Upload image in MySQL database

Question

I am using this script trying to upload an image in my database together with my form. The problem is that when i include $cover in my query, $insert's value is false. Can anyone tell me what I'm doing wrong?

    <?php
    session_start();
    $con = mysqli_connect("localhost", "root", "", "testdb") or die("Error " . mysqli_error($con));

    $title = "";
    $year = "";
    $director = "";
    $genre = "";
    $duration = "";
    $description = "";
    $name = "";

    $error = false;

    //check if form is submitted
    if (isset($_POST['addmovie'])) {
        $title = mysqli_real_escape_string($con, $_POST['title']);
        $year = mysqli_real_escape_string($con, $_POST['year']);
        $director = mysqli_real_escape_string($con, $_POST['director']);
        $genre = mysqli_real_escape_string($con, $_POST['genre']);
        $duration = mysqli_real_escape_string($con, $_POST['duration']);
        $description = mysqli_real_escape_string($con, $_POST['description']);
        $file =  mysqli_real_escape_string($con, $_FILES['cover']['tmp_name']);

    //name can contain only alpha characters and space
    if (!preg_match("/^[a-zA-Z ]+$/",$title)) {
        $error = true;
        $title_error = "Name input must contain only alphabets and space";
    }
    if (!preg_match('/^[0-9]+$/',$year)) {
        $error = true;
        $year_error = "Year input must be only numbers";
    }
    if (!preg_match("/^[a-zA-Z ]+$/",$director)) {
        $error = true;
        $director_error = "Director input must contain only alphabets and space";
    }
    if(!preg_match("/^[a-zA-Z ]+$/",$genre)) {
        $error = true;
        $genre_error = "Genre input must contain only alphabets";
    }
    if(!preg_match('/^[0-9]+$/',$duration)) {
        $error = true;
        $duration_error = "Duration input must be only numbers";
    }
    if(!preg_match("/^[a-zA-Z ]+$/",$description)) {
        $error = true;
        $description_error = "Description input must be only letter and numbers";
    } 

    if(!isset($file)) {
        $error = true;
        $cover_error = "Please select an image";
    }else{
        $cover = file_get_contents($_FILES['cover']['tmp_name']);
        $cover_name = $_FILES['cover']['name'];
        $cover_size = getimagesize($_FILES['cover']['tmp_name']);

        if($cover_size == false){
            $error = true;
            $cover_error = "that's not an image";
        }
    }

    if (!$error) {
        if($insert = mysqli_query($con,"INSERT INTO movies(title,d,director,genre,duration,description,cover,cover_name) VALUES('$title','$year','$director','$genre','$duration','$description','$cover','$cover_name')")) {
            $successmsg = "Movie ".$title." scuccesfully uploaded!";
        } else {
            $errormsg = "Cannot upload image!";
        }
    }
}

?>

Save Files Into Disk and Save file path,other info... into mysql ! — Mahmoud.Eskandari, Jun 23 '16 at 20:38
echo the `insert` query, may be there are some content '$cover` which break the query. To skip it, use addslashes() or such type of functionality — Dipanwita Kundu, Jun 24 '16 at 08:02

score 0 · Answer 1 · edited May 23 '17 at 12:33

If you really want to store the image directly in the mysql db, then this post should help you: How to upload images into MySQL database using PHP code

But it's easier in general instead to upload the image to your ftp server, probably create a folder called images or uploads, then you store the file name in the sql db. Then when you fetch the file name you can just load the correct image from the image folder.

Here's another post that might help you: Upload image to server and store image path in mysql database

Basically you do this:

$file_path = "uploads/";

$file_path = $file_path . basename( $_FILES['uploaded_file']['name']);
if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $file_path)) {
     // replace $host,$username,$password,$dbname with real info
     $link=mysqli_connect($host,$username,$password,$dbname);
     mysqli_query($link,"INSERT INTO `files` (filename,path) VALUES ('".$_FILES['uploaded_file']['tmp_name']."','".$file_path."')") or trigger_error($link->error."[ $sql]");
     mysqli_close($link);
}

This is a common approach, but you can store images in the db directly. — john elemans, Jun 23 '16 at 20:39

score 0 · Answer 2 · answered Jun 23 '16 at 20:43

0

Convert the file to a character format after loading it like this;

  $cover = base64_encode($cover);

before the insert. You should also use binding in the sql statement.

answered Jun 23 '16 at 20:43

john elemans

2,578
2
15
26

score 0 · Answer 3 · answered Jun 23 '16 at 20:44

You should not upload images directly into your database. Cause this will make your database larger and your will response slowly. You can upload your images in a separate directory and store the directory into database. This is the efficient way to archive your goal. By the way you can do this but you should select the field as binary. This field will store binary data.

score 0 · Answer 4 · answered Jun 23 '16 at 20:46

0

Instead of using mysqli extension, I suggest you use PDO and PDO::PARAM_LOB - a simple example can be found here: http://php.net/manual/en/pdo.lobs.php#example-1021

answered Jun 23 '16 at 20:46

Небојша Камбер

678
5
15

Upload image in MySQL database

4 Answers4