cgmcdonald Posted April 13, 2015 Share Posted April 13, 2015 I need to upload my images to a folder and need the image name with file type to be places in a mysql database so it can be accessed by another page. This is my php where everything works except uploading the image name to the database; Instaead the column is populated with the word array. Does anyone know how to fix this. MySql column is set to varchar(50). <?php require_once("connect.php"); $name = $_POST['job_name']; $img = $_FILES['job_timg']; $desc = $_POST['job_desc']; $plug = "INSERT INTO tbl_job VALUES (NULL,'".$name."','".$desc."', '".$img."')"; $Set = mysql_query($plug); if($Set==1){ $qJob = "SELECT * FROM tbl_job WHERE job_name = '".$name."' "; $Result = mysql_query($qJob); $row = mysql_fetch_array($Result); $lastID = $row['job_id']; $Link1 = "INSERT INTO tbl_l_ji(ji_id, job_id, image_id) VALUES(NULL, '".$lastID."','".$cat."')"; $place1 = mysql_query($Link1); header("Location: index.php"); }else{ } if($_POST){// $_FILES["file"]["error"] is HTTP File Upload variables $_FILES["file"] "file" is the name of input field you have in form tag.if ($_FILES["job_timg"]["error"] > 0){// if there is error in file uploadingecho "Return Code: " . $_FILES["job_timg"]["error"] . "<br />";}else{// check if file already exit in "images" folder.if (file_exists("_/img/" . $_FILES["job_timg"]["name"])){echo $_FILES["job_timg"]["name"] . " already exists. ";}else{ //move_uploaded_file function will upload your image. if you want to resize image before uploading see this link http://b2atutorials.blogspot.com/2013/06/how-to-upload-and-resize-image-for.htmlif(move_uploaded_file($_FILES["job_timg"]["tmp_name"],"_/img/" . $_FILES["job_timg"]["name"])){// If file has uploaded successfully, store its name in data base$query_image = "INSERT INTO tbl_job (job_timg) VALUES ('".$_FILES['job_timg']['name'].")";if(mysql_query($query_image)){echo "Stored in: " . "_/img/" . $_FILES["job_timg"]["name"];}else{echo 'File name not stored in database';}}}}}?> My Form: div class="container"> <div class="row"> <div class="twelvecol last"> <form action="add_site.php" method="post" enctype="multipart/form-data"> <!--add in the enctype in order to handle file management--> <label>Name:</label><br> <input name="job_name" type="text" size="32"><br><br> <label>Job Front Image:</label><br> <input name="job_timg" type="file" size="32"><br><br> <label>Description:</label><br> <textarea name="job_desc" cols="80" rows="10"></textarea><br><br> </select><br><br> <input type="submit" value="Add Job"> </form> </div> Thank you, Connor McDonald Link to comment Share on other sites More sharing options...
justsomeguy Posted April 13, 2015 Share Posted April 13, 2015 You really need to use prepared statements with either PDO or mysqli, that database code is about 12 years old and will give you problems with certain filenames, job names, or descriptions. Look up a tutorial on prepared statements with PHP, there are several out there.$_FILES['job_timg'] is an array, that's why it prints "Array" when you use the array as a string. The $_FILES['job_timg'] will have elements for each part of the file. You can use print_r($_FILES['job_timg']) if you want to see them all. Link to comment Share on other sites More sharing options...
cgmcdonald Posted April 14, 2015 Author Share Posted April 14, 2015 I don't know how to implement that. Could you give me an example of what the working code for that line would be? Link to comment Share on other sites More sharing options...
justsomeguy Posted April 14, 2015 Share Posted April 14, 2015 I'll post my reply to your PM so other people can see it:I would recommend using PDO, there are a couple tutorials here:http://www.dreamincode.net/forums/topic/214733-introduction-to-pdo/http://www.w3schools.com/php/php_mysql_prepared_statements.aspIt's a different database extension, it will require rewrite to several parts of your code but it's the modern, secure, efficient way to work with MySQL. The old mysql extension was deprecated in PHP around 12 years ago, tutorials that still use it shouldn't be followed. There's a newer mysqli extension, which also supports prepared statements, but PDO is generally preferable because it can work with more than just MySQL. Here's the manual for it:http://php.net/manual/en/intro.pdo.phphttp://php.net/manual/en/pdo.prepared-statements.phpIt's object-oriented and the code will look a little different, but PDO with prepared statements is much more secure and generally useful than the old mysql extension. Link to comment Share on other sites More sharing options...
Don E Posted April 14, 2015 Share Posted April 14, 2015 but PDO with prepared statements is much more secure and generally useful than the old mysql extension. Quick question, is PDO also considered more secure than mysqli besides it's ability to work with more databases? Thanks. Link to comment Share on other sites More sharing options...
justsomeguy Posted April 14, 2015 Share Posted April 14, 2015 Not necessarily, they're both secure if used correctly. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now