Reputation: 1273
Store path to uploaded Image in database
I'm trying to add a path of an uploaded image to the database in order to use it to display it as a thumbnail for a post. I found a tutorial and I used this code to upload the image. However it gets to the else statement and I just get the exit("Error While uploading image on the server"); I have a form to collect the data:
<form action='' method='post' enctype="multipart/form-data">
<p><label>Title</label><br />
<input id="title-input" type='text' name='postTitle' value='<?php if(isset($error)){ echo $_POST['postTitle'];}?>'></p>
<p><label>Description</label><br />
<textarea id="textarea" name='postDesc' cols='20' rows='5'><?php if(isset($error)){ echo $_POST['postDesc'];}?></textarea></p>
<p><label>Content</label><br />
<textarea name='postCont' cols='20' rows='5'><?php if(isset($error)){ echo $_POST['postCont'];}?></textarea></p>
<p><label>Image</label><input type="file" name="uploadedimage">
</p>
<input type='submit' name='submit' value='Submit'>
<input type='reset' name='submit' value='Reset'>
</form>
<?php include 'add-post-handler.php' ?>
And here is the code I used to upload the image:
function GetImageExtension($imagetype)
{
if(empty($imagetype)) return false;
switch($imagetype)
{
case 'image/bmp': return '.bmp';
case 'image/gif': return '.gif';
case 'image/jpeg': return '.jpg';
case 'image/png': return '.png';
default: return false;
}
}
if (!empty($_FILES["uploadedimage"]["name"])) {
$file_name=$_FILES["uploadedimage"]["name"];
$temp_name=$_FILES["uploadedimage"]["tmp_name"];
$imgtype=$_FILES["uploadedimage"]["type"];
$ext= GetImageExtension($imgtype);
$imagename=$_FILES["uploadedimage"]["name"];
$target_path = "../img/".$imagename;
if(move_uploaded_file($temp_name, $target_path)) {
$query_upload="INSERT INTO blog_images (imgPath) VALUES
('$target_path')";
mysqli_query($link, $query_upload) or die("error in $query_upload == ----> ".mysql_error());
}else{
exit("Error While uploading image on the server");
}
}
PS: I also have some doubts on how can I get the imageID to be related with the postID considering that are both submitted from the same form.(I made a relation between the two tables but it's on the primary keys so I'm not sure if it's correct)
Thanks for your help!
Upvotes: 1
Views: 125
Answers (3)
Reputation: 1273
Thanks everyone for answering. In the end I got it. I found that the problem was with the php.ini settings. This is the link that helped me -> Why would $_FILES be empty when uploading files to PHP?. Thanks PaulF for posting it. The problem was that the limit for uploading files was just 2MB or something like that. For everyone having the same issues make sure you check that link and check this settings in your php.ini file.
file_uploads = On
post_max_size = 100M
upload_max_filesize = 100M
Upvotes: 0
Reputation: 498
Looking at the Code:
move_uploaded_file returns FALSE on two premises (stated in the PHP Docs):
If filename is not a valid upload file, then no action will occur, and move_uploaded_file() will return FALSE.
If filename is a valid upload file, but cannot be moved for some reason, no action will occur, and move_uploaded_file() will return FALSE. Additionally, a warning will be issued.
My best guess is, with the information you provided:
- Your path is not writeable by your application/webserver, so it won't be moved
Make sure the application (the webserver) can write in your path: '../img/' by issuing a chmod to give the directory the correct rights for the webserver user.
Security Advice (not related to question):
Your application has in this state a potential SQLi in $target_path. You should think about using prepared statements
Your form writes POST Data directly to output. This leads to XSS. You should always encode special characters in your output.
Make sure, only images can be uploaded and scripts can't be executed in this '../img' path. Somebody could exploit your upload to upload a script and execute it.
easiest way to prevent SQLi in this case would be hashing the imagename and setting the extension with the $ext variable:
[...]
$ext=GetImageExtension($imgtype);
if($ext === FALSE) {
exit("Couldn't determine the filetype correctly. Please upload pictures only.");
}
$imagename=md5($_FILES["uploadedimage"]["name"].time()).$ext;
$target_path = "../img/".$imagename;
[...]
The time() is only included, so somebody can upload pictures with the same name.
Upvotes: 1
Reputation: 23
you could always give your images a specific class that you know directs to all images you want to thumbnail and apply a CSS rule/code that will automatically make them img-thumbnail.
<div class="imgT">
then set your CSS thumbnail
Upvotes: 0
Related Questions
- How can I get the sizes of the tables of a MySQL database?
- How can I get the size of a MySQL database?
- How do I rename a MySQL database (change schema name)?
- Reference Guide: What does this symbol mean in PHP? (PHP Syntax)
- How do I connect to a MySQL Database in Python?
- Return a PHP page as an image
- How do I get the value of $_FILES['uploadtFile']['error'] on a PHP form?