Solved

Form To Upload Multiple Images & Data To MySQL DB Via PHP

Posted on 2014-10-08
3
3,358 Views
Last Modified: 2014-10-09
Hi Experts

We are developing an application for internal use only to upload 2 images and some text boxes to a MySQL database via a form and PHP Script.

We can get a simple form to work where only text boxes are submitted with no image fields, and we can get a form with just image fields to work and upload images to the mySQL database as BLOB, but when combining the 2 we can only get it to upload the images, and not the text boxes.

Please find below the code for our php upload script, when our form is submitted this uploads to the database the 2 image fields as BLOB, but not the other text fields, any help to point out where we have gone wrong is greatly appreciated:

<?php
$con=mysqli_connect("localhost","appuser1","password","outofhours");
// Check connection
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
	
$maxsize = 10000000; //set to approx 10 MB

$sitename = mysqli_real_escape_string($con, $_POST['sitename']);
$siteaddress = mysqli_real_escape_string($con, $_POST['siteaddress']);
$sitepostcode = mysqli_real_escape_string($con, $_POST['sitepostcode']);
$eqmake = mysqli_real_escape_string($con, $_POST['eqmake']);
$eqmodel = mysqli_real_escape_string($con, $_POST['eqmodel']);
$eqdesc = mysqli_real_escape_string($con, $_POST['eqdesc']);
$eqserial = mysqli_real_escape_string($con, $_POST['eqserial']);
$eqassetno = mysqli_real_escape_string($con, $_POST['eqassetno']);
$eqconttype = mysqli_real_escape_string($con, $_POST['eqconttype']);
$brewery = mysqli_real_escape_string($con, $_POST['brewery']);
$date = mysqli_real_escape_string($con, $_POST['date']);
$onsitetime = mysqli_real_escape_string($con, $_POST['onsitetime']);
$offsitetime = mysqli_real_escape_string($con, $_POST['offsitetime']);
$custprintname = mysqli_real_escape_string($con, $_POST['custprintname']);
$custposition = mysqli_real_escape_string($con, $_POST['custposition']);
$engname = mysqli_real_escape_string($con, $_POST['engname']);

// check if a file was submitted
if(!isset($_FILES['engsig1']))
{
    echo '<p>Please select a file</p>';
}
else
{
    try {
    $msg= upload();  //this will upload your image
    echo $msg;  //Message showing success or failure.
    }
    catch(Exception $e) {
    echo $e->getMessage();
    echo 'Sorry, could not upload file';
    }
}



// the upload function

function upload() {
    include "file_constants.php";
    $maxsize = 10000000; //set to approx 10 MB

    //check associated error code
        if($_FILES['engsig1']['error']==UPLOAD_ERR_OK) {

        //check whether file is uploaded with HTTP POST
        if(is_uploaded_file($_FILES['engsig1']['tmp_name'])) {    
			
            //checks size of uploaded image on server side
            if( $_FILES['engsig1']['size'] < $maxsize) {  
  
               //checks whether uploaded file is of image type
                 $finfo = finfo_open(FILEINFO_MIME_TYPE);
                if(strpos(finfo_file($finfo, $_FILES['engsig1']['tmp_name']),"image")===0) {    
                    // prepare the image for insertion
                    $imgData1 =addslashes (file_get_contents($_FILES['engsig1']['tmp_name']));
                    $imgData2 =addslashes (file_get_contents($_FILES['custsig1']['tmp_name']));
$sitename = mysqli_real_escape_string($con, $_POST['sitename']);
$siteaddress = mysqli_real_escape_string($con, $_POST['siteaddress']);
$sitepostcode = mysqli_real_escape_string($con, $_POST['sitepostcode']);
$eqmake = mysqli_real_escape_string($con, $_POST['eqmake']);
$eqmodel = mysqli_real_escape_string($con, $_POST['eqmodel']);
$eqdesc = mysqli_real_escape_string($con, $_POST['eqdesc']);
$eqserial = mysqli_real_escape_string($con, $_POST['eqserial']);
$eqassetno = mysqli_real_escape_string($con, $_POST['eqassetno']);
$eqconttype = mysqli_real_escape_string($con, $_POST['eqconttype']);
$brewery = mysqli_real_escape_string($con, $_POST['brewery']);
$date = mysqli_real_escape_string($con, $_POST['date']);
$onsitetime = mysqli_real_escape_string($con, $_POST['onsitetime']);
$offsitetime = mysqli_real_escape_string($con, $_POST['offsitetime']);
$custprintname = mysqli_real_escape_string($con, $_POST['custprintname']);
$custposition = mysqli_real_escape_string($con, $_POST['custposition']);
$engname = mysqli_real_escape_string($con, $_POST['engname']);			
                    // put the image in the db...
                    // database connection
                    mysql_connect($host, $user, $pass) OR DIE (mysql_error());

                    // select the db
                    mysql_select_db ($db) OR DIE ("Unable to select db".mysql_error());

                    // our sql query
                    $sql = "INSERT INTO oohours (sitename, siteaddress, sitepostcode, eqmake, eqmodel, eqdesc, eqserial, eqassetno, eqconttype, brewery, date, onsitetime, offsitetime, custprintname, custsig1, custposition, engname, engsig1)
                    VALUES
                    ('$sitename', '$siteaddress', '$sitepostcode', '$eqmake', '$eqmodel', '$eqdesc', '$eqserial', '$eqassetno', '$eqconttype', '$brewery', '$date', '$onsitetime', '$offsitetime', '$custprintname', '{$imgData1}', '$custposition', '$engname', '{$imgData2}')";

                    // insert the image
                    mysql_query($sql) or die("Error in Query: " . mysql_error());
                    $msg='<p>Image successfully saved in database with id ='. mysql_insert_id().' </p>';
                }
                else
                    $msg="<p>Uploaded file is not an image.</p>";
            }
             else {
                // if the file is not less than the maximum allowed, print an error
                $msg='<div>File exceeds the Maximum File limit</div>
                <div>Maximum File limit is '.$maxsize.' bytes</div>
                <div>File '.$_FILES['engsig1']['name'].' is '.$_FILES['engsig1']['size'].
                ' bytes</div><hr />';
                }
        }
        else
            $msg="File not uploaded successfully.";

    }
    else {
        $msg= file_upload_error_message($_FILES['engsig1']['error']);
    }
    return $msg;
}

// Function to return error message based on error code

function file_upload_error_message($error_code) {
    switch ($error_code) {
        case UPLOAD_ERR_INI_SIZE:
            return 'The uploaded file exceeds the upload_max_filesize directive in php.ini';
        case UPLOAD_ERR_FORM_SIZE:
            return 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form';
        case UPLOAD_ERR_PARTIAL:
            return 'The uploaded file was only partially uploaded';
        case UPLOAD_ERR_NO_FILE:
            return 'No file was uploaded';
        case UPLOAD_ERR_NO_TMP_DIR:
            return 'Missing a temporary folder';
        case UPLOAD_ERR_CANT_WRITE:
            return 'Failed to write file to disk';
        case UPLOAD_ERR_EXTENSION:
            return 'File upload stopped by extension';
        default:
            return 'Unknown upload error';
    }
}
?>

Open in new window

0
Comment
Question by:Jon C
  • 2
3 Comments
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 40369385
As a general rule, one does not store images in a database.  Instead we store the images in the file system and store the URL of the images in the database.  The reasons for this go to issues with performance and backup.  If you have a database full of images and somebody writes a query with SELECT * and no WHERE or LIMIT clause you will find out why we don't store images in a database.  The database will return all of the images in response to that query.  I've seen this bring down a server.

The uploaded image files would be found via the $_FILES array.  The contents of HTML textarea controls will be found in the $_POST array.  I don't have an example at my fingertips using textarea, but I can show you how to upload multiple files and how to find client data in the $_POST array (see $_POST["overwrite"]).  Hope this is helpful.

<?php // demo/upload_multiple_example.php
error_reporting(E_ALL);


// MANUAL REFERENCE PAGES YOU MUST UNDERSTAND TO UPLOAD FILES
// http://php.net/manual/en/reserved.variables.files.php
// http://php.net/manual/en/features.file-upload.php
// http://php.net/manual/en/features.file-upload.common-pitfalls.php
// http://php.net/manual/en/function.move-uploaded-file.php

// MANUAL PAGES THAT ARE IMPORTANT IF YOU ARE DEALING WITH LARGE FILES
// http://php.net/manual/en/ini.core.php#ini.upload-max-filesize
// http://php.net/manual/en/ini.core.php#ini.post-max-size
// http://php.net/manual/en/info.configuration.php#ini.max-input-time


// PHP 5.1+  SEE http://php.net/manual/en/function.date-default-timezone-set.php
date_default_timezone_set('America/Chicago');

// ESTABLISH THE NAME OF THE DESTINATION FOLDER ('uploads' DIRECTORY)
$uploads = 'storage';
if (!is_dir($uploads))
{
    mkdir($uploads);
}

// ESTABLISH THE BIGGEST FILE SIZE WE WILL ACCEPT - ABOUT 8 MB
$max_file_size = 8 * 1024 * 1024;

// ESTABLISH THE MAXIMUM NUMBER OF FILES WE WILL UPLOAD
$nf = 3;

// ESTABLISH THE KINDS OF FILE EXTENSIONS WE WILL ACCEPT
$file_exts = array
( 'jpg'
, 'gif'
, 'png'
, 'txt'
, 'pdf'
, 'doc'
, 'docx'
)
;

// LIST OF THE ERRORS THAT MAY BE REPORTED IN $_FILES[]["error"] (THERE IS NO #5)
$errors = array
( 0 => "Success!"
, 1 => "The uploaded file exceeds the upload_max_filesize directive in php.ini"
, 2 => "The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form"
, 3 => "The uploaded file was only partially uploaded"
, 4 => "No file was uploaded"
, 5 => "UNDEFINED ERROR"
, 6 => "Missing a temporary folder"
, 7 => "Cannot write file to disk"
)
;


// IF WE HAVE GOT SOMETHING IN $_POST - RUN THE ACTION SCRIPT
if (!empty($_POST))
{
    echo "<h2>Results: File Upload</h2>" . PHP_EOL;

    // ACTIVATE THIS TO SEE WHAT IS COMING THROUGH
    // echo "<pre>"; var_dump($_FILES); var_dump($_POST); echo "</pre>";

    // ITERATE OVER THE CONTENTS OF $_FILES
    foreach ($_FILES as $my_uploaded_file)
    {
        // SKIP OVER EMPTY SPOTS - NOTHING UPLOADED
        $error_code = $my_uploaded_file["error"];
        if ($error_code == 4) continue;

        // SYNTHESIZE THE NEW FILE NAME
        $f_type = explode('.', basename($my_uploaded_file['name']));
        $f_type = end($f_type);
        $f_type = trim(strtolower($f_type));

        $f_name = explode('.', basename($my_uploaded_file['name']));
        $f_name = current($f_name);
        $f_name = trim(strtolower($f_name));

        $my_new_file
        = getcwd()
        . DIRECTORY_SEPARATOR
        . $uploads
        . DIRECTORY_SEPARATOR
        . $f_name
        . '.'
        . $f_type
        ;
        $my_file
        = $uploads
        . DIRECTORY_SEPARATOR
        . $f_name
        . '.'
        . $f_type;

        // OPTIONAL TEST FOR ALLOWABLE EXTENSIONS
        if (!in_array($f_type, $file_exts))
        {
            trigger_error("$f_type Not allowed", E_USER_WARNING);
            continue;
        }

        // IF THERE ARE ERRORS
        if ($error_code != 0)
        {
            $error_message = $errors[$error_code];
            trigger_error("Upload error code: $error_code: $error_message", E_USER_WARNING);
            continue;
        }

        // GET THE FILE SIZE
        $file_size = number_format($my_uploaded_file["size"]);

        // IF THE FILE IS NEW (DOES NOT EXIST)
        if (!file_exists($my_new_file))
        {
            // IF THE MOVE FUNCTION WORKED CORRECTLY
            if (move_uploaded_file($my_uploaded_file['tmp_name'], $my_new_file))
            {
                $upload_success = 1;
            }
            // IF THE MOVE FUNCTION FAILED
            else
            {
                $upload_success = -1;
            }
        }

        // IF THE FILE ALREADY EXISTS
        else
        {
            echo "<br/><b><i>$my_file</i></b> already exists." . PHP_EOL;

            // SHOULD WE OVERWRITE THE FILE? IF NOT
            if (empty($_POST["overwrite"]))
            {
                $upload_success = 0;
            }
            // IF WE SHOULD OVERWRITE THE FILE, TRY TO MAKE A BACKUP
            else
            {
                $now    = date('Y-m-d\THis');
                $my_bak = $my_new_file . '.' . $now . '.bak';
                if (!copy($my_new_file, $my_bak))
                {
                    trigger_error("Backup Failed for $my_file", E_USER_WARNING);
                }
                if (move_uploaded_file($my_uploaded_file['tmp_name'], $my_new_file))
                {
                    $upload_success = 2;
                }
                else
                {
                    $upload_success = -1;
                }
            }
        }

        // REPORT OUR SUCCESS OR FAILURE
        if ($upload_success == 2) { echo "<br/>It has been overwritten." . PHP_EOL; }
        if ($upload_success == 1) { echo "<br/><b>$my_file</b> has been saved." . PHP_EOL; }
        if ($upload_success == 0) { echo "<br/><b>It was NOT overwritten.</b>" . PHP_EOL; }
        if ($upload_success < 0)  { echo "<br/><b>ERROR: $my_file NOT SAVED - SEE WARNING FROM move_uploaded_file() COMMAND</b>" . PHP_EOL; }
        if ($upload_success > 0)
        {
            echo "$file_size bytes uploaded." . PHP_EOL;
            if (!chmod ($my_new_file, 0755))
            {
                echo '<br/>chmod(0755) FAILED: fileperms() = ';
                echo substr(sprintf('%o', fileperms($my_new_file)), -4);
            }
            echo '<br/><a target="_blank" href="' . $my_file . '">See the file ' . $my_file . '</a>' . PHP_EOL;
        }
    // END FOREACH ITERATOR - EACH ITERATION PROCESSES ONE FILE
    }
// END ACTION SCRIPT
}


// FORM SCRIPT: CREATE THE INPUT STATEMENTS FOR THE FILES
$inputs = NULL;
for ($n = 0; $n < $nf; $n++)
{
    $inputs .= '<input name="userfile' . $n . '" type="file" size="80" /><br/>' . PHP_EOL;
}

// CREATE THE HTML FORM USING HEREDOC NOTATION
$form = <<<EOF
<h2>Upload from 1 to $nf file(s)</h2>
<!--
    SOME IMPORTANT THINGS TO NOTE ABOUT THIS FORM...
    ENCTYPE= ATTRIBUTE IN THE HTML <FORM> TAG
    MAX_FILE_SIZE HIDDEN CONTROL MUST PRECEDE THE FILE INPUT CONTROLS
    INPUT NAME= IN TYPE=FILE DETERMINES THE NAME YOU FIND IN _FILES ARRAY
    ABSENCE OF ACTION= ATTRIBUTE IN <FORM> TAG CAUSES POST TO SAME URL
-->
<form name="UploadForm" enctype="multipart/form-data" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="$max_file_size" />
<p>
Find the file(s) you want to upload and click the "Upload" button below.
</p>

$inputs

<br/>Check this box <input autocomplete="off" type="checkbox" name="overwrite" /> to <b>overwrite</b> existing files.
<input type="submit" value="Upload" />
</form>
EOF;

echo $form;

Open in new window

0
 

Author Closing Comment

by:Jon C
ID: 40370292
Thanks, worked it out now with your assistance, went down the route of uploading the files to a folder and not the MySQL DB
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40370504
That's a much better choice!  Thanks for the points and thanks for using E-E, ~Ray
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Does the idea of dealing with bits scare or confuse you? Does it seem like a waste of time in an age where we all have terabytes of storage? If so, you're missing out on one of the core tools in every professional programmer's toolbox. Learn how to …
These days socially coordinated efforts have turned into a critical requirement for enterprises.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now