Upload images to MySQL PHP

Question

I'm trying to upload images to mysql, when i try with this code, it seems like it only insert databse, but no image filename uploaded to my server, can i know what went wrong

<form method="post" action="">
    <?php
    include ("setting/connect.php");
    $g = mysql_query("select max(id) from abc");
    while($id=mysql_fetch_array($g))
    {
    ?>
    <input type="text" name="id" value="<?php echo $id[0]+1; ?>" hidden/>
    <?php }
    ?>


    <div class="form-group">
        <label>Image</label>
        <input name="image" type="file">
    </div>

    <div class="form-group input-group">
        <span class="input-group-addon">Title</span>
        <input name="title" type="text" class="form-control" placeholder="">
    </div>

    <center><input class="btn btn-primary" type="submit" name="cmdadd" value="ADD" />
    <button type="button" class="btn btn-danger">BACK</button></center>
    </div>
    <!-- /.panel-body -->
</form>

My php:

<?php   
        $id = $_POST['id'];
        $title= trim($_POST['title']);
    $path = "uploads/"; 
        $tmp_name = $_FILES['image']['tmp_name'];
        $name = $_FILES['image']['name'];
    if(isset($_POST['cmdadd'])){
        if(empty($id)||empty($title))
        {
            echo "<center>Error!</center>";
        }
    if($_FILES["image"]["error"] > 0)
        {
            echo "<font size = '5'><font color=\"#e31919\">Error: NO CHOSEN FILE <br />";
            echo"<p><font size = '5'><font color=\"#e31919\">INSERT TO DATABASE FAILED";

        }


    else{

        move_uploaded_file($tmp_name,$path.$name);
        $file="uploads/".$name;
        include "setting/connect.php";
        mysql_query("SET NAMES 'UTF8'");
        $i = mysql_query("insert into abc values ('".$id."','".$file."','".$title."')");
        if($i==true){
        echo '<META HTTP-EQUIV="Refresh" Content="0; URL=danhsachtindang.php">';
                    }
            //if($i==true){
            //header('Location:index.php');
            //exit;
            //mysql_close();
            //}
        }
    }
    ?>

Result from this: when i try to upload eg, picture.jpg, in the mysql table, it only came out "avatars/" on the column and HAVEN'T ANYTHING UPLOADED TO SERVER.

The way you're getting the last ID, then incrementing it is bad. If this script is run concurrently by two clients, you'll get ID collisions. One client will get the max ID, and increment it, then while they're working on the form, another user will get the same ID and the same incremented value. The first users's form will be successful, the second user will have the same ID and you'll get a failure on the DB as you'll be trying to insert a duplicate primary key. — i-CONICA, Sep 12 '14 at 14:45
You can use "PDO::lastInsertId" which is a better way to get the last ID, but if you don't need the last ID, let it be auto incremented. — i-CONICA, Sep 12 '14 at 14:45
There is **no more support** for `mysql_*` functions, they are [**officially deprecated**](https://wiki.php.net/rfc/mysql_deprecation), **no longer maintained** and will be [**removed**](http://php.net/manual/en/function.mysql-connect.php#warning) in the future. You should update your code with [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) to ensure the functionality of your project in the future. — Kermit, Sep 12 '14 at 14:49
*"it only came out "`avatars/`" on the column and HAVEN'T ANYTHING UPLOADED TO SERVER"* - Are you trying to upload to `avatars/` or `uploads/`? Check that and consult my answer below if you haven't already. — Funk Forty Niner, Sep 12 '14 at 16:27

score 3 · Answer 1 · edited May 23 '17 at 10:28

Your form lacks enctype="multipart/form-data" it's required when uploading files.

Modify it to read as:

<form method="post" action="" enctype="multipart/form-data">

Consult the manual: http://php.net/manual/en/function.move-uploaded-file.php

Also make sure that the folder has proper permissions set to write to.

Consult chmod on PHP.net for more information on setting folder/files permissions.

Sidenote #1:

Since you're using $path = "uploads/"; am assuming that you are running your code from the root of your server.

If this isn't the case, you will need to adjust it accordingly.

I.e.: $path = "../uploads/"; depending on the location of your file's execution.

Just an insight.

Sidenote #2:

Your present code is open to SQL injection. Use prepared statements, or PDO with prepared statements.

mysql_* functions deprecation notice:

http://www.php.net/manual/en/intro.mysql.php

This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used. See also the MySQL API Overview for further help while choosing a MySQL API.

These functions allow you to access MySQL database servers. More information about MySQL can be found at » http://www.mysql.com/.

Documentation for MySQL can be found at » http://dev.mysql.com/doc/.

Add error reporting to the top of your file(s) which will help during production testing.

error_reporting(E_ALL);
ini_set('display_errors', 1);

it only came out "avatars/" on the column and HAVEN'T ANYTHING UPLOADED TO SERVER

Are you trying to upload to avatars/ or uploads/?

Check that.

I'm going to keep upvoting every time I see someone suggest the abandoning of `mysql_*`. — muttley91, Sep 12 '14 at 14:44
@rar Thank you. Prepared statements are the best thing since sliced bread ;) — Funk Forty Niner, Sep 12 '14 at 14:45

Upload images to MySQL PHP

1 Answers1