name of the uploaded profile picture to be the $ID of the user. How can I do this?
include("../../core/init.inc.php");
$target = "../images/profiles/";
$target = $target . basename($_FILES['photo']['name']);
$pic = $_FILES['photo']['name'];
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target)) {
echo "The file ". basename($_FILES['photo']['name']). " has been uploaded";
} else {
echo "ERROR";
}
mysql_query("UPDATE users SET image_url='includes/images/profiles/$pic' WHERE username = '".mysql_real_escape_string($_SESSION['username'])."'");
Now when someone uploads his profile picture (lets call it pf1.png) it saves it as "pf1.png". I want it to be saved like "$ID.png" (.png being a random extension). I want to accomplish this both for the move_upload_file function and updating the 'image_url' database column correctly.
According to the example in the documentation you can provide the filename in the destination of move_uploaded_file(). If that fails you can simply rename() the file after saving it.
try changing
$target = $target . basename($_FILES['photo']['name']);
to:
$filename=$_FILES["file"]["tmp_name"];
$extension=end(explode(".", $filename));
$target = target . $_SESSION["ID"].".".$extension;
side note: You are not escaping $pic this makes your site vulnerable to sql-injection
I don't know how you saved the ID of the user, but to make it easy let's assume you stored the ID in a session.
Then simply change the $target.
$target = $target . $_SESSION['ID'];
Also change your query as follows:
$url = "includes/images/profiles/" . $_SESSION['ID'];
SET image_url="$url"
Note: I don't know why you got an image folder inside an includes folder, but I guess you made that choice for yourself.
you can get the last inserted id and make it as a name of your image/uploaded file
$qry = mysqli_query($dbconnection,"INSERT INTO statements here");
$last_id = mysqli_insert_id($dbconnection);
//$ext= you get the extension of the file uploaded
move_uploaded_file($tmpname,$target.$last_id.$ext);
now if you want it to be accomplished in updating also.
you can always get the ID of the data you want to fetch and make it as a basis in updating.
ex.
$id = $_GET['id'] || $id = $row['id']; //anything depends on how you want it to retrieve
then you can do the query and move_uploaded_file function
$qry = mysqli_query($dbconnection,"UPDATE tblname SET field='$anything' WHERE id = '$id'");
move_uploaded_file($tmpname,$target.$id.$ext);
of course $tmpname will be the basis on what file you have uploaded, $tmpname will be the file you want to move into your desired directory
Related
I'm working on project for creating Online Exam for college Entrance. I am looking for solution to upload image and create folder using user serial id as which is as per mysql database primary increment idsave the images inside the folder.
Here is my solution where images are uploaded in already created folder called uploads. How to modify this for what I required.
<?php
session_start();
include('../connect.php');
$a = $_POST['name'];
// query
$file_name = strtolower($_FILES['file']['name']);
$file_ext = substr($file_name, strrpos($file_name, '.'));
$prefix = 'your_site_name_'.md5(time()*rand(1, 9999));
$file_name_new = $prefix.$file_ext;
$path = '../uploads/'.$file_name_new;
/* check if the file uploaded successfully */
if(#move_uploaded_file($_FILES['file']['tmp_name'], $path)) {
//do your write to the database filename and other details
$sql = "INSERT INTO student (name,file) VALUES (:a,:h)";
$q = $db->prepare($sql);
$q->execute(array(':a'=>$a,':h'=>$file_name_new));
header("location: students.php");
}
?>
First: Be careful uploading files without correctly checking it's types;
Second: As Sean mentioned, this approach may get out of control.
--
The following example changed the steps that you tried.
First insert the user to get it's ID and then create the folder under '../uploads' with it.
This way you do not need to move the file two times (move the file to ../uploads, insert the user and then move the file again to ../uploads/userID)
<?php
...
$sql = "INSERT INTO student (name,file) VALUES (:a,:h)";
$q = $db->prepare($sql);
$q->execute(array(':a'=>$a,':h'=>$file_name_new));
// Get user id
$studentId = $db->lastInsertId();
// Create path with new userId just inserted
$path = "../uploads/$studentId/";
if(!file_exists($path)) { // maybe "&& !is_dir($path)" ?
// IMPORTANT NOTE: the second argument is the permission of the folder. 0777 is the default and may cause security flaws
mkdir($path, 0777, true);
}
// Move the uploaded file to new path with the userId
#move_uploaded_file($_FILES['file']['tmp_name'], $path.$file_name_new);
I think you need to check if the user already exists before inserting (but I don't know the details of your project)
I am trying to copy an image from one folder to another. I feel that my paths are wrong, but I have tried so many path combinations that I am now unsure whether it is the problem.
I am trying to copy an image (if it exists) from the user_photos folder, into the profile_pics folder. Here are where they are located, as well as the script, known as, change_dp.php, which once called, will execute the copy().
www > user_data > user_photos > photos_are_here
www > user_data > profile_pics > photos_are_here
www > inc > change_dp.php
Here is change_dp.php:
$all_pics = mysqli_query ($connect, "SELECT * FROM user_photos WHERE username = '$username'");
$row_query = mysqli_fetch_assoc($all_pics);
$get_photo_owner = $row_query['username'];
$get_photo_id = $_GET['id'];
$get_pic_with_id = mysqli_query ($connect, "SELECT * FROM user_photos WHERE id = '$get_photo_id'");
$row_query2 = mysqli_fetch_assoc($get_pic_with_id);
$img_url = $row_query2['img_url'];
$file = $img_url;
$arrPathInfo = pathinfo($file);
$shortened_url = $arrPathInfo['basename'];
if (file_exists($file)) {
copy("../../" . $file, "../../profile_pics/" . $shortened_url);
}
$pro_pic_change = mysqli_query($connect, "UPDATE users SET profile_pic='$shortened_url' WHERE username = '$username'") or die ($connect);
header("Location: /photos/$get_photo_owner");
Just to illustrate the issue more:
User uploaded photos (which are stored in user_photos) are stored in there full path in my database, for example, if Alice uploads a file called alice.jpg, it will be stored as user_data/user_photos/alice.jpg. This is why I have varible $shortened_url which will only get the base name of the file i.e. get the alice.jpg from user_data/user_photos/alice.jpg. I need the $shortened_url because column profile_pics in the database holds just the base name of the image, not the full path.
With the if statement, I am trying to get the basename of the image, see if an image with the same name in my user_photos file exists, and if it does, copy it into the profile_pics folder and set the basename to profile_pics column via an UPDATE statement. The UPDATE statement works fine, the image name does change in the database, but the image just doesn't copy over, which corrupts the image since it cant find it in the profile_pics folder.
What I have tried:
copy($file, "../profile_pics/" . $shortened_url);
copy("../../" . $file, "../../profile_pics/" . $shortened_url);
copy($file, "user_data/profile_pics/" . $shortened_url);
None which work.
Edit:
Here's what I want the code to do:
Lets assign values to $file for an example:
$file = user_data/user_photos/alice.jpg
See if an image with the name of $file exists in the user_photos folder.
If there is a file with the name of alice.jpg in the folder, then copy that image into the profile_pics folder.
That's it.
You could use __DIR__ magic constant and then based on that you can go to upper levels in the directory hierarchy, by using realpath() function or even dirname() function. This way it will be less confusing and less error prone.
E.g.:
$upOneLevel = realpath(__DIR__."../");
$upTwoLevels = realpath(__DIR__."../../");
So to access your file you shoud use:
$fileRealPath = $upOneLevel."/".$file;
$fileRealDestination = $upOneLevel."user_data/profile_pics/".$shortened_url;
I also recommend to update the data in the DB only if the file exists and the copy command executes successfully:
if (file_exists($fileRealPath)) {
if(copy($fileRealPath, $fileRealDestination)) {
//TODO db logic here
} else {
//TODO error handling here
}
} else {
//TODO error handling here
}
I am building a forum with php and MySQL and I want to append current time to each image that users upload for their profile. I used time() function on each image file uploaded and it worked for the image file but I have trouble inserting the new filename into the database. I wanted to give each image a unique name to prevent override.
OK here is what I did: I stored the current time as $time and the filename in a variable, $photo and I tried to insert that variable’s value using $photo .= $time into the database so it has the filename as I did with each uploaded image. However the original filename is inserted into the database in every attempt.
Any workarounds?
$image = $_FILES['photo']['name'];
$time = time();
$image .= $time;
delete the existing photo
delete(image_dir/$row['current_photo.jpg']);
//does not work, but i want something like that
if(move_uploaded_file($_FILES['photo']['tmp_name'], 'image_dir/$image') {
$query = "INSERT INTO profile (user_id, profile_photo) VALUES($id, $image)";
mysqli_query($dbc, $query);
if(mysqli_affected_rows($dbc) == 1) {
echo "added to the database!";
}else {
echo "failed to add photo to the database";
}
}else {
echo "failed to upload photo";
}
how can i give the uploaded image unique the name since the original image name gets inserted in the database in every try i make?
i know the code looks funny :). just want to show the logic.
If you need a unique id, you can use the uniqid function
$name=uniqid();
you may need to use
$filename=uniqid();
I am trying to update images in my upload folder and mysql database the file uploads giving the file name 0.jpg instead of the normal persons id 13.jpg and does not update in mysql database, here is my snippet below what am i doing wrong?
$pic = mysql_real_escape_string(htmlspecialchars($_FILES['photo']['name']));
//This gets all the other information from the form
$pic=($_FILES['photo']['name']);
$file = $_FILES['photo']['name']; // Get the name of the file (including file extension).
$ext = substr($file, strpos($file,'.'), strlen($file)-1);
if(!in_array($ext,$allowed_filetypes))//check if file type is allowed
die('The file extension you attempted to upload is not allowed.'); //not allowed
if(filesize($_FILES['photo']['tmp_name']) > $max_filesize) //check that filesize is less than 50MB
die ('The file you attempted to upload is too large, compress it below 50MB.');
// Connects to your Database
mysql_connect("localhost", "root", "") or die(mysql_error()) ;
mysql_select_db("office") or die(mysql_error()) ;
//Writes the information to the
$target = "images/" .mysql_insert_id() . $ext;
$staff_id = mysql_insert_id();
$new_file_name = mysql_insert_id() . $ext;
//I removed ,photo='$target' to display only id as picture name
mysql_query("UPDATE development SET photo='$new_file_name' WHERE staff_id=$staff_id");
//Writes the file to the server
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
{
//Tells you if its all ok
echo "The file ". basename( $_FILES['photo']['name']). " has been uploaded, and your information has been added to the directory";
}
else {
//Gives and error if its not
echo "Sorry, there was a problem uploading your file.";
}
?>
Instead of this
$staff_id = mysql_insert_id();
$new_file_name = mysql_insert_id() . $ext;
//I removed ,photo='$target' to display only id as picture name
mysql_query("UPDATE development SET photo='$new_file_name' WHERE staff_id=$staff_id");
do something like thus
mysql_query ("INSERT INTO development (photo) VALUES ( '".$new_file_name."' )");
//first insert
$staff_id = mysql_insert_id() ;
// then get the id of the record you've just inserted
Firstly, you're using the mysql_* functions, which are deprecated as of 5.5.
Secondly, you need to look at the manual page for mysql_insert_id. Quote:
Retrieves the ID generated for an AUTO_INCREMENT column by the
previous query (usually INSERT).
This means that you can only call mysql_insert_id() AFTER you've inserted data into or updated your users/persons table. In your case, however, it seems as though you already have the ID of the person stored in the variable $staff_id, so you probably don't even need to use mysql_insert_id. Would this not work instead?
$target = "images/" . $staff_id . $ext;
I have the following code that is used to load user images from a database when their information is displayed.
I was attempting to write it in a way in which it would check if the user already has an image tied to their user id in the database and if so, would leave the image alone and if not, would display a "missing.jpg"/default user image.
I've tried the following, but right now it seems the code is overwriting existing images and replacing them with the missing.jpg image and I don't know why.
I'd appreciate somebody taking a look and showing me why that is.
//Images
$thisScript = $_SERVER["SCRIPT_FILENAME"];
$dirName = dirname($thisScript);
$relative_path = "images/headshots/".$this->id.".jpg";
$missing_path = "images/headshots/missing.jpg";
$full_path = $dirName . "/" . $relative_path;
//if(file_exists($relative_path))
//if(file_exists($_FILES['uploadedfile']['name']))
if(basename( $_FILES['uploadedfile']['name']) != '' /*and (file_exists($_FILES['uploadedfile']['name']))*/)
{
$this->process_headshot_file($relative_path, $full_path);
}
else
{
//$this->process_headshot_file($missing_path, $full_path);
$query = "UPDATE hraps SET headshot_filename = '".$_SESSION['missing_headshot_image']."' WHERE id = ".$this->id;
$result = mydb::cxn()->query($query);
}
Thank you in advance for your help.
Your if statement here:
if(basename( $_FILES['uploadedfile']['name']) != '')
is only going to work when there's something in $_FILES
Since you say you want to display an image when their information is displayed, that's probably not going to trigger very often, so the else is going off instead.
I don't think you need to do anything more complicated than this:
$image = "images/headshots/missing.jpg";
if(file_exists($relative_path)) {
$image = $relative_path;
}
$full_path = $dirName . "/" . $image;
$this->process_headshot_file($image, $full_path);