Reputation: 137
Image name not inserted to Mysql Database after image resize and upload
I have written some codes to collect images, re-size, upload to two different folders and store the new name in a mysql database. Every other aspect of the code is working. The only issue i am having is that, the new name given to the image is not being stored in the datatbase. What i am getting is just a single digit. E.g rather than have the name of file uploaded as 1234_12345.jpg stored in the database, the file name stored is just say 1 or 3 etc.
Below is my form:
<form method="POST" id="adimageadd" action="<?php echo $editFormAction; ?>" name="adimageadd" enctype="multipart/form-data">
<div class="h1">Select Album:</div>
<select class="input-field-login2" id="albumselect" name="albumselect" required type="text" tabindex="1">
<option value="">Please Select</option>
<?php foreach ($result_album as $rs) { ?>
<option value="<?php echo $rs["alID"]; ?>"><?php echo $rs["alTitle"]; ?></option>
<?php } ?>
</select>
<input type="hidden" name="MAX_FILE_SIZE" value="" />
<input name="photo[]" type="file" required id="photo" size="26" multiple='multiple'/>
<button name="login" type="submit" id="login_submit" tabindex="3">Add Images</button>
<input type="hidden" name="form_insert" value="adimageadd">
</form>
And the php code is:
function getExtension($str) {
$i = strrpos($str,".");
if (!$i) { return ""; }
$l = strlen($str) - $i;
$ext = substr($str,$i+1,$l);
return $ext;
}
define ("MAX_SIZE","2048");
$errors=0;
$query_album = "SELECT alID, alTitle, alImage, alDesc FROM galbum ORDER BY alID DESC";
$result_album = mysqli_query($connKcla, $query_album);
$row_album = mysqli_fetch_assoc($result_album);
$totalRows_album = mysqli_num_rows($result_album);
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["form_insert"])) && ($_POST["form_insert"] == "adimageadd")) {
//get form details and check for sql injections and disable them
$albumRef = mysqli_real_escape_string($connKcla, $_POST['albumselect']);
$image = $_FILES["photo"]["name"];
$uploadedfile = $_FILES['photo']['tmp_name'];
$img = count($image);
for ($i = 0; $i < $img; $i++) {
if ($image){
$filename = mysqli_real_escape_string($connKcla, $image[$i]);
$extension = getExtension($filename);
$extension = strtolower($extension);
if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif"))
{
echo ' Unknown Image extension ';
$errors=1;
}
else
{
$size=filesize($_FILES['photo']['tmp_name'][$i]);
if ($size > MAX_SIZE*1024)
{
echo "Your image has exceeded the size limit of 2Mb. Click the back button on your browser to re-enter the right size of image";
$errors=1;
}
if($extension=="jpg" || $extension=="jpeg" )
{
$uploadedfile = $_FILES['photo']['tmp_name'][$i];
$src = imagecreatefromjpeg($uploadedfile);
}
else if($extension=="png")
{
$uploadedfile = $_FILES['photo']['tmp_name'][$i];
$src = imagecreatefrompng($uploadedfile);
}
else
{
$src = imagecreatefromgif($uploadedfile);
}
list($width,$height)=getimagesize($uploadedfile);
$newwidth=760;
$newheight=($height/$width)*$newwidth;
$tmp=imagecreatetruecolor($newwidth,$newheight);
imagecopyresampled($tmp,$src,0,0,0,0,$newwidth,$newheight,$width,$height);
$thumbnewwidth=250;
$thumbnewheight=($height/$width)*$thumbnewwidth;
$thumbtmp=imagecreatetruecolor($thumbnewwidth,$thumbnewheight);
imagecopyresampled($thumbtmp,$src,0,0,0,0,$thumbnewwidth,$thumbnewheight,$width,$height);
$set['photo'] = $image[$i];
$kaboom = explode(".", $image[$i]);
$pixExt = end($kaboom);
$photo = rand()."_".time().".".$pixExt;
$target = "../gallery/images/". $photo;
$thumbtarget = "../gallery/images/thumbs/". $photo;
imagejpeg($tmp,$target,100);
imagejpeg($thumbtmp,$thumbtarget,75);
imagedestroy($src);
imagedestroy($tmp);
imagedestroy($thumbtmp);
}
}
$stmt = $connKcla->prepare("INSERT INTO gimage (imImage, albumRef) VALUES ($photo[$i], $albumRef)");
$results = $stmt->execute();
$stmt->close();
if($results){
$updateGoTo = "confirm.php";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header("Location: ". $updateGoTo);
}else{
header("Location: error.php");
}
}
}
Please any help would be much appreciated.
Upvotes: 0
Views: 118
Answers (2)
Reputation: 137
Problem solved. I just changed the value part of the query from:
$stmt = $connKcla->prepare("INSERT INTO gimage (imImage, albumRef) VALUES ($photo[$i], $albumRef)");
to
$stmt = $connKcla->prepare("INSERT INTO gimage (imImage, albumRef) VALUES ('$photo', '$albumRef')");
Upvotes: 0
Reputation: 218828
This creates a string:
$photo = rand()."_".time().".".$pixExt;
This gets one character from that string:
$photo[$i]
Which you're storing in your database:
$stmt = $connKcla->prepare("INSERT INTO gimage (imImage, albumRef) VALUES ($photo[$i], $albumRef)");
If you want to store the whole string, just use the string itself and not the index of a specific character:
$stmt = $connKcla->prepare("INSERT INTO gimage (imImage, albumRef) VALUES ($photo, $albumRef)");
//^-- here
Additionally, you should probably start looking into using query parameters and prepared statements. While this code may coincidentally not currently be open to SQL injection if none of the input is from users, it's still difficult to guarantee that. And not being open to SQL injection is a good habit to get into in general.
Upvotes: 1