what i am trying to do is when an admin tries to create a new product to upload to the server an image of that and as it's name to be the product id.jpg. I have searched google with no result. The code seems to be right. Can someone help me please? I am using lamp as local test server.
<?php
// Parse the form data and add inventory item to the system
if (isset($_POST['product_name'])) {
$product_name = mysql_real_escape_string($_POST['product_name']);
$price = mysql_real_escape_string($_POST['price']);
$details = mysql_real_escape_string($_POST['details']);
$category = mysql_real_escape_string($_POST['category_choice']);
$condition= mysql_real_escape_string($_POST['condition']);
$supplier_choice= mysql_real_escape_string($_POST['supplier_choice']);
$handling_time= mysql_real_escape_string($_POST['handling_time']);
$weight= mysql_real_escape_string($_POST['weight']);
$information_box= $_POST['information'];
$pid = mysql_insert_id();
// Place image in the folder
$newname = "$pid.jpg";
move_uploaded_file( $_FILES['my_photo']['tmp_name'], "../inventory_images/$newname");
header("location: products.php");
exit();
}
?>
<form action="add_product.php" enctype="multipart/form-data" name="my_Form" id="my_Form" method="post">
<tr>
<td>Φωτογραφία</td>
<td>
<label>
<input type="file" name="my_photo" id="my_photo"/>
</label>
</td>
</tr>
<tr>
<td> </td>
<td>
<label>
<input type="submit" name="button" id="button" value="Αποθήκευση" />
</label>
</td>
</tr>
</table>
</form>
As you said, you are using lamp, check for the permission for the directory in which you are uploading file. In addition, also check for the permission for all the folder that you have mentioned in the destination path.
The directory and all the directory in the path, in which you are uploading file must have write permission.
If move_uploaded_file does not work then try out copy function.
Also check for the path where you are uploading is correct.
I think you'll have better luck getting answers if you thin down your code to contain only portions that are relevant to the problem. You'll probably see the answer to your own question after you do this.
For example, is the file being successfully uploaded? If not, then the mysql_xxx code and most of your form is irrelevant for your question.
Related
i'm trying to save an image uploaded with a HTML form on my localhost server (working with Xampp), but although there are no errors, the file isn't saved anywhere.
This is the form, really simple:
<form id="form1" action="result.php" method="post" enctype="multipart/form-data">
Select image to upload:
<input type="file" name="imguploaded" id="imguploaded" accept=".png, .jpg, .jpeg"></br>
<input class="btn btn-outline-danger btn-lg" id="inputbtn" type="submit" value="Upload Image" name="submit">
</form>
and this is the PHP code (on result.php):
<?php
$result=false;
$error=false;
if (isset($_FILES['imguploaded'])){
$nomefile = strtolower($_FILES['imguploaded']['name']);
$path = "caricamenti/$nomefile";
move_uploaded_file($_FILES['imguploaded']['name'], $path);
echo($path);
}
?>
the path exists and it is in the same folder of the .PHP files.
In move_uploaded_file($_FILES['imguploaded']['name'], $path); the first parameter isn't correct. It should be the temporary path where php stored it intermediatly, which you find in $_FILE['imguploaded']['tmp_name'].
So change that line to
move_uploaded_file($_FILES['imguploaded']['tmp_name'], $path);
relevant docs
Be sure to:
sanitize filename & extention first
check for allowed mimetypes, size, ..
Right now I could easily upload a php script and execute that.
Try this:
$file_name= $_FILES['imguploaded']['name'];
$file_tmp_name= $_FILES['imguploaded']['tmp_name'];
$div= explode('.',$file_name );
$file_txt= strtolower(end($div));
$unique_image= substr(md5(time()),0,10).".".$file_txt;
$uploaded_image= "caricamenti/".$unique_image;
move_uploaded_file($file_tmp_name,$uploaded_image);
I have this code where I can upload images. Previously, I'm having trouble changing the path/directory of the folder. And its working fine now. I have the correct path inside my database and also the image is being saved into the correct folder.
My coding :
<table id="details" height="100">
<tr>
<td>Select Image </td>
<td> : </td>
<td><input type="file" name="image" class="ed"></td>
</tr>
</table>
if (!isset($_FILES['image']['tmp_name']))
{
echo "";
}
else
{
$file=$_FILES['image']['tmp_name'];
$image= addslashes(file_get_contents($_FILES['image']['tmp_name']));
$image_name= addslashes($_FILES['image']['name']);
$location= $_SERVER['DOCUMENT_ROOT'] . '/ehars/photo/';
move_uploaded_file($_FILES["image"]["tmp_name"], $location . $_FILES["image"]["name"]);
$save=mysql_query("INSERT INTO photo (location,emp_id) VALUES ('$location','$emp_id')");
}
Path in my db :
Image saved in the folder :
However, when I try to view the picture inside the folder, I cannot view it. It says like in the photo below. Is there something wrong with my code? Or do I need to enable something so that I can view my photo? Thank you.
Try uploading a .jpg file instead of a .png. Or using another photo viewer program.
There is/was a problem with Photo Viewer not loading .png files
See this for a possible solution
Based on the discussion in the comments. I am sharing the code what I use to upload an image(save to a dir).I also didn't understood why you are using addslashes(). Sorry about this!
Basically what I do is -
created dir in my project folder
Created an unique name for the file to store so that conflict does not happen
This is my html form where I get the file from the User.
<form role="form" method="post" action="save_blog.php" enctype="multipart/form-data">
<div class="form-group">
<label class="control-label col-sm-2" for="pwd">Image</label>
<div class="col-sm-2">
<input type="file" class="filestyle" name="image_upload" data-input="false" id="file_name"><label id="name_of_image_file"></label>
</div>
</div>
</form>
And my save_blog.php looks like this.
$temp = explode(".",$_FILES["image_upload"]["name"]);
$unique_name_of_image = date('y-m-d') . "_".$user_id ."_".rand(1,9999)."." .end($temp);
$file_location = "$target_dir".$unique_name_of_image;
if (move_uploaded_file($_FILES["image_upload"]["tmp_name"], $file_location)) {
//this prints the location of the file stored
#echo "$target_dir".$unique_name_of_image; echo "<br>";
#$insert_blogs_with_image --> this is my insert string
save_to_database($insert_blogs_with_image);
} else {
#echo "Sorry, there was an error uploading your file.";
}
Hope this will help to solve the problem. If this didn't help then use the sample tutorial shown by the W3schools
I write the php to upload file and scan the directory to show them as links, the scaning directoy works well I can see the text files I created in the directory, but I just can not move the local file to the desired directory .No file shows up after execution.
I think the problem may contain in this line:
move_uploaded_file($_FILES["file"]["tmp_name"],"/var/www/BlueTapeLogin/upload".$_FILES["file"]["name"]);
What I really want is to upload the image to the directory in /var/www/BlueTapeLogin/upload
and my php file lives in /var/www/BlueTapeLogin/upload_image.php
How can I change the code to make things work? Thanks in advance.
Please see my full code:
<html>
<head>
<?php
try
{
if (!empty($_POST["delete"])){
$delete=$_POST["delete"];
echo"we have the command delete this file:";
echo $delete;
$file = "upload/".$delete;
echo "/n***************";
echo "you want delete :";
echo $file;
echo "***************";
if (!unlink($file))
{
echo ("Error deleting $file");
}
else
{
echo ("Deleted $file");
}
}else{}
}catch(Exception $e)
{
echo 'Message: ' .$e->getMessage();
}
?>
<?php
move_uploaded_file($_FILES["file"]["tmp_name"],"/var/www/BlueTapeLogin/upload".$_FILES["file"]["name"]);
?>
<?php
$dir=scandir("/var/www/BlueTapeLogin/upload") ;
for($j=0;$j<count($dir);$j++){
echo $dir[$j];
echo"\n";
$target = $dir[$j]; // This is the file that already exists
$link = $dir[$j]; // This the filename that you want to link it to
echo "".$link."";
}
?>
</head>
<body>
<form action="upload_image.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<input type="submit" name="submit" value="Submit"><br>
<label for="file">Delete</label>
<input type="text" name="delete" id="delete"><br>
<input type="submit" name="submit" value="Submit">
</form>
logout
</body>
</html>
You're missing a directory separator between upload and the filename, it should be:
move_uploaded_file($_FILES["file"]["tmp_name"],"/var/www/BlueTapeLogin/upload/".$_FILES["file"]["name"]);
The permissions you show say that only root can write into that directory, and but the webserver is probably using a userid like www-user. You need to change the ownership of the directory to the webserver userid. This will have to be done by the server administrator.
More likely, there's another directory that the webserver is already allowed to write into. The server administrator should be able to tell you what directory to use.
Check user permission to upload in that directory and try to make it simple. Just simply upload a file to other directory see it is working or not than check your code go one by one step.
Check return values check whether a warning is issued
Return Values
Returns TRUE on success.
If filename is not a valid upload file, then no action will occur, and move_uploaded_file() will return FALSE.
If filename is a valid upload file, but cannot be moved for some reason, no action will occur, and move_uploaded_file() will return FALSE. Additionally, a warning will be issued.
I am trying to upload selected image file into my ftp server on 1and1. I am not able to upload the file.
I have created folder called "uploadimages".
I have created a html form which has the following:
<form action="add.php" method="POST" enctype="multipart/form-data">
<div class="logo">
<label for="logoname" class="styled">Upload Logo (jpg / png):</label>
<div class="logofield">
<input type="file" id="logo" name="logo" size="30"/>
</div>
</div>
<input type="submit" value="Upload" name="submit" id="submit"/>
</form>
I have also create a php file which has the following:
<?php
$imagepic = $_FILES["logo"]["name"];
echo $imagepic;
$tempimgloc = $_FILES["logo"]["tmp_name"];
echo $tempimgloc;
$errorimg = $_FILES["logo"]["error"];
echo $errorimg;
if($errorimg > 0)
{
echo "<strong> <font size='18'>There was a problem uploading your Logo. Please try again!</font></strong>";
echo "<BR>";
}
else
{
move_uploaded_file($tempimgloc, "uploadimages/".$imagepic);
}
?>
ECHO printed results are:
1. Filename = testimage.png
2. Temp directory = /tmp/phpHvewUP
3. Error = 0
But they are not getting uploaded..
Where could I go wrong here?
Let me know!
You need to give access to your folder. Try this, chmod 777 uploadimages.
chmod 777 uploadimages
WRITING PERMISSION was the issue. Thanks Shapeshifter!
i don't know why file is not uploaded in database.
i am tried to check this method why file is not uploaded.
this method is used a lots of time. and worked successfully at every time.
if any mistake please correct it.
<?php
//database connection successfully worked.
$manu = $_POST['manu'];
if(isset($_POST['img_submit']))
{if($_FILES['file']['name']<>"")
{$file =time().'_'.$_FILES['file']['name'];
if (!copy($_FILES['file']['tmp_name'],"file/".$manu))
{$message = "Invalid File type.Upload only JPEG and GIF files";}
if(move_uploaded_file($_FILES['file']['tmp_name'], $manu)) {$msg2 = "The file ". basename( $_FILES['file']['name']). " has been uploaded";}
else{$msg3 = "There was an error uploading the file, please try again!";} }
echo $query = "insert into upload_image (upload_img) values('".$manu."')";
mysql_query($query) or die (mysql_error());
}?>
<form name="form" action="" method="post" enctype="multipart/form-data">
<table width="100%" border="0" cellspacing="4" cellpadding="5">
<tr><td align="center" colspan="2"> <b>Upload Image</b></td></tr>
<tr>
<th width="50%"> Image Url :</th>
<td width="50%"> <input type="file" name="manu" value="" /></td>
</tr>
<tr><td align="center" colspan="2"><input type="submit" name="img_submit" value="Upload Image" /></td></tr></table></form>
You so don't want to have this code on your server.
<?php
//database connection successfully worked.
$manu = $_POST['manu'];
...
if(move_uploaded_file($_FILES['file']['tmp_name'], $manu)
This basically means that if I have control of my browser (I have), I can send along a file with a fake MIME type and a full path of my choice in $_POST['manu'], and your server will save this file in any folder I want where it has write access to, without checking.
Just suppose I were to upload evil_haxxor_skr1pt.php with a MIME type of image/jpeg somewhere where your server code might find it, and execute it on my behalf...
Fr starters, you use the copy() function and move_uploaded_file(). Don't use the copy()! That's a big security breach!
If you want to save in the DB you need to use something like the file_get_contents() to get all the contents of the file, then you just use that data directly into the DB like you did with the $manu variable.
Don't forget to filter the input.
By the way, don't use the mysql_* functions, use mysqli_* functions. mysql_* are already too old and outdated.