upload path to database

saunders1989

Hi, i am struggling to get this part before i tackle the next part. i have a upload form i have created (very simple just a browse and a upload button) when you click upload this code is run (shown below) but that stores the file in the database as a file using blob but what i would really like to do is upload the images to a this folder (http://localhost/Blean_Photos/images) and have the path stored in the database. i havent a clue on how to change my code i have now to do that. the next part would be to display the images but i would like to tackle one part at a time

thank you to anyone who could help

<?php
 // Check if a file has been uploaded
 if(isset($_FILES['uploaded_file'])) {
     // Make sure the file was sent without errors
     if($_FILES['uploaded_file']['error'] == 0) {
         // Connect to the database
         $dbLink = new mysqli('localhost', 'root', '', 'gallery');
         if(mysqli_connect_errno()) {
             die("MySQL connection failed: ". mysqli_connect_error());
         }

     // Gather all required data
     $name = $dbLink->real_escape_string($_FILES['uploaded_file']['name']);
     $mime = $dbLink->real_escape_string($_FILES['uploaded_file']['type']);
     $data = $dbLink->real_escape_string(file_get_contents($_FILES  ['uploaded_file']['tmp_name']));
     $size = intval($_FILES['uploaded_file']['size']);

     // Create the SQL query
     $query = "
         INSERT INTO `images` (
             `name`, `mime`, `size`, `data`, `created`
         )
         VALUES (
             '{$name}', '{$mime}', {$size}, '{$data}', NOW()
         )";

     // Execute the query
     $result = $dbLink->query($query);

     // Check if it was successfull
     if($result) {
         echo 'Success! Your file was successfully added!';
     }
     else {
         echo 'Error! Failed to insert the file'
            . "<pre>{$dbLink->error}</pre>";
     }
 }
 else {
     echo 'An error accured while the file was being uploaded. '
        . 'Error code: '. intval($_FILES['uploaded_file']['error']);
 }

 // Close the mysql connection
 $dbLink->close();
 }
 else {
     echo 'Error! A file was not sent!';
 }

 // Echo a link back to the main page
 echo '<p>Click <a href="member-index.php">here</a> to go back</p>';
 ?>

halojoy

Instead of file_get_contents()
you use
move_uploaded_file() to put the uploaded image into one folder of your choice.
http://php.net/manual/en/function.move-uploaded-file.php

Then you store the link to the image inside that folder in your database.
But I should prefer to store only image filename in database.
The path to your image directory you can set inside one config.php

This makes it easy to change what folder you put your images.
Without having to change, update any links in your database.

saunders1989

hi,

this is the code i changed it to and i get a parse error on (highlighted line). also how would i go about creating this config file?

thanks again for your help

$uploads_dir = 'http://localhost/Blean_Photos/images';
         $name = $dbLink->real_escape_string($_FILES['uploaded_file']['name']);
         $mime = $dbLink->real_escape_string($_FILES['uploaded_file']['type']);
         $data = [COLOR="Orange"]$dbLink->real_escape_string(move_uploaded_file($name,$uploads_dir);[/COLOR]
         $size = intval($_FILES['uploaded_file']['size']);

johanafm

http://se.php.net/manual/en/function.move-uploaded-file.php returns boolean, not string.

name contains the name from the client's computer. The filename on the server is in tmp_name. see http://se.php.net/manual/en/reserved.variables.files.php

saunders1989

could you explain in a little more detail about what i would have to do please as im not very good at php yet.

thank you

toxic_brain

u missed a closing bracket at the end. The line should be

$data = $dbLink->real_escape_string(move_uploaded_file($name,$uploads_dir));

johanafm

move_uploaded_file wrote:
bool move_uploaded_file ( string $filename , string $destination )
This function checks to ensure that the file designated by filename is a valid upload file (meaning that it was uploaded via PHP's HTTP POST upload mechanism). If the file is valid, it will be moved to the filename given by destination.

This function moves $filename to $destination. It returns boolean, true on success false on failure.

mysqli::real_escape_string wrote:
string mysqli::escape_string ( string $escapestr )

This function takes a string as paramter, but you feed it a boolean (as you can see from the description of move_uploaded_file).

More info from move_uploaded_file page.

move_uploaded_file wrote:
See Handling file uploads for a simple usage example

handling file uploads wrote:
Table of Contents
* [url=http://se.php.net/manual/en/features.file-upload.post-method.php]POST method uploads[/url]

post method uploads wrote:
The contents of $_FILES from the example form is as follows. Note that this assumes the use of the file upload name userfile, as used in the example script above. This can be any name.

$_FILES['userfile']['name']
The original name of the file on the client machine.
$_FILES['userfile']['type']
The mime type of the file, if the browser provided this information. An example would be "image/gif". This mime type is however not checked on the PHP side and therefore don't take its value for granted.
$_FILES['userfile']['size']
The size, in bytes, of the uploaded file.
$_FILES['userfile']['tmp_name']
The temporary filename of the file in which the uploaded file was stored on the server.
(...)

<?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.

$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";

?>

In this part

$uploads_dir = 'http://localhost/Blean_Photos/images';

$uploads_dir is a URI, but you want a server path: /path/to/webroot/Blean_Photos/images/

$data = $dbLink->real_escape_string(move_uploaded_file($name,$uploads_dir);

Looking at the name, this is nothing but a leftover from when you inserted the image as a blob. You don't need to deal with image data anymore.