designing an Image table

lukeurtnowski

Well I would think the Image table would have 3 fields

Name, Image_name, Image_size.

The Name field would hold the Primary Key from the other table

The Image_name would be a unique field

and the Image_size would be the size of the image in Bytes (how do I get this?)

How do I set up the table? In my form, I have up to 10 possible image uploads. The names of the 10 file input buttons are Image[0], Image[1], ..., Image[9] and how do I create a loop to run though each of the possible uploads (10) and create an INSERT statement to insert the 3 fields?

Thanks...

rulian

Your database should be designed for what it needs to do, not just what it needs to hold.

So CAN you structure your database like that, sure,
SHOULD you? it depends on the relationship between the images and the rest of yoru content.

if you are uploading multiple images, each file field should have a unique name, each name will be available (if the upload is successful) as a $FILES array
you can cicle through each file by

$UploadDir="mydirectory/"; 
while($file=each($_FILES))
{
$rand_name=md5(substr(md5(rand(1000,9999)), 0, 6)); 
// some sort of random name 
/// get the extension 
$ext = substr($file["name"], strrpos($file["name"], "."), strlen($file["name"])); 


//// check for override
while(is_file($UploadDir.$rand_name.$ext))
{
$rand_name=md5(substr(md5(rand(1000,9999)), 0, 6)); 
}

///you need copy the files from the temporary folder to it's permanent directory
if (move_uploaded_file($file["tmp_name"], $UploadDir.$rand_name.$ext))
{
$SQL = "INSERT INTO `mytables` (`Name`, `Image_name`,`Image_size`)
VALUES (NULL, '".$UploadDir.$rand_name.$ext."','".$file["size"]."')";  

if (!mysql_query($SQL)) die(mysql_error()); 
}
else echo "Error uploading file ".$file["name"]; 


}

this is an off the top of my head thing, it can be greatly tightened and secured and streamlined, but it should give you an idea of how i'm going through each on of the $_FILES array to upload the file and enter it into my database

rulian

look at example 3
http://us.php.net/manual/en/features.file-upload.php

lukeurtnowski

thanks

lukeurtnowski

I get this error
Warning: Invalid argument supplied for foreach() in /home/luke/public_html/request.php on line 151
on

foreach ($_FILES['image'] as $index => $image) {
  $sql = sprintf("insert imagetable values ('%s', '%s', %s)"
           , mysql_real_escape_string($_POST['Name'][$index])
           , mysql_real_escape_string($image['name'])
           , (int)$image['size']);
}

$_POST['Name'] is the name that image is associated with, up to 10 images would be associated with the same name, what is the point of ['index']?
what would $image['name'] be?

benracer

does it work - are there any errors displayed?

lukeurtnowski

Here is the error

Parse error: syntax error, unexpected T_ELSE in /home/luke/public_html/request.php on line 171
Heres my code!

$uploaddir = "/images/ASP_Images/".$Name;
echo $uploaddir;
echo "<p>";
echo "<fieldset>";
echo "<legend>Here are your uploaded pictures (thumbnail version)</legend>";  

// Obtain file upload vars
foreach ($_FILES["images"]["error"] as $key => $error) {
    if ($error == UPLOAD_ERR_OK) {
        $tmp_name = $_FILES["pictures"]["tmp_name"][$key];
        $name = $_FILES["pictures"]["name"][$key];
        move_uploaded_file($tmp_name, $uploaddir);
	    $sql = sprintf("insert imagetable values ('ID', 'Name', Size)"
           , mysql_real_escape_string($_POST['Name'][$index])
           , mysql_real_escape_string($image['name'])
           , (int)$image['size']);

echo $sql;
mysql_query($sql) or die(mysql_error());
echo '<img src="' . $uploaddir. '" alt="' . $Name . '" style="float: left; height: 100px; padding: 10px"/>';
}
} else {
 echo "Possible file upload attack!\n";
}
echo "</fieldset></p>";

lukeurtnowski

I sort of fiddled around with your code and...
Here is the error
Warning: Invalid argument supplied for foreach() in /home/luke/public_html/request.php on line 157
Heres my code!

$uploaddir = "/images/ASP_Images/".$Name;
echo $uploaddir;
echo "<p>";
echo "<fieldset>";
echo "<legend>Here are your uploaded pictures (thumbnail version)</legend>"; 

// Obtain file upload vars
foreach ($_FILES["images"]["error"] as $key => $error) {
    if ($error == UPLOAD_ERR_OK) {
        $tmp_name = $_FILES["pictures"]["tmp_name"][$key];
        $name = $_FILES["pictures"]["name"][$key];
        move_uploaded_file($tmp_name, $uploaddir);
        $sql = sprintf("insert imagetable values ('ID', 'Name', Size)"
           , mysql_real_escape_string($_POST['Name'][$index])
           , mysql_real_escape_string($image['name'])
           , (int)$image['size']);

echo $sql;
mysql_query($sql) or die(mysql_error());
echo '<img src="' . $uploaddir. '" alt="' . $Name . '" style="float: left; height: 100px; padding: 10px"/>';
} else {
 echo "Possible file upload attack!\n";
}
}
echo "</fieldset></p>";

lukeurtnowski

I made a bunch of fixes and got an error I'm stuck on
(screenshot)

Here's the php

$uploaddir = "/images/ASP_Images/".$Name;
echo "<p>";
echo "<fieldset>";
echo "<legend>Here are your uploaded pictures (thumbnail version)</legend>";  

// Obtain file upload vars
foreach ($_FILES["Image"]["error"] as $key => $error) {
    if ($error == UPLOAD_ERR_OK) {
        $tmp_name = $_FILES["Image"]["tmp_name"][$key];
        $name = $_FILES["Image"]["name"][$key];
        move_uploaded_file($tmp_name, $uploaddir);
	    $sql = sprintf("insert into IMAGE values ('ID', 'Name', 'Size')"
           , mysql_real_escape_string($_POST['Name'][$index])
           , mysql_real_escape_string($Image['name'])
           , (int)$Image['size']);

echo $sql;
mysql_query($sql) or die(mysql_error());
echo '<img src="' . $uploaddir. '" alt="' . $Name . '" style="float: left; height: 100px; padding: 10px"/>';
} else {
 echo "Possible file upload attack!\n";
}
}

rulian

couple of things, first make sure you have write permission ot the directory you are uploading to.

second, where are these variables coming from?:
$_POST['Name'][$index]
$Image['name']

I dont think you can be certain that if you also have an array with a post value that the indexes will sync up

lukeurtnowski

ok
$_POST['Name'][$index]

I'm kind of curious as to this myself, Name is the name of a text field in the form (Its going to be a foreign key of the IMAGE table as itr will be the unique identifier) So do I need to have [$index]?

$Image['name']

Since i'm holding all the images in an Image[] array and isnt that in a loop and will point to any image uploaded?

rulian

I dont know how you are submitting the variables so I cant say if the index is neccesary,
i dont see where you set the $image variable

and check on your file upload permissions, you are getting multiple file upload attacks because your condition in the if statement isnt passing

benracer

Set your folder permissions to 777