File Upload.... Help Please?

mat21

Hi,

Glad i found this forum dedicated to PHP 🙂

First i would like to say hello to everyone.

I am relatively new to PHP, and am enjoying learning it althou i am still confused over some things like loops, for, foreeach etc. Oh boy, they certainly test your knowledge.

anyhow,

Basically over past few months since learning php i have built a fully blown website with a complete registration system, admin centre etc.

I basically have a webpage on my site that shows other websites, basically the code below allows me to submit persons information to db (for my reference only) and sends the picture of persons website to a path on server.

After submitting the form i will be making another page that displays all the website descriptions from DB along with the image.

Problem i am not understanding or knowing what or how to do it is.

When information is submitted to db and image is sent along to the path on server, how can i program it so i know which picture belongs to which website description?

In my DB i have:

`id` varchar(200) NOT NULL,
  `fullname` varchar(90) NOT NULL,
  `emailaddress` varchar(50) NOT NULL,
  `websiteaddress` varchar(100) NOT NULL,
  `websitedescription` varchar(3000) NOT NULL,
  `date_time` varchar(100) NOT NULL,
  PRIMARY KEY  (`id`)

now when i program the script to send persons info into the DB above it will also send the image to the path on server. But i need to try and think how i link the information from database to the picture that was submitted with form.

I have searched Google like no tomorrow but there seems to be a million ways of acheiving this, and most are either outdated or just completely confusing.

Only thing i could think of was to create a random number and use the random number for the picture name, and send that random number also to the DB so when i retrieve webstie description and image the image name will match random number in DB, in simple terms there would be a link.

Sorry if i sound confusing here is what i done so far, i was thinking creating a random string like

$randomid  = md5($websiteaddress) . mt_rand() . mt_rand();

that way it will be unique.

thanks for any help you could / can provide.

Mat


<?php @include ("../includes/top.inc"); ?>
<?php @include("../includes/db_connect.php"); // Database Connection ?>
<?php adminonly(); ?>

<?php

// handle the form.
if ( isset($_POST['submitted'] ) )
 {

if ( isset( $_FILES[ 'upload' ] ) )
{

	// file extensions that is allowed

	$allowed_extensions = array
	(
		'image/pjpeg',
		'image/jpeg',
		'image/jpg',
		'image/gif'
	);

	// maximum file size that is allowed

	$max_allowed_file_size = 102400;

	// uploads directory
	$upload_directory = $_SERVER['DOCUMENT_ROOT'] . 'webbuilder/websites_created_with_webbuilder_wysiwyg_editor/';


	// do a check and if file extension is not in the $allowed_extensions show an error.
	if ( !in_array( $_FILES[ 'upload' ][ 'type' ], $allowed_extensions ) )
	{
		echo "<p><span class=\"error\">Only <b>.jpg</b> and <b>.gif</b> files are allowed</span></p>";
		$err++;
	}
	// do a check and if file size is greater than $max_allowed_file_size show an error.
	if ( $_FILES[ 'upload' ][ 'size' ] > $max_allowed_file_size )
	{
		echo "<p><span class=\"error\">The file size is to large. The maximum file size is <b>100KB</b></span></p>";
		$err++;
	}

	// get data from form
	$name = $_POST[ 'name' ];
	$emailaddress = mysql_escape_string(htmlspecialchars(stripslashes(strip_tags($_POST[ 'emailaddress' ] ))));
	$websiteaddress = mysql_escape_string(htmlspecialchars(stripslashes(strip_tags($_POST[ 'websiteaddress' ] ))));
	$websitedescription = mysql_escape_string(htmlspecialchars(stripslashes(strip_tags($_POST[ 'websitedescription' ] ))));

	// check data for errors etc
	if (empty($_POST['name'])) {
		echo "<p><span class=\"error\">Name is required</span></p>"; 
		$err++;
	}
	if (empty($_POST['emailaddress'])) {
		echo "<p><span class=\"error\">Email address is required</span></p>"; 
		$err++;
	}
	if (!filter_var($_POST['emailaddress'], FILTER_VALIDATE_EMAIL)) {
		echo "<p><span class=\"error\">Email address is not a valid format</span></p>"; 
		$err++;
	}
	if (empty($_POST['websiteaddress'])) {
		echo "<p><span class=\"error\">Website adress is required</span></p>"; 
		$err++;
	}
	if (!filter_var ($_POST['websiteaddress'], FILTER_VALIDATE_URL)) {
		echo "<p><span class=\"error\">Website url is not a valid format</span></p>";
		$err++;
	}
	if (strlen($_POST['websitedescription']) < 5) {
		echo "<p><span class=\"error\">Website description required</span></p>"; 
		$err++;
	}
}


if ( $err == 0 )
{

	// move file over
	if ( move_uploaded_file( $_FILES[ 'upload' ][ 'tmp_name' ], $upload_directory . $_FILES['upload'] ['name'] ) )
	{
		echo "<h2> File Uploaded!</h2> <br /><br /><p>File uploaded succesfully!</p>";
		redirect( "websites_created_with_webbuilder_upload.php", "5" );
		@include ("../includes/footer.inc");
		exit;

	} else {
		echo "<p><span class=\"error\">Unable to upload File!</span></p>";

	}

}

}
?>

<h2> Upload File </h2> <br /><br />

<form method="post" action="websites_created_with_webbuilder_upload.php" enctype="multipart/form-data">

<table width="100%" border="0">
  <tr>
    <td>Name:</td>
    <td>:</td>
    <td><input type="text" name="name" maxlength="90" value="<?php if(isset($_POST["name"])) { echo htmlspecialchars($_POST["name"]); } ?>" /></td>
  </tr>
  <tr>
    <td>Email address</td>
    <td>:</td>
    <td><input type="text" name="emailaddress" maxlength="50" value="<?php if(isset($_POST["emailaddress"])) { echo htmlspecialchars($_POST["emailaddress"]); } ?>" /></td>
  </tr>
  <tr>
    <td>Website address</td>
    <td>:</td>
    <td><input type="text" name="websiteaddress" maxlength="100" value="<?php if(isset($_POST["websiteaddress"])) { echo htmlspecialchars($_POST["websiteaddress"]); } ?>" /></td>
  </tr>
  <tr>
    <td>Website Description</td>
    <td>:</td>
    <td><textarea name="websitedescription" cols="50" rows="5"><?php if(isset($_POST["websitedescription"])) { echo htmlspecialchars($_POST["websitedescription"]); } ?></textarea></td>
  </tr>
  <tr>
    <td>Select File</td>
    <td>:</td>
    <td><input type="file" name="upload"></td>
  </tr>
  <tr>
    <td><input type="hidden" name="MAX_FILE_SIZE" value="102400"></td>
    <td><input type="hidden" name="submitted" value="TRUE"></td>
    <td><input type="submit" value="Upload File"></td>
  </tr>
</table>

</form>

<?php @include ("../includes/footer.inc"); ?>

mat21

Hi,

I updated my code now to check image width, height etc and added the mysql query etc.

Basically i need to know how you developers link an image uploaded with a form, form data is in DB and image is in a folder on server,

so how do i link the image that was submitted with form data that is is stored in DB?

i need this because i need to display the website description from DB along with the image that was uploaded and submitted with form.

Thanks
Mat

Here is my new code:

<?php @include ("../includes/top.inc"); ?>
<?php @include("../includes/db_connect.php"); // Database Connection ?>
<?php adminonly(); ?>

<?php

// handle the form.
if ( isset($_POST['submitted'] ) )
 {

if ( isset( $_FILES[ 'upload' ] ) )
{

	// file extensions that is allowed

	$allowed_extensions = array
	(
		'image/pjpeg',
		'image/jpeg',
		'image/jpg',
		'image/gif'
	);

	// maximum file size that is allowed

	$max_allowed_file_size = 102400;

	// uploads directory
	$upload_directory = $_SERVER['DOCUMENT_ROOT'] . 'webbuilder/websites_created_with_webbuilder_wysiwyg_editor/';

	// get image size
	list($width, $height) = getimagesize($_FILES[ 'upload' ][ 'tmp_name' ]);

	// maximum image width and height
	$max_width = 180;
	$max_height = 180;

	// check width and height
	if ($width > $max_width || $height > $max_height) {
		echo "<p><span class=\"error\">Image size is larger than $max_width pixels in width and $max_height pixels in height</span></p>";
		$err++;
	}

	// do a check and if file extension is not in the $allowed_extensions show an error.
	if ( !in_array( $_FILES[ 'upload' ][ 'type' ], $allowed_extensions ) )
	{
		echo "<p><span class=\"error\">Only <b>.jpg</b> and <b>.gif</b> files are allowed</span></p>";
		$err++;
	}
	// do a check and if file size is greater than $max_allowed_file_size show an error.
	if ( $_FILES[ 'upload' ][ 'size' ] > $max_allowed_file_size )
	{
		echo "<p><span class=\"error\">The file size is to large. The maximum file size is <b>100KB</b></span></p>";
		$err++;
	}

	// get data from form
	$name = $_POST[ 'name' ];
	$emailaddress = mysql_escape_string(htmlspecialchars(stripslashes(strip_tags($_POST[ 'emailaddress' ] ))));
	$websiteaddress = mysql_escape_string(htmlspecialchars(stripslashes(strip_tags($_POST[ 'websiteaddress' ] ))));
	$websitedescription = mysql_escape_string(htmlspecialchars(stripslashes(strip_tags($_POST[ 'websitedescription' ] ))));
	// Generate time
	$date = date('l d F Y');
	$time = date('g:i:s a');
	$date_time = $date . ' at ' . $time;

	// check data for errors etc
	if (empty($_POST['name'])) {
		echo "<p><span class=\"error\">Name is required</span></p>"; 
		$err++;
	}
	if (empty($_POST['emailaddress'])) {
		echo "<p><span class=\"error\">Email address is required</span></p>"; 
		$err++;
	}
	if (!filter_var($_POST['emailaddress'], FILTER_VALIDATE_EMAIL)) {
		echo "<p><span class=\"error\">Email address is not a valid format</span></p>"; 
		$err++;
	}
	if (empty($_POST['websiteaddress'])) {
		echo "<p><span class=\"error\">Website adress is required</span></p>"; 
		$err++;
	}
	if (!filter_var ($_POST['websiteaddress'], FILTER_VALIDATE_URL)) {
		echo "<p><span class=\"error\">Website url is not a valid format</span></p>";
		$err++;
	}
	if (strlen($_POST['websitedescription']) < 5) {
		echo "<p><span class=\"error\">Website description required</span></p>"; 
		$err++;
	}
}


if ( $err == 0 )
{
	// Generate random id for image - Currently not using $randomid until i figure how to link image with database details
	$randomid = md5( $websiteaddress ) . mt_rand(  ) . mt_rand(  );

	// Inset data into database
	$query = mysql_query( "INSERT INTO websites_created_with_webbuilder_information (fullname, emailaddress, websiteaddress, websitedescription, date_time )
	VALUES ('$name', '$emailaddress', '$websiteaddress', '$websitedescription', '$date_time')");

	// move file to selected path and check $query == true
	if ( move_uploaded_file( $_FILES[ 'upload' ][ 'tmp_name' ], $upload_directory . $_FILES['upload'] ['name'] ) && $query == true)
	{
		echo "<h2> File Uploaded!</h2> <br /><br /><p>File uploaded succesfully!</p>";
		redirect( "websites_created_with_webbuilder_upload.php", "5" );
		@include ("../includes/footer.inc");
		exit;

	} else {
		echo "<p><span class=\"error\">Unable to upload file and submit information to database.</span></p>";

	}

}

}
?>

<h2> Upload File </h2> <br /><br />

<form method="post" action="websites_created_with_webbuilder_upload.php" enctype="multipart/form-data">

<table width="100%" border="0">
  <tr>
    <td>Name:</td>
    <td>:</td>
    <td><input type="text" name="name" maxlength="90" value="<?php if(isset($_POST["name"])) { echo htmlspecialchars($_POST["name"]); } ?>" /></td>
  </tr>
  <tr>
    <td>Email address</td>
    <td>:</td>
    <td><input type="text" name="emailaddress" maxlength="50" value="<?php if(isset($_POST["emailaddress"])) { echo htmlspecialchars($_POST["emailaddress"]); } ?>" /></td>
  </tr>
  <tr>
    <td>Website address</td>
    <td>:</td>
    <td><input type="text" name="websiteaddress" maxlength="100" value="<?php if(isset($_POST["websiteaddress"])) { echo htmlspecialchars($_POST["websiteaddress"]); } ?>" /></td>
  </tr>
  <tr>
    <td>Website Description</td>
    <td>:</td>
    <td><textarea name="websitedescription" cols="50" rows="5"><?php if(isset($_POST["websitedescription"])) { echo htmlspecialchars($_POST["websitedescription"]); } ?></textarea></td>
  </tr>
  <tr>
    <td>Select File</td>
    <td>:</td>
    <td><input type="file" name="upload"></td>
  </tr>
  <tr>
    <td><input type="hidden" name="MAX_FILE_SIZE" value="102400"></td>
    <td><input type="hidden" name="submitted" value="TRUE"></td>
    <td><input type="submit" value="Upload File"></td>
  </tr>
</table>

</form>

<?php @include ("../includes/footer.inc"); ?>

johanafm

I'd recommend reading up on relational databases. Starting off with a wikipedia search on database normalization or database normal form should give you some useful information.

`id` varchar(200) NOT NULL,
  `websitedescription` varchar(3000) NOT NULL,
  `date_time` varchar(100) NOT NULL,

The (nnn) after varchar is the maximum amount of characters that can be stored in that field. varchar(200) can hold a varying amount of different charactes depending on character encoding of the field, but even assuming that only a-z was allowed, that's 200²⁵ possibilities. This allows for about 6e59 variations, and I doubt you'd anywhere near that many accounts. Even 9e10, or ten times earth's current population, would seem excessive 😉

Also, indexing and searching is more easily performed on integer data. This also lets you specify AUTO_INCREMENT, which automatically increases the id.
Also, comparing dates stored as strings might not give the desired result. Thus, I recommend using DATETIME instead, or even an INT UNSIGNED if storing it as UTC serves your purpose.

`id` INT UNSIGNED AUTO_INCREMENT NOT NULL,
  `date_time` DATE
  PRIMARY KEY  (`id`)

Also, you will need to keep track of the image in this table, so

`id` INT UNSIGNED AUTO_INCREMENT NOT NULL,
  `fullname` varchar(90) NOT NULL,
  `emailaddress` varchar(50) NOT NULL,
  `websiteaddress` varchar(100) NOT NULL,
  `websitedescription` varchar(3000) NOT NULL,
  `date_time` DATE,
   image_id INT UNSIGNED NOT NULL,
  PRIMARY KEY  (`id`),
  FOREIGN KEY(image_id) REFERENCES image(id)

And to keep track of your images, create a new table to hold images. On form upload, first you store the image on disk, then you store an entry in the db with information of the image. Use mysql_insert_id or mysqli::insert_id() to get the id of the newly inserted image.
Then proceed to insert data in the other table, and include the image id.

mat21

Hi,

thanks for the help.

Much appreciated.

Mat 😃