php image upload

pixelsoul

I am new to php. I have been using some of the php functions in DW to do alot of stuff (I know it is lame but I actually learn html that way to see what code it out puts for what I want to do ;-)
I have a Sql DB that has products in it (it is not a shopping cart just a list of products to display) and I want to be able to have a image upload for the items in the DB but DW does not really have any tutorials on how to build one of those with the current functions it has and I do not want to pay for a plugin to make it (probably doesn't work well anyway).

I am not afraid to get my hands a little dirty but I just don't have the basic under standing of how it works to code my own.

Right now I have a page that is for adding a new item and it has all the fields that I need for the DB tables and all the text will go to the correct tables in the DB but I just don't have the script implemented to for the upload pictures field. I have to fields one for the full size pic and one for the thumb (not using GD).

I guess what I am asking is, is there an easy way for me to implement this. Can anyone help by giving me a script that I could put in or perhaps a tutorial on how to implement it?

I know this question is a little general but I really have no clue on where to begin with it. I though it would be easier then it is turning out.

Skull

http://www.spoono.com had a tutorial on uploading images into a database last time I checked

HTH

pixelsoul

Hey Thanks! I will check it out. Much appreciated 😉

stenk

Hi hope this helps you. It did help me to get my head around it.

This script thanks to WROX

The following outlines all the necessary steps needed to upload a file to a DB and then view the same file using a browser. I've used MySQL here, but this can work with any DB.

1.) Set up the MySQL table

CREATE TABLE files (
id INT( 11 ) NOT NULL AUTO_INCREMENT ,
file MEDIUMBLOB NOT NULL ,
mime VARCHAR( 50 ) NOT NULL ,
PRIMARY KEY ( id )
);

2.) Write HTML/PHP

Basically only two fields are required to upload a file, a 'file' input field, and a 'MAX_FILE_SIZE' hidden field. The latter isn't really required, but will prevent the user from trying to upload a file that is too large on the client-side. This can be easily circumvented by the user and should be accompanied by server-side file validation. It accepts a file size in Bytes, I have set this to accept a file of 10000 bytes, or roughly 10KB. One attribute must also appear in the form tag to trigger the browser to upload data, and that is: enctype='multipart/form-data'.

The following should be pretty straight forward:

<?php

//upload2db.php

if (!isset($_POST['do_action']))
{
    echo "<html>\n",
         "    <head>\n",
         "        <title>UPLOAD TO DATABASE</title>\n",
         "    </head>\n",
         "    <body>\n",
         "        <form action='{$_SERVER['PHP_SELF']}' method='post' enctype='multipart/form-data'>\n",
         "            <input type='file' name='userfile' />\n",
         "            <input type='hidden' name='MAX_FILE_SIZE' value='10000' />\n",
         "            <input type='submit' name='do_action' value='Upload' />\n",
         "        </form>\n",
         "    </body>\n",
         "</html>";
}
else
{
    // You may also use if (is_uploaded_file($_FILES['userfile']['tmp_name']))
    // IMO using if isset is an identical test

    if (isset($_FILES['userfile']['tmp_name']))
    {
        // In this line I'm examining the file size and the MIME type of the file
        // to verify that the file is in the acceptable size range and is a jpeg
        // image.  MIME type testing isn't foolproof, it is possible to spoof this.
        // The size testing, however, is not spoofable.

        if (($_FILES['userfile']['size'] <= 10000) && ($_FILES['userfile']['type'] == 'image/jpeg' || $_FILES['userfile']['type'] == 'image/pjpeg'))
        {
            // Make a database connection here!
            $link = mysql_connect('localhost', 'user', 'pass');
            mysql_select_db('test', $link);

            // file_get_contents() PHP >= 4.3.0
            if (function_exists('file_get_contents'))
            {
                $file = addslashes(file_get_contents($_FILES['userfile']['tmp_name']));
            }
            else
            {
                // If using PHP < 4.3.0 use the following:
                $file = addslashes(fread(fopen($_FILES['userfile']['tmp_name'], 'r'), filesize($_FILES['userfile']['tmp_name'])));
            }

            if (!mysql_query("INSERT INTO `files` VALUES(null, '{$file}', '{$_FILES['userfile']['type']}')", $link))
            {
                // do database error reporting here...
                echo 'Upload failed: Unable to insert image into database.';
            }
            else
            {
                // Show a link to the image and display the image.

                // This function retrieves the last value set for the auto-increment field
                $id = mysql_insert_id();

                echo "Upload successful! <a href='viewdbfile.php?id={$id}' target='_blank'>Click here to view the file!</a><br /><br />\n";
                echo $_FILES['userfile']['name'].":\n<br />";
                echo "<img src='viewdbfile.php?id={$id}' style='border: 1px solid black; display: block; margin: auto;' /><br />\n";
            }
        }
        else
        {
            echo 'Upload failed: File must be a JPEG file type and 10KB or less in size';
        }
    }
    else
    {
        echo 'Upload failed: A valid file has not been uploaded!';
    }
}
?>

The following is the viewer script for the database stored file. This script will do everything necessary to mimick the file. For instance, if the file is an image the call to header will trigger the browser to treat the contents as an image using the Content-type header and a valid MIME type. The MIME type of the file is sort of a universal method of easily identifying file contents.

<?php
    // viewdbfile.php

// if passing the ID via GET
if (isset($_GET['id']))
{
    $id = $_GET['id'];
}

$link = mysql_connect('localhost', 'user', 'pass');
mysql_select_db('test', $link);

// Make SELECT query
$data = mysql_fetch_array(mysql_query("SELECT `file`, `mime` FROM `files` WHERE `id` = '{$id}'", $link), MYSQL_ASSOC);

// Set the content type header
header('Content-type: '.$data['mime']);

// Also notice that I am not stripping the slashes,
// Doing so may corrupt data in certain file types,
// while you may need to do so for others.
echo $data['file'];
?>