CODEWITHSUNDEEP
phpmysql
Muhammad Haseeb
Muhammad Haseeb

Reputation: 644

Filename stored on MYSQL is wrong for some reason

I am getting a error in link genrated when fetched is beign fetched from database image of error

here is code to fetching image

echo "<img src='uploads/$row[img].jpg' height='150px' width='300px'>";

below is the code of file to upload and store image in database

<?php
$servername = "localhost";
$dbUsername = "root";
$dbname = "property";
$dbPassword = "";
$location  = $_POST["location"];
$street = $_POST["street"];
$city = $_POST["city"];
$province = $_POST["province"];
$type = $_POST["type"];
$price = $_POST["price"];
$beds = $_POST["beds"];
$isforsale = $_POST["isforsale"];
$flag = "";
$last_id="";
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
    $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
    if($check !== false) {
        echo "File is an image - " . $check["mime"] . ".";
        $uploadOk = 1;
    } else {
        echo "File is not an image.";
        $uploadOk = 0;
    }
}
// Check if file already exists
if (file_exists($target_file)) {
    echo "Sorry, file already exists.";
    $uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 500000) {
    echo "Sorry, your file is too large.";
    $uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
    echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
    $uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
    echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
        echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
        $image=basename( $_FILES["fileToUpload"]["name"],".jpg");
        $conn = new mysqli($servername, $dbUsername, $dbPassword, $dbname);
        if ($isforsale=="false"){
            $flag = 0;
        }else{
            $flag = 1;
        }
        $sql = "INSERT INTO Property (Location, Street, City, Province, PStatus, PType,isForSale,Price,Beds, img)VALUES ('$location','$street','$city','$province',0,'$type','$flag','$price','$beds',' $image')";
        $retval = mysqli_query( $conn,$sql);
        $last_id = mysqli_insert_id($conn);
        session_start();
        $userid  = $_SESSION["id"];
        if ($retval === TRUE){
            $sql = "INSERT INTO OwnersProperty (PropertyNo,OwnerId) VALUES ('$last_id','$userid')";
            $retval = mysqli_query( $conn,$sql);
            if($retval === TRUE){
                         header("Location: dashboard.php"); 
                        exit;
                 }
        } else {
            echo "Error: " . $sql . "<br>" . $conn->error;
        }
    } else {
        echo "Sorry, there was an error uploading your file.";
    }
}
?>

This is file that contain code for uploading image and saving it into the database.

Upvotes: 0

Views: 98

Answers (2)

Faisal Mohmand
Faisal Mohmand

Reputation: 155

You have a "%20" in your image url after "uploads", which is equivalent to a space in url. You are getting a space character before the image name in the following query through which your image uploading is done, so your all your uploaded images names contains a space character at the beginning of their names. Remove the space before the ' $image' (shown below in the query too) and that's it.

$sql = "INSERT INTO Property 
        (Location, Street, City, Province, PStatus, 
         PType,isForSale,Price,Beds, img)
       VALUES ('$location','$street','$city','$province',0,
         '$type','$flag','$price','$beds',' $image')";
                                           ^
                                          ^^^
                                         ^^^^^

Upvotes: 2

RiggsFolly
RiggsFolly

Reputation: 94662

This line has a space between the single quote and the variable name ' $image' So when it is stored on the database the filename will start with a space %20

    $sql = "INSERT INTO Property 
            (Location, Street, City, Province, PStatus, 
             PType,isForSale,Price,Beds, img)
           VALUES ('$location','$street','$city','$province',0,
             '$type','$flag','$price','$beds',' $image')";
                                               ^
                                              ^^^
                                             ^^^^^

Remove it and all will be well.

Your script is at risk of SQL Injection Attack Have a look at what happened to Little Bobby Tables Even if you are escaping inputs, its not safe! Use prepared statement and parameterized queries

Upvotes: 3

Related Questions