Uploading multiple images and storing the image name in a variable for later use

blackbox

Hi a,,

I need to upload multiple images and at the same time store each image name in to a variable for later use.

This is what I have so far:

if(isset($_FILES['files'])){



$WebDir = ucfirst($_POST['StockNo']);
$WebImagePath = "../item_images/web/".$WebDir."/";

$errors= array();
foreach($_FILES['files']['tmp_name'] as $key => $tmp_name ){
	$file_name = $key.$_FILES['files']['name'][$key];
	$file_size =$_FILES['files']['size'][$key];
	$file_tmp =$_FILES['files']['tmp_name'][$key];
	$file_type=$_FILES['files']['type'][$key];	
    if($file_size > 2097152){
		$errors[]='File size must be less than 2 MB';
    }		


$desired_dir = 'item_images/web/'.$WebDir;

    if(empty($errors)==true){
        if(is_dir($desired_dir)==false){
            mkdir("$desired_dir", 0700);
        }
        if(is_dir("$desired_dir/".$file_name)==false){
            move_uploaded_file($file_tmp,"$desired_dir/".$file_name);
        }else{
            $new_dir="$desired_dir/".$file_name.time();
             rename($file_tmp,$new_dir) ;				
        }
	 mysql_query($query);			
    }else{
            print_r($errors);
    }
}
if(empty($error)){
	echo "Success";
}
}

Can anyone please help with how I can do this.

Many thanks in advance.

sneakyimp

Could you be more specific about your goals? Uploaded images each have two names associated with them: name and tmp_name. Name is the name of the original file and this value is sent from the user's browser. As with all user input, this value is not to be trusted and you should take care to validate/sanitize it before attempting to store files directly on your server using this name.

Tmp_name is the temporary file's name on your server where your web server has put the file so that you can retrieve the file and do whatever with it.

EDIT: I have not checked this code and suspect that you are incorrectly referring to the contents of $FILES. If you want to get a better idea of the structure of this $FILES array then you might try [man]var_dump[/man] to inspect it.

sneakyimp wrote:
If you want to store either in a variable, you are already doing this for both names:
$file_name = $key.$_FILES['files']['name'][$key];
$file_tmp =$_FILES['files']['tmp_name'][$key];

Perhaps you could be clearer about what you mean by 'for later use?'

blackbox

Hi Sneakyimp.

Thanks for your reply.

After the iamge files have been uploaded I then need to write the file names in to a MyQSL data record which is why I wanted to save the file names in to variable. Or am I going about this the wromg way?

sneakyimp

At this point, I don't know enough about what you are trying to accomplish to provide very much guidance. I would encourage you to start by taking a look at the $FILES array to see how it's organized:

var_dump($_FILES["files"]);

Once you see how it is structured, you should have a better idea of what kind of data you are looking at. As I mentioned in my last post, I think your loop is not constructed properly. Are you getting any errors with your code?

There are a handful of coding practices in this script that look a little suspect to me. For example, you define where you are going to put these images by letting the user specify the path via $POST["StockNo"]:

	$WebDir = ucfirst($_POST['StockNo']);
	$WebImagePath = "../item_images/web/".$WebDir."/";

Since $_POST data comes from user input, you should validate/sanitize/filter that data before you simply start writing files in some arbitrary location or you might find that hackers are over-writing important files on your server.

This code also looks pretty confused to me:

            if(is_dir($desired_dir)==false){
                mkdir("$desired_dir", 0700);
            }
            if(is_dir("$desired_dir/".$file_name)==false){
                move_uploaded_file($file_tmp,"$desired_dir/".$file_name);
            }else{
                $new_dir="$desired_dir/".$file_name.time();
                 rename($file_tmp,$new_dir) ;				
            }
		 mysql_query($query);

In particular, you throw in mysql_query in there and you haven't bothered to define $query or even connect to a database. $desired_dir is defined from unfiltered/unvalidated user input as I just described, and you are also relying on user input for $file_name which could be anything under the sun and is also not safe.