need help with php upload

mikewooten

question about php upload
i am a student working on a project for school and i am creating an administration section for an e-commerce website.
i have an upload script that uploads images onto my server. the only problem is that it won't insert the images into my database. i would like the images to be uploaded to a webpage so that you can view the images once they are uploaded. what else would i have to add to the script to make this work?
here is the code that i am using for the html form and the php upload script.

this is the HTML form

Choose a product category <br>

Choose product items to add to your product pages <br>
<input type="hidden" name="<?echo '$txtCatID';?>">
<select name="txtprodItems" id="select">
<option alue="Guitars" SELECTED>Guitars</option>
<option value="Drums">Drums</option>
<option value="Amps">Amps</option>
<option value="Books">Books</option>
</select>
<br>

item name<br>
<input type="text" name="txtItemName"><br>

item description<br>
<input type="text" name="txtItemDesc"><br>

item price<br>
<input type="text" name="txtItemPrice"><br>
upload image<br>
<INPUT TYPE="HIDDEN" NAME="MAX_FILE_SIZE" VALUE="800000">
<INPUT TYPE="HIDDEN" NAME="action" VALUE="1">

</form>

This is the php upload script




<?php 

 $submit = $_POST['submit']; 
      if(isset($submit)){ 

// This page will list all of the items 
// from the items table. Each item will have 
// a link to add it to the cart   
//can use action="$_SERVER['PHP_SELF']" 

include("db.php"); 

// Get a connection to the database 
$cxn = @ConnectToDb($dbServer, $dbUser, $dbPass, $dbName); 


        $txtCatID = $_POST['txtCatID']; 
        $txtprodItems = $_POST['txtprodItems']; 
        $txtItemName = $_POST['txtItemName']; 
        $txtItemDesc = $_POST['txtItemDesc']; 
        $txtItemPrice = $_POST['txtItemPrice']; 
        $txtItemImage = $_POST['txtItemImage']; 




   $theSQL = "insert into items (prodItems, catid, itemName, itemDesc, itemPrice, ItemImage)"; 
   $theSQL = $theSQL . " values ('$txtprodItems', '$txtCatID', '$txtItemName', '$txtItemDesc', '$txtItemPrice', '$txtItemImage')"; 


//echo  $theSQL; 
    $result = mysql_query($theSQL);  

    echo "<br><br>"; 
    echo "Thanks, the items have been added to category<br><br>"; 
    echo "  

    The items that you have add to the category are: 
    <br><BR> 
    Product Items: $txtprodItems <br> 
    Cat Id:  $txtCatID <br> 
    Item Description: $txtItemDesc <br> 
    Item Price: $ $txtItemPrice <br> 
    Item Image: $txtItemImage <br> 



";  


   } 
else 
{ 
echo "sorry";  

     } 

echo "<br><br><a href='showprod2.php'>go to products page</a>"; 
 ?> 






<?php if ($HTTP_POST_VARS['action']) { ?>  

<P><FONT FACE="Arial, Helvetica, sans-serif"><FONT SIZE="+1">File Upload 
    Results</FONT><BR><BR> 
<?php  

$uploadpath = '/home/username/public_html/folder1/folder2/';  

$source = $HTTP_POST_FILES['txtItemImage']['tmp_name']; 
$source_name = $HTTP_POST_FILES['txtItemImage']['name']; 
$source_size = $HTTP_POST_FILES['txtItemImage']['size']; 
$source_type = $HTTP_POST_FILES['txtItemImage']['type']; 
$source_error = $HTTP_POST_FILES['txtItemImage']['error'];  
$dest = '';  
 echo "$upload_tmp_dir"; 
if ( ($source != 'none') && ($source != '' )) {  

    $imagesize = getimagesize($source);  


    switch ( $imagesize[2] ) {  

        case 0:  

            echo '<BR> Image is unknown <BR>'; 
            echo "<BR><A HREF='upload.php'>Back</A><br> ";  
            break;  

        case 1:  
            echo '<BR> Image is a GIF <BR>';  
            echo 'Image uploaded!!';  
            echo "<BR><A HREF='upload.php'>Back</A><br> "; 
            $dest = $uploadpath.uniqid('img').'.gif';  
            break;  

        case 2:  
            echo '<BR> Image is a JPG <BR>';  
            echo 'Image uploaded!!';  
            echo "<BR><A HREF='upload.php'>Back</A><br> "; 
            $dest = $uploadpath.uniqid('img').'.jpg';  
            break;  

        case 3:  
            echo '<BR> Image is a PNG <BR>';  
            echo 'Image uploaded!!'; 
            echo "<BR><A HREF='upload.php'>Back</A><br> "; 
            $dest = $uploadpath.uniqid('img').'.png';  
            break;   
    }  






 if ($source_type = 'text/plain') 
  { 
    echo 'YAY hurray The file was uploaded! DUH!!!'; 

  } 

// put the file where we'd like it 
  $upfile = $uploadpath . $source_name; 

// is_uploaded_file and move_uploaded_file added at version 4.0.3 
  if (is_uploaded_file($source))  

  { 
     if (!move_uploaded_file($source, $upfile)) 
     { 
        echo 'Problem: Could not move file to destination directory'; 
        exit; 
     } 
  }  

  else  

  { 
    echo 'Problem: Possible file upload attack. Filename: '.$source_name; 
    exit; 
  } 



    if ( $dest != '' ) {  
//exit; 
            if ( move_uploaded_file( $source, $dest ) ) {  

            echo 'File successfully stored.<BR>';  

        } else {  

            echo '.<BR>';  

        }  

    }   

} else {  

    echo 'File not supplied, or file too big.<BR>';  

}  

?>  

<BR><A HREF="upload.php">Back</A> 
</FONT></P> 
</BODY> 
</HTML> 
<?php } else { ?>  

<!-- File Upload Form HTML Code Here --> 
<?php }  

echo "<br>"; 
echo $imagesize;  

echo "<br>"; 
echo $source; 
echo "<br>"; 
echo $dest; 
echo "<br>";    



// reformat the file contents 
  $fp = fopen($upfile, 'r'); 
  $contents = fread ($fp, filesize ($upfile)); 
  fclose ($fp); 

  $contents = strip_tags($contents); 
  $fp = fopen($upfile, 'w'); 
  fwrite($fp, $contents); 
  fclose($fp); 
// show what was uploaded 
  echo 'Preview of uploaded file contents:<br /><hr />'; 
  echo $contents; 
  echo '<br /><hr />'; 

?>

lazzerous

dood... you're trying to insert an actual image into the db... you can't do that.

I would suggest reading this article.

If you honestly want to store the image in the database, you'll have to break it down to hex or binary first, when then insert it into a giant blob field or something...

you could try this:
(I'm not guaranteeing this code will werk - i just pulled it out of my butt)

<?
if (!isset($file) || $file == "")
	{
?>
      <table width=350 cellpadding=0 cellspacing=0 border=0>
        <tr>
          <td align="center">Please select an image to upload.<br><br></td>
        </tr>
        <tr>
          <td align="center"><input type="file" name="file"  size="40"><br><br></td>
        </tr>
        <tr>
          <td align="center"><input type="submit" name="submit" value="Continue"></td>
        </tr>
      </table>
<?
	}
else
	{
	$image_types = Array ("image/jpeg",
                              "image/pjpeg",
                              "image/gif");

$file  = addslashes (fread (fopen ($_FILES["file"]["tmp_name"], "r"), filesize ($_FILES["file"]["tmp_name"])));
$file_name = $_FILES["file"]["name"];
$file_size = $_FILES["file"]["size"];
$file_type = $_FILES["file"]["type"];

if (in_array (strtolower ($file_type), $image_types))
	{
	$sql = "INSERT INTO pics (image_type, image, image_size, image_name, image_date) ";
	$sql.= "VALUES (";
	$sql.= "'{$file_type}', '{$file}', '{$file_size}', '{$file_name}', NOW())";
	mysql_query ($sql);
	}
}
?>

-=Lazz=-