I started to code my first dynamic page a few months ago... learning everything from ground zero front and back end stuff.
Got a few bumps here and there, so this is one more.
It's a real estate page where people can add listings and as such pictures. I read some famous threads right here and there about the picture issue inside database. I just decided to use DB because I need to start somewhere.
I used this tutorial to start. After a few hours, voila, I was able to insert pictures in a real server. Very happy.
But then comes the problem. The pictures need to be attached to the username (or email). The site has username protected pages when you try to insert stuff .
This is the main file for inserting pics into DB. Note, I added the username into the code, but the username is not being inserted, just the picture. I need to know who is inserting what.
There is a side question that you may just skip: the pictures need to be attached to an address. When a user has chosen the pics, and pressed the upload button, can I have a input field with address where the same button will execute two functions at the same time? (if I have two buttons, user may not do both. This way, we get the pictures and the address at the same time, and in the back the username). I would know how to have two buttons, two queries.
Thank you so much in advance for your help. I really need it.
$query = sprintf(
"insert into images (filename, mime_type, file_size, file_data, username)
values ('%s', '%s', %d, '%s','%s')",
mysql_real_escape_string($image['name']),
mysql_real_escape_string($info['mime']),
$image['size'],
mysql_real_escape_string(
file_get_contents($image['tmp_name'])),
mysql_real_escape_string(
file_get_contents($_SESSION['user'])
)
);
here is the full code.
<?php
//error_reporting(E_ALL);
//ini_set("display_errors", 1);
require("common.php");
if(empty($_SESSION['user']))
{
header("Location: ../index.php");
die("Redirecting to .../index.php");
}
?>
This first part of the code above is just to check whether user has logged in. Then the code.
<?php
require_once('globalsConfigPic1.php');
function assertValidUpload($code)
{
if ($code == UPLOAD_ERR_OK) {
return;
}
switch ($code) {
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
$msg = 'Image is too large';
break;
case UPLOAD_ERR_PARTIAL:
$msg = 'Image was only partially uploaded';
break;
case UPLOAD_ERR_NO_FILE:
$msg = 'No image was uploaded';
break;
case UPLOAD_ERR_NO_TMP_DIR:
$msg = 'Upload folder not found';
break;
case UPLOAD_ERR_CANT_WRITE:
$msg = 'Unable to write uploaded file';
break;
case UPLOAD_ERR_EXTENSION:
$msg = 'Upload failed due to extension';
break;
default:
$msg = 'Unknown error';
}
throw new Exception($msg);
}
$errors = array();
try {
if (!array_key_exists('image', $_FILES)) {
throw new Exception('Image not found in uploaded data');
}
$image = $_FILES['image'];
// ensure the file was successfully uploaded
assertValidUpload($image['error']);
if (!is_uploaded_file($image['tmp_name'])) {
throw new Exception('File is not an uploaded file');
}
$info = getImageSize($image['tmp_name']);
if (!$info) {
throw new Exception('File is not an image');
}
}
catch (Exception $ex) {
$errors[] = $ex->getMessage();
}
if (count($errors) == 0) {
// no errors, so insert the image
$query = sprintf(
"insert into images (filename, mime_type, file_size, file_data, username)
values ('%s', '%s', %d, '%s','%s')",
mysql_real_escape_string($image['name']),
mysql_real_escape_string($info['mime']),
$image['size'],
mysql_real_escape_string(
file_get_contents($image['tmp_name'])),
mysql_real_escape_string(
file_get_contents($_SESSION['user'])
)
);
mysql_query($query, $db);
$id = (int) mysql_insert_id($db);
// finally, redirect the user to view the new image
header('Location: view.php?id=' . $id);
exit;
}
?>
<html>
<head>
<title>Error</title>
</head>
<body>
<div>
<p>
The following errors occurred:
</p>
<ul>
<?php foreach ($errors as $error) { ?>
<li>
<?php echo htmlSpecialChars($error) ?>
</li>
<?php } ?>
</ul>
<p>
<a href="upload.php">Try again</a>
</p>
</div>
</body>
</html>
