All geek questions in one place

How to upload a PHP image and paste the path into MySQL?

I would like to include an image path in my MySQL table. The path of the image falls into the table, inserting the value of the text field "file" (one of those that view the type of transactions). Thus, the value that is entered looks something like this: image001.jpg . But I can not use this value to put an image in an html page. if it fits perfectly on the table, why can't I get it?

I upload an image, but I don’t know where it went. Since there is no value in the image field when I checked it through PhpMyadmin.

Table layout

 CREATE TABLE employee_details ( emp_image varchar(255), employee_name varchar(50), employee_address varchar(50), employee_designation varchar(50), employee_salary int(), );

Query

 $sql=" INSERT INTO employee_detail( emp_image, employee_name, employee_address, employee_contact, employee_designation, employee_salary ) VALUES( '$_POST[emp_image]', '$_POST[employee_name]', '$_POST[employee_address]', '$_POST[employee_contact]', '$_POST[employee_designation]', '$_POST[employee_salary]' )";
+4
source share
2 answers

In your comment, you are asking how to load and save data in mysql. So here it is:

To get the file, you must have a script in your html, like this:

 <html> <body> <form action="upload_file.php" method="post" enctype="multipart/form-data"> <label for="file">Filename:</label> <input type="file" name="file" id="file"><br> <input type="submit" name="submit" value="Submit"> </form> </body> </html>

Now, in POST, your PHP file should look like this, but please note that you need to check if the file exists in your POST:

 if ($_FILES["file"]["error"] > 0) { echo "Error: " . $_FILES["file"]["error"] . "<br>"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br>"; echo "Type: " . $_FILES["file"]["type"] . "<br>"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>"; echo "Stored in: " . $_FILES["file"]["tmp_name"]; }

Since the "Saved in:" part is just a temporary path, you should go to your "real" image path using move_uploaded_file () . Let's say the real / standard path for your images is:

 $image_dir= '/images/';

You just need to move the file using this:

 move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $image_dir. $_FILES['uploaded_file']['name']);

And your full path to the image will be

 $image = $final_save_dir . $_FILES['uploaded_file']['name'];

There are several ways to save the path to your database:

1st: you only need to save the filename and combine the image path in PHP with $_SERVER['DOCUMENT_ROOT'] and your default image path, for example:

 $sql="insert into employee_detail( emp_image, employee_name, employee_address, employee_contact, employee_designation, employee_salary) values( '$image', '$_POST[employee_name]', '$_POST[employee_address]', '$_POST[employee_contact]', '$_POST[employee_designation]','$_POST[employee_salary]')";

2nd: Is saving the full path as follows:

 $sql="insert into employee_detail( emp_image, employee_name, employee_address, employee_contact, employee_designation, employee_salary) values( '".$_SERVER['DOCUMENT_ROOT']."\\images\\".$image."', '$_POST[employee_name]', '$_POST[employee_address]', '$_POST[employee_contact]', '$_POST[employee_designation]','$_POST[employee_salary]')";

I recommend this approach, in which you enter a partial path (without the root directory) so that later you do not have problems when deploying it:

 $sql="insert into employee_detail( emp_image, employee_name, employee_address, employee_contact, employee_designation, employee_salary) values( 'images\\".$image."', '$_POST[employee_name]', '$_POST[employee_address]', '$_POST[employee_contact]', '$_POST[employee_designation]','$_POST[employee_salary]')";

And make sure that images are successfully loaded into this dir / path image by default .

UPDATE

I also recommend using mysqli_* or PDO and using the prepare() method / function to prevent sql injection.

+9
source

If you upload an image, it is first saved in a temporary path. You will need to transfer it to your final directory, otherwise it will fail after executing the script. This mainly happens:

If you have a form with fields of any form (text, checkbox, textarea, whatever), and a file field ( <input type="file" name="uploaded_file" /> ), all the "normal" fields will be available with an array of $_POST . The file (s), however, will be available in the $_FILES (see also the file download help page ).

Now that you receive a POST request, the downloaded files are stored in a temporary directory. If you do nothing, it will be deleted again after the script is executed. Therefore, you need to call the move_uploaded_file () function. Example:

 $final_save_dir = '/path/to/images/dir/'; move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $final_save_dir . $_FILES['uploaded_file']['name']);

And your full path to the image will be

 $image_full_path = $final_save_dir . $_FILES['uploaded_file']['name'];

This path can be saved in your database:

 $sql=" INSERT INTO employee_detail( emp_image, ... ) VALUES( '$image_full_path', ... )";

IMPORTANT: pay attention to @brewal's comment. Your script is VERY unsafe.

+1
source

Source: https://habr.com/ru/post/1501622/

More articles:


All Articles