Okay I know I just asked a question about this but now I have it uploading the image to the data base and tried to re do some things to get the text to go in there I added everything back in for the first name but it dosnt seem to be making its way back any help would be amazing thank you btw this community is awesome.
<html>
<head>
<title>Upload an image</title>
</head>
<body>
<form action="UploadContent.php" method="POST" enctype="multipart/form-data">
<p>FirstName:</p><input type="FirstName" name"FirstName"/>
<p>File:</p><input type="file" name="image">
<input type="submit" value="Upload">
</form>
<?php
// connect to database
include"config.php";
// file properties
$FirstName = $_POST['FirstName'];
$file = $_FILES['image']['tmp_name'];
if (!isset($file))
echo "Please select a profile pic";
else
{
$image = addslashes(file_get_contents($_FILES['image']['tmp_name']));
$image_name = addslashes($FILES['image']['name']);
$image_size = getimagesize($_FILES['image']['tmp_name']);
if ($image_size==FALSE)
echo "That isn't a image.";
else
{
$insert = mysql_query("INSERT INTO content VALUES ('".$FirstName."','','','','','','','','','$image_name','$image')");
}
}
?>
</body>
</html>
I changed my insert code as follows
$insert = mysql_query("INSERT INTO content (FirstName, LastName, Gender, City, State, BirthMonth, BirthDay, BirthYear, ProfileUrl, ProfilePicName, ProfilePic) VALUES ('".$FirstName."','".$LastName."','".$Gender."','".$City."','".$State."','".$BirthMonth."','".$BirthDay."','".$BirthYear."','".$ProfielUrl."','$image_name','$image')");
because I was trying to get this youtube video to help but still no luck
http://www.youtube.com/watch?v=xAkunfiZwYQ
Well, whether you get your answer or not but i am not agree with your approach of storing images into database, you may (not may have to) store them in a file system, and the path in database, that will be the correct way to do. here is an good stack post to read Storing images
Related
Is it possible to upload images/files by sending the POST or REQUEST, parameters in the URL without HTML content?
I created a PHP file that gets a image from my someone, stores that file into the database, and a in a folder on my computer. It works fine but what I want to do now is remove the html content and only allow someone to send the images/files via the URL. I tried using $_GET but I received a lot of errors. I also researched this and read that only $_POST will work.
Here is my PHP source code with HTML but keep in mind, "I want the page blank and the only way for someone to send the images/files is through URL".
PHP:
if(isset($_POST['submit'])){
if(#getimagesize($_FILES['image']['tmp_name']) ==FALSE){
// Select an image
echo "Please select an image.";
}
else{
// THE PATH TO STORE THE UPLOAD IMAGE
$target = "images/".basename($_FILES['image']['name']);
//CONNECT TO DATABASE
$db = mysqli_connect("localhost", "root", "");
mysqli_select_db($db, "magicsever");
if(mysqli_connect_error()){
die ("Database connection error");
}
//GET ALL THE SUBMITTED DATA
$image = $_FILES['image']['tmp_name'];
$name = $_FILES['image']['name'];
//Store te submitted data to database
$sql = "INSERT INTO image_test (name, image)VALUES ('$name','$image')";
$query = mysqli_query($db, $sql);
//Now lets move the uploaded image into the folder
$nullResult = array();
$nullResult['Image'] = (move_uploaded_file($_FILES['image']['tmp_name'], $target))? "Successful": "Unsuccessful";
echo json_encode($nullResult);
}
}
HTML:
<form action="index.php" method="post" enctype="multipart/form-data">
<input type="file" name="image">
<br></br>
<input type="submit" name="submit" value="Upload">
</form>
$_POST['']; Parameters come from the usually the form that has the method set to POST, like yours has, that input type you have (file, named image) will be returned has $_POST['image'], $_REQUEST on the other hand is the "GET" method, it works in the same way, the only difference is it's not secure and it comes in the url. I would recommend using POST to be honest. Also use PDO because your code is vulnerable to SQL injection. (mentioned by Alex Howansky)
I have a already functioning form that INSERT data into a db, i also have 4x file inputs for images, the form then adds all data, uplaods images and renames images to match the next ID and adds a random end to the filename.
this all works as intented
but i now need the filename(s) to be added to the database, sometimes the form will have 1x imaghe sometimes 4x images but im not sure how to store the filenames in the db from the below code. can anyone help? i assume the array needs to be broken down to individual filenames but not sure how to do it.
<?php
if(isset($_POST['submit'])){
// Variables for date&Time logs
$dateLog = date("y-m-d"); // DATE OF ADDITION
$timeLog = date("H:i:s", time() - 3600); // TIME OF ADDITION
// INSERT QUERY
$sql="INSERT INTO $table1 (firstname, lastname, companyname, phone, email, name, make, serial, catagory, price, location, description, sold, operational, year, clear, rip, version, service, dock, loading, available, extras, dateadded, featured)
VALUES ('$_POST[firstname]','$_POST[lastname]','$_POST[companyname]','$dateLog','No')";
$query = mysql_query($sql) or die("Cannot query the database.<br>" . mysql_error());
// start of image upload
$insert_id = mysql_insert_id() or die("Unable to get insert id for image name.<br>" . mysql_error());
extract($_POST);
$error=array();
$extension=array("jpeg","jpg","png","gif");
foreach($_FILES["files"]["tmp_name"] as $key=>$tmp_name)
{
$file_name=$_FILES["files"]["name"][$key];
$file_tmp=$_FILES["files"]["tmp_name"][$key];
$ext=pathinfo($file_name,PATHINFO_EXTENSION);
if(in_array($ext,$extension))
{
if(!file_exists("../images/listings/".$txtGalleryName."/".$file_name))
{
$filename=basename($file_name,$ext);
$newFileName=$insert_id."_".mt_rand(1, 99999).".".$ext;
move_uploaded_file($file_tmp=$_FILES["files"]["tmp_name"][$key],"../images/listings/".$txtGalleryName."/".$newFileName);
}
else
{
$filename=basename($file_name,$ext);
$newFileName=$filename.mt_rand(1, 99999).".".$ext;
move_uploaded_file($file_tmp=$_FILES["files"]["tmp_name"][$key],"../images/listings/".$txtGalleryName."/".$newFileName);
}
}
else
{
array_push($error,"$file_name, ");
}
}
// end of image upload
echo '<p>This item was added successfully</p>';
}
?>
and my form;
1: Upload : <input type="file" name="files[]"/><br />
2: Upload : <input type="file" name="files[]"/><br />
3: Upload : <input type="file" name="files[]"/><br />
4: Upload : <input type="file" name="files[]"/><br />
appreciate any help :)
you can use $rename_var = rand('111111','999999'); and prepend it before the file name like $new_changed_name = $rename_var.$_FILES['files']['name']; and then use this name while saving the file in folder like so .. move_uploaded_file('tmp_name','path/'.$new_changed_name);
and insert this $new_changed_name new name into database.
I was able to develop a code in enabling users to freely upload images, while the pictures would be stored to the MySql database. But I also would like to add to the php and mysql code image categories where before uploading the image, users can select from ether category- All, People, Cities, Nature and Others then click submit. How do I add that to my php code and mysql table? See my original code below:
<?php
$dbCnn = mysql_connect('', '', '');
mysql_select_db('', $dbCnn);
if(isset($_POST) and $_SERVER['REQUEST_METHOD'] == "POST") {
$image = addslashes(file_get_contents($_FILES['file']['tmp_name']));
$insStr = "INSERT INTO imagedata(id, image) VALUES ('', '{$image}')";
mysql_query($insStr);
}
Don't store images in database because it's useless. Instead of this, store in database only path to file and file save on server.
So...
<form action="" method="post" enctype="multipart/form-data">
<input type="file" name="file">
<select name="category">
<option>Nature</opton>
<option>People</option
</select>
</form>
<?php
if(isset($_POST['category']) && isset($_FILES['file']['tmp_name'])){
//mysql connect etc
move_uploaded_file($_FILES['file']['tmp_name'], path/where/to/save/file);
mysql_query("INSERT INTO table VALUES('{$_FILES['file']['name']}', '{$_POST['category']}')");
}
Hello I am here yet again with another problem.
As I followed a tutorial I tried to save images to my database. It all worked fine and dandy with no error messages but for some reason the image refuse the get stored. Nothing show up at all!
<html>
<body>
<form action="test.php" method="POST" enctype="multipart/form-data">
<input type="file" name="image"><input type="submit" name="submit" value="Upload" />
</form>
<?php
if(isset($_POST['submit'])) {
mysql_connect("localhost","root","") or die("Could not find database!");
mysql_select_db("Image") or die("Could not find database!");
$imageName = mysql_real_escape_string($_FILES["image"]["name"]);
$imageData = mysql_real_escape_string(file_get_contents($_FILES["image"]["tmp_name"]));
$imageType = mysql_real_escape_string($_FILES["image"]["type"]);
if(substr($imageType,0,5) == "image") {
mysql_query("INSERT INTO 'blob' VALUES ('','$imageName','$imageData')");
echo "File uploaded!";
}
else
{
echo "Only images are allowed!";
}
}
?>
</body>
</html>
Database:
id, name, image:
int(Auto increment), varchar(40), mediumblob(because of the size)
The only odd thing about this is that "file_get_contents" is blacked out(I use notepad++).
Otherwise I don't see whats wrong, I have checked guides and whatnot but the thing is that I need to use this method in another form that have a large amount of information stored(15 fields including a description). I am still very new to this and its hard to know what to keep and how to write the best way. But anyway if you can help me it would be awesome.
If you have any questions regardning anything or just some tips just comment.
Your table name blob should be surrounded by back-ticks, not apostrophes.
However, I recommend that you change the name of this table to something that is not a reserved word in MySQL.
I want to get this image uploading script right, but for whatever reason it doesn't like the description input. It was working perfectly before I added the description input and I can't think of what might be wrong because it looks fine. My code doesn't like the description input in the form, what is wrong? Thanks for the help!
HTML Form
<h1>Image Gallery</h1>
<form enctype="multipart/form-data" action="upload.php" method="POST">
Please choose a file: <input name="uploaded" type="file" /><br />
Description: <textarea maxlength="255" name="description" id="description"></textarea><br />
<input type="submit" value="Upload" />
</form>
PHP Code (There is code before this but it doesn't matter)
$userid = mysql_real_escape_string($_SESSION['UserID']);
$imageid = mysql_real_escape_string($i);
$image = mysql_real_escape_string($rename);
$description = mysql_real_escape_string($_POST['description']);
$registerquery = mysql_query("INSERT INTO imageupload (UserID, ImageID, Image, Description) VALUES('".$userid."', '".$imageid."', '".$image."', '".$description."')");
if($registerquery) {
header( 'Location: manage.php' ) ;
}
else {
echo "<h1>Error</h1>";
echo "<p>Sorry, an error occured. Please go back and try again.</p>";
}
What datatype is the column for description?
Replace your current query with:
$description = mysql_real_escape_string(strip_tags(stripslashes($_POST['description'])));
$register = "INSERT INTO imageupload (UserID, ImageID, Image, Description) VALUES('$userid', '$imageid', '$image', '$description')";
$registerquery = mysql_query($register) or die (mysql_error());
if($registerquery) {
header( 'Location: manage.php' ) ;
}
else {
echo "<h1>Error</h1>";
echo "<p>Sorry, an error occured. Please go back and try again.</p>";
}
Maybe the description you insert contains strange characters for db like ";' and so on...?
In case escape the description you get from post with your database php library escaping function... This is also a good practice to avoid sql injection
If you use mysql: http://www.php.net/manual/en/function.mysql-real-escape-string.php
Try replacing
$description = $_POST['description'];
with
$description = mysql_real_escape_string($_POST['description']);
Print out the query and try run it on the mysql command line interface, does it give an error?
you're not cleaning the description string so open to injection there too.