-1

I have written the following code to upload an image into the database, however, everytime I choose an image and press "upload" all I get is "Waiting for localhost" and nothing loads on the browser. I'm using xampp for my localhost. The database name is "votingsystem" and the table to insert the image is "photo".

After running this php file I am also unable to run other php files since they all exhibit the same problem on the browser by saying "Waiting for localhost" when trying to run them. As such I have to restart my file editor and run it again. It's been a recurring problem. 

<?php
/**
 * Created by PhpStorm.
 * User: user1
 * Date: 10-Jul-15
 * Time: 9:19 PM
 */

mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("votingsystem") or die(mysql_error());

if(isset($_POST['Upload']))
{
    $file = $_FILES['image']['tmp_name'];

    if(!isset($file))
    {
        echo "Please select an image.";
    }

    else
    {
        $image = addslashes(file_get_contents($_FILES['image']['tmp_name']));
        $image_name = addslashes($_FILES['image']['name']);
        $image_size = getimagesize($_FILES['image']['tmp_name']);

        if($image_size == FALSE)
        {
            echo "That's not an image";
        }

        else
        {
            $insert = mysql_query("INSERT INTO photo VALUES ('', '999', '$image_name', '$image')");

            if(!$insert)
            {
                echo "Problem uploading image!";
            }

            else
            mysql_query($insert) or die(mysql_error());
        }

    }
}

?>

<!DOCTYPE HTML>
<html>

    <head>
        <title>Image Upload</title>
    </head>

    <link rel="stylesheet" type="text/css" href="image.css">

    <body>

        <form action="image.php" method = "post" enctype="multipart/form-data">

            <input type = "file" name = "image">
            </br>
            <input type = "submit" value = "Upload">

        </form>

    </body>

</html>
Ali Zubair
  • 25
  • 3
  • 9
  • you are vulnerable to [sql injection attacks](http://bobby-tables.com) (`addslashes()` is **NOT** a defense), and storing the `tmp_name` is pointless. it exists only for the life of the script, and then PHP auto-deletes the temporary file. plus, checking for filenames is NOT proper upload validation. there's a `['error']` parameter in $_FILES for a reason. – Marc B Jul 10 '15 at 17:15
  • possible duplicate of [Images in MySQL](http://stackoverflow.com/questions/1665730/images-in-mysql) – Nitsew Jul 10 '15 at 17:15
  • another thing is that after running this php file, i cannot run other php files as well. They all keep showing "waiting for localhost" and nothing loads on the screen for them as well. – Ali Zubair Jul 10 '15 at 17:19

2 Answers2

1

Is there a specific reason to try to save the whole image into database? I would suggest to consider saving the image as file on the server, while keeping only the filename in the database.

The reasons for this are numerous, the most important one being big saving in database size and untouched performance.

In contrast, saving the whole file inside the database table would probably mean huge database size and consequently bring about a significant drop in performance.

So, if you decide to follow this proposed approach, the flow in your PHP code might be:

  1. Get the uploaded image
  2. Check/validate it
  3. Move it to your destination folder (it is strongly advised to use the move_uploaded_file() function for this due to improved security). The destination folder should be visible by the browser, i.e. is under your web root.
  4. Update your database table with the filename and relative path to the newly stored image.

Maybe this quick article would aid you: http://davidwalsh.name/basic-file-uploading-php (I'm not the author).

Hope this helps.

mv1
  • 558
  • 4
  • 8
0

http://www.phpro.org/tutorials/Storing-Images-in-MySQL-with-PHP.html as @Marc B said doesn't have any sense to use addslashes() more if you are calling the PHP variable $_FILES.

Néstor
  • 570
  • 2
  • 8
  • 22