Solved

Default Image for file upload to mysql database PHP

Posted on 2008-10-28
13
320 Views
Last Modified: 2013-12-13
Hi, There is a really simple answer to this, but for the life of me I cannot work it out. What I have is a script to upload images to a mysql databse which works like a dream. The problem I am having is that if a user does not select an image, no image is entered into the database, which cause issues when displaying on the site and also with updating the image a later time.

What I have been trying to do is if the userfile is left empty, on upload the php script selects an image of the server /admin/noimage.php and uploads that to the database.

Attached is the code snippet

I have tried now for ages... I just cannot do it and I am desperate for a little help.

Thank you very much in advance
if(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0)

 {

 $fileName = $_FILES['userfile']['name'];

 $tmpName  = $_FILES['userfile']['tmp_name'];

 $fileSize = $_FILES['userfile']['size'];

 $fileType = $_FILES['userfile']['type'];
 

 $fp      = fopen($tmpName, 'r');

 $content = fread($fp, filesize($tmpName));

 list($width,$height,$typeq,$attrq)=getimagesize($tmpName);

 $content = addslashes($content);

 fclose($fp);
 

 if(!get_magic_quotes_gpc()) $fileName = addslashes($fileName);
 

 $query='INSERT INTO timages (filename,size,type,width,height,content) VALUES ("'.$fileName.'","'.$fileSize.'","'.$fileType.'","'.$width.'","'.$height.'","'.$content.'")';

 mysql_query($query,$dbh) or die(mysql_error());

 $val=mysql_fetch_row($res);

 $imageid=$val[0];

Open in new window

0
Comment
Question by:flashjordan
  • 7
  • 5
13 Comments
 
LVL 17

Expert Comment

by:psimation
Comment Utility
Your code doesn't seem to be complete. - so I'm assuming that your if statement ends after the last line you posted?

Anyway - you are not physically uploading an image into the DB, you are only saving the filename in the db - the actual image is saved on the filesystem.

So, all you need to do is add an "else" to your if statement that inserts a set imagename into the db if the userfile is not larger than 0...

IE, you make a "static" sql query containing constant values matching the std image you already have on the system and you simply insert it's details for that instance
if( (isset($_POST['upload'])) && ($_FILES['userfile']['size'] > 0) )

 {

 $fileName = $_FILES['userfile']['name'];

 $tmpName  = $_FILES['userfile']['tmp_name'];

 $fileSize = $_FILES['userfile']['size'];

 $fileType = $_FILES['userfile']['type'];

 

 $fp      = fopen($tmpName, 'r');

 $content = fread($fp, filesize($tmpName));

 list($width,$height,$typeq,$attrq)=getimagesize($tmpName);

 $content = addslashes($content);

 fclose($fp);

 

 if(!get_magic_quotes_gpc()) $fileName = addslashes($fileName);

 

 $query='INSERT INTO timages (filename,size,type,width,height,content) VALUES ("'.$fileName.'","'.$fileSize.'","'.$fileType.'","'.$width.'","'.$height.'","'.$content.'")';

 mysql_query($query,$dbh) or die(mysql_error());

 $val=mysql_fetch_row($res);

 $imageid=$val[0];

} elseif (isset($_POST['upload']) && $_FILES['userfile']['size'] == 0){
 

$query='INSERT INTO timages (filename,size,type,width,height,content) VALUES ("YOUR_STD_FILEMNAME_HERE","PICTURE_SIZE_HERE","FILETYPE_HERE","WIDTH","HEIGHT","CONTENT")';

 mysql_query($query,$dbh) or die(mysql_error());

}

Open in new window

0
 
LVL 1

Author Comment

by:flashjordan
Comment Utility
I am uploading the images to the database, however if the user diesn't upload an image it causes many problems... so what I need to do is if they do not upload an image an image is selected from /admin/noimage.php and added to the database. This image can be changed at a later date (done that)
What I can't do is use the else statement to replace an image if the user doesn't upload an image.

Full code I am using follows

Thank you for your help

<?php

ob_start('ob_gzhandler');

include 'connect.php';
 

if(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0)

 {

 $fileName = $_FILES['userfile']['name'];

 $tmpName  = $_FILES['userfile']['tmp_name'];

 $fileSize = $_FILES['userfile']['size'];

 $fileType = $_FILES['userfile']['type'];
 

 $fp      = fopen($tmpName, 'r');

 $content = fread($fp, filesize($tmpName));

 list($width,$height,$typeq,$attrq)=getimagesize($tmpName);

 $content = addslashes($content);

 fclose($fp);
 

 if(!get_magic_quotes_gpc()) $fileName = addslashes($fileName);
 

 $query='INSERT INTO timages (filename,size,type,width,height,content) VALUES ("'.$fileName.'","'.$fileSize.'","'.$fileType.'","'.$width.'","'.$height.'","'.$content.'")';

 mysql_query($query,$dbh) or die(mysql_error());

 $val=mysql_fetch_row($res);

 }
 

$make=mysql_escape_string($_POST['make']);

$model=mysql_escape_string($_POST['model']);

$yeardate=mysql_escape_string($_POST['yeardate']);

$mileage=mysql_escape_string($_POST['mileage']);

$description=mysql_escape_string($_POST['description']);

$price=mysql_escape_string($_POST['price']);

$service=mysql_escape_string($_POST['service']);

$mot=mysql_escape_string($_POST['mot']);

$tax=mysql_escape_string($_POST['tax']);

$options=mysql_escape_string($_POST['options']);

$hot=mysql_escape_string($_POST['hot']);

$dat=mysql_escape_string($_POST['dat']);

$reg=mysql_escape_string($_POST['reg']);
 

mysql_query('INSERT INTO cars (make,model,yeardate,mileage,description,price,service,mot,tax,options,hot,dat,imageid,reg) VALUES ("'.$make.'","'.$model.'","'.$yeardate.'","'.$mileage.'","'.$description.'","'.$price.'","'.$service.'","'.$mot.'","'.$tax.'","'.$options.'","'.$hot.'","'.$dat.'","'.$imageid.'","'.$reg.'")',$dbh) or die(mysql_error());
 

?>

<html><body><p>&nbsp;</p><p align="center"><font size="2" color="#999999" face="Arial"><b>Success!</b></p><p align="center"><a href="index.php"><img src="../images/success.gif" border="0"/></a></p></body></html>

Open in new window

0
 
LVL 17

Expert Comment

by:psimation
Comment Utility
my bad - didn't read through your code properly.
OK, so all you need to do is replace the $content part if the  $_FILES['userfile']['size'] == 0

So, you still use the elseif as I proposed earlier, but now you just open the file directly from it's known location and then write that into the db instead of looking for the uploaded file.

so, in this part in the "elseif" section, you simply substitute $tmpName with the known image name and location:

 $fp      = fopen($tmpName, 'r');
 $content = fread($fp, filesize($tmpName));
 list($width,$height,$typeq,$attrq)=getimagesize($tmpName);
 $content = addslashes($content);
 fclose($fp);

 

0
 
LVL 3

Expert Comment

by:raminhos
Comment Utility
Try:

f(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0)

 {

 $fileName = $_FILES['userfile']['name'];

 $tmpName  = $_FILES['userfile']['tmp_name'];

 $fileSize = $_FILES['userfile']['size'];

 $fileType = $_FILES['userfile']['type'];
 

}else{

  

  $tmpName = "pictures/pic.jpg";

 

 $fp      = fopen($tmpName, 'r');

 $content = fread($fp, filesize($tmpName));

 list($width,$height,$typeq,$attrq)=getimagesize($tmpName);

 $content = addslashes($content);

 fclose($fp);

 

 if(!get_magic_quotes_gpc()) $fileName = addslashes($fileName);

 

 $query='INSERT INTO timages (filename,size,type,width,height,content) VALUES ("'.$fileName.'","'.$fileSize.'","'.$fileType.'","'.$width.'","'.$height.'","'.$content.'")';

 mysql_query($query,$dbh) or die(mysql_error());

 $val=mysql_fetch_row($res);

 $imageid=$val[0];

Open in new window

0
 
LVL 1

Author Comment

by:flashjordan
Comment Utility
I am really sorry, but I really don't understand where to do this and to be honest how... I have been messing with this for ages now and I am just confused... its been a very long day! Can you please explain in idiot terms, because I think I am one at the moment?
0
 
LVL 17

Expert Comment

by:psimation
Comment Utility
try this
if( (isset($_POST['upload'])) && ($_FILES['userfile']['size'] > 0) )

 {

 $fileName = $_FILES['userfile']['name'];

 $tmpName  = $_FILES['userfile']['tmp_name'];

 $fileSize = $_FILES['userfile']['size'];

 $fileType = $_FILES['userfile']['type'];

 

 $fp      = fopen($tmpName, 'r');

 $content = fread($fp, filesize($tmpName));

 list($width,$height,$typeq,$attrq)=getimagesize($tmpName);

 $content = addslashes($content);

 fclose($fp);

 

 if(!get_magic_quotes_gpc()) $fileName = addslashes($fileName);

 

 $query='INSERT INTO timages (filename,size,type,width,height,content) VALUES ("'.$fileName.'","'.$fileSize.'","'.$fileType.'","'.$width.'","'.$height.'","'.$content.'")';

 mysql_query($query,$dbh) or die(mysql_error());

 $val=mysql_fetch_row($res);

 $imageid=$val[0];

} elseif (isset($_POST['upload']) && $_FILES['userfile']['size'] == 0){
 

$tmpName = "/admin/noimage.jpg";

 

$fp      = fopen($tmpName, 'r');

 $content = fread($fp, filesize($tmpName));

 list($width,$height,$typeq,$attrq)=getimagesize($tmpName);

 $content = addslashes($content);

 fclose($fp);

 

 if(!get_magic_quotes_gpc()) $fileName = addslashes($fileName);

 

 $query='INSERT INTO timages (filename,size,type,width,height,content) VALUES ("'.$fileName.'","'.$fileSize.'","'.$fileType.'","'.$width.'","'.$height.'","'.$content.'")';

 mysql_query($query,$dbh) or die(mysql_error());

 $val=mysql_fetch_row($res);

 $imageid=$val[0];

}

Open in new window

0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 17

Expert Comment

by:psimation
Comment Utility
need to overwrite $filename as well, so just add $filename = "noimage.jpg"; on line 21 or 23 in my previous post.
0
 
LVL 1

Author Comment

by:flashjordan
Comment Utility
Hi thanks... It is sort of working except that it isn't enteringthe size filename or type into the database.. any ideas
0
 
LVL 17

Expert Comment

by:psimation
Comment Utility
I made a typo with $filename, it should be $fileName...

Just check if that fixes it?
0
 
LVL 17

Accepted Solution

by:
psimation earned 500 total points
Comment Utility
also, this: list($width,$height,$typeq,$attrq)=getimagesize($tmpName);
is getting $typeq and you are trying to enter $fileType into the DB, maybe change that to enter $typeq instead.

And for filesize, do and extra : $fileSize =  filesize($tmpName); and see if that helps.
0
 
LVL 1

Author Comment

by:flashjordan
Comment Utility
putting it all together you get this... This works perfectly...
if( (isset($_POST['upload'])) && ($_FILES['userfile']['size'] > 0) )
 {
 $fileName = $_FILES['userfile']['name'];
 $tmpName  = $_FILES['userfile']['tmp_name'];
 $fileSize = $_FILES['userfile']['size'];
 $fileType = $_FILES['userfile']['type'];
 
 $fp      = fopen($tmpName, 'r');
 $content = fread($fp, filesize($tmpName));
 list($width,$height,$typeq,$attrq)=getimagesize($tmpName);
 $content = addslashes($content);
 fclose($fp);
 
 if(!get_magic_quotes_gpc()) $fileName = addslashes($fileName);
 
 $query='INSERT INTO timages (filename,size,type,width,height,content) VALUES ("'.$fileName.'","'.$fileSize.'","'.$fileType.'","'.$width.'","'.$height.'","'.$content.'")';
 mysql_query($query,$dbh) or die(mysql_error());
  $res=mysql_query('SELECT LAST_INSERT_ID()',$dbh);
 $val=mysql_fetch_row($res);
 $imageid=$val[0];
} elseif (isset($_POST['upload']) && $_FILES['userfile']['size'] == 0){

 $fileName = "nophoto.gif";
 $tmpName = "nophoto.gif";
 $fileSize =  filesize($tmpName);
 $fileType = "gif";
 
$fp      = fopen($tmpName, 'r');
 $content = fread($fp, filesize($tmpName));
 list($width,$height,$typeq,$attrq)=getimagesize($tmpName);
 $content = addslashes($content);
 fclose($fp);
 
 if(!get_magic_quotes_gpc()) $fileName = addslashes($fileName);
 
 $query='INSERT INTO timages (filename,size,type,width,height,content) VALUES ("'.$fileName.'","'.$fileSize.'","'.$fileType.'","'.$width.'","'.$height.'","'.$content.'")';
 mysql_query($query,$dbh) or die(mysql_error());
  $res=mysql_query('SELECT LAST_INSERT_ID()',$dbh);
 $val=mysql_fetch_row($res);
 $imageid=$val[0];
}
0
 
LVL 1

Author Closing Comment

by:flashjordan
Comment Utility
Thanks very much for your help... you solved it, even with me being stupid!!!! Your a Star, thank you very much.
0
 
LVL 17

Expert Comment

by:psimation
Comment Utility
Cool!

You're not stupid - we all need a fresh pair of eyes to look at problems in a different light every now and then...
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Mysqli Query 5 40
Storing files securely - database or filesystem 3 83
php documentation 4 19
Instering to MySQL table 5 13
Consider the following scenario: You are working on a website and make something great - something that lets the server work with information submitted by your users. This could be anything, from a simple guestbook to a e-Money solution. But what…
Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to count occurrences of each item in an array.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now