Jump to content

PHP Uploading Image To folder and image path to data base


cgmcdonald

Recommended Posts

I need to upload my images to a folder and need the image name with file type to be places in a mysql database so it can be accessed by another page.

 

This is my php where everything works except uploading the image name to the database; Instaead the column is populated with the word array. Does anyone know how to fix this. MySql column is set to varchar(50).

 

<?php require_once("connect.php"); $name = $_POST['job_name']; $img = $_FILES['job_timg']; $desc = $_POST['job_desc']; $plug = "INSERT INTO tbl_job VALUES (NULL,'".$name."','".$desc."', '".$img."')"; $Set = mysql_query($plug); if($Set==1){ $qJob = "SELECT * FROM tbl_job WHERE job_name = '".$name."' "; $Result = mysql_query($qJob); $row = mysql_fetch_array($Result); $lastID = $row['job_id']; $Link1 = "INSERT INTO tbl_l_ji(ji_id, job_id, image_id) VALUES(NULL, '".$lastID."','".$cat."')"; $place1 = mysql_query($Link1); header("Location: index.php"); }else{ } if($_POST){// $_FILES["file"]["error"] is HTTP File Upload variables $_FILES["file"] "file" is the name of input field you have in form tag.if ($_FILES["job_timg"]["error"] > 0){// if there is error in file uploadingecho "Return Code: " . $_FILES["job_timg"]["error"] . "<br />";}else{// check if file already exit in "images" folder.if (file_exists("_/img/" . $_FILES["job_timg"]["name"])){echo $_FILES["job_timg"]["name"] . " already exists. ";}else{ //move_uploaded_file function will upload your image. if you want to resize image before uploading see this link http://b2atutorials.blogspot.com/2013/06/how-to-upload-and-resize-image-for.htmlif(move_uploaded_file($_FILES["job_timg"]["tmp_name"],"_/img/" . $_FILES["job_timg"]["name"])){// If file has uploaded successfully, store its name in data base$query_image = "INSERT INTO tbl_job (job_timg) VALUES ('".$_FILES['job_timg']['name'].")";if(mysql_query($query_image)){echo "Stored in: " . "_/img/" . $_FILES["job_timg"]["name"];}else{echo 'File name not stored in database';}}}}}?>

 

My Form:

 

div class="container"> <div class="row"> <div class="twelvecol last"> <form action="add_site.php" method="post" enctype="multipart/form-data"> <!--add in the enctype in order to handle file management--> <label>Name:</label><br> <input name="job_name" type="text" size="32"><br><br> <label>Job Front Image:</label><br> <input name="job_timg" type="file" size="32"><br><br> <label>Description:</label><br> <textarea name="job_desc" cols="80" rows="10"></textarea><br><br> </select><br><br> <input type="submit" value="Add Job"> </form> </div>

 

Thank you,

Connor McDonald

 

 

Link to comment
Share on other sites

You really need to use prepared statements with either PDO or mysqli, that database code is about 12 years old and will give you problems with certain filenames, job names, or descriptions. Look up a tutorial on prepared statements with PHP, there are several out there.$_FILES['job_timg'] is an array, that's why it prints "Array" when you use the array as a string. The $_FILES['job_timg'] will have elements for each part of the file. You can use print_r($_FILES['job_timg']) if you want to see them all.

Link to comment
Share on other sites

I'll post my reply to your PM so other people can see it:I would recommend using PDO, there are a couple tutorials here:http://www.dreamincode.net/forums/topic/214733-introduction-to-pdo/http://www.w3schools.com/php/php_mysql_prepared_statements.aspIt's a different database extension, it will require rewrite to several parts of your code but it's the modern, secure, efficient way to work with MySQL. The old mysql extension was deprecated in PHP around 12 years ago, tutorials that still use it shouldn't be followed. There's a newer mysqli extension, which also supports prepared statements, but PDO is generally preferable because it can work with more than just MySQL. Here's the manual for it:http://php.net/manual/en/intro.pdo.phphttp://php.net/manual/en/pdo.prepared-statements.phpIt's object-oriented and the code will look a little different, but PDO with prepared statements is much more secure and generally useful than the old mysql extension.

Link to comment
Share on other sites

but PDO with prepared statements is much more secure and generally useful than the old mysql extension.

 

 

Quick question, is PDO also considered more secure than mysqli besides it's ability to work with more databases? Thanks.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...