0

I am trying to debug this issue, as I cannot find a solution as to why my images will not upload into my SQL table. The echo script to display the image works, but the images won't submit to the database.

<?php

$con=mysqli_connect($mysqlurl,$mysqluser,$mysqlpass);
mysqli_select_db($con, "andrew_history");

if ($con->connect_error) {
    die("Connection failed: " . $con->connect_error);
} 
echo "Connected successfully";

$LastName=$_POST['LastName'];
$FirstName=$_POST['FirstName'];
$Press=$_POST['Press'];
$Description = $_POST['Description'];
$submit=$_POST['submit'];
$Title = $_POST['Title'];

$Author = $Press = $Description = $Title = $LastName= $FirstName= "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
  $LastName = test_input($_POST["LastName"]);
  $FirstName = test_input($_POST["FirstName"]);
  $Year = test_input($_POST["Year"]);
  $Press = test_input($_POST["Press"]);
  $Description = test_input($_POST["Description"]);
  $Title = test_input($_POST["Title"]);
}

function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}

$LastNameErr = $FirstNameErr = $PressErr = $DescriptionErr = $TitleErr = "";
$LastName = $FirstName = $Press = $Description = $Title  = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
  if (empty($_POST["LastName"])) {
    $LastNameErr = "*Last Name is required";
  } else {
    $LastName = test_input($_POST["LastName"]);
  }


  if (empty($_POST["FirstName"])) {
    $FirstNameErr = "*First Name is required";
  } else {
    $FirstName = test_input($_POST["FirstName"]);
  }

  if (empty($_POST["Press"])) {
    $PressErr = "*Press is required";
  } else {
    $Press = test_input($_POST["Press"]);
  }

  if (empty($_POST["Description"])) {
    $DescriptionErr = "*Description is required";
  } else {
    $Description = test_input($_POST["Description"]);
  }

  if (empty($_POST["Title"])) {
    $TitleErr = "*Title is required";
  } else {
    $Title = test_input($_POST["Title"]);
  }

}

if(isset($_POST['submit']))
            {
                if(getimagesize($_FILES['image']['tmp_name']) == FALSE)
                {
                    echo "Please select an image.";
                }
                else
                {
                    $image= addslashes($_FILES['image']['tmp_name']);
                    $name= addslashes($_FILES['image']['name']);
                    $image= file_get_contents($image);
                    $image= base64_encode($image);
                    saveimage($name,$image);
                }
            }
            displayimage();
            function saveimage($name,$image)
            {
                $con=mysqli_connect();
                mysqli_select_db($con,"andrew_history");

                $result=mysqli_query($con,"INSERT into historytable (name,image) values ('$name','$image')");
                if($result)
                {
                    echo "<br/>Image uploaded.";
                }
                else
                {
                    echo "<br/>Image not uploaded.";
                }
            }
            function displayimage()
            {
                $con=mysqli_connect();
                mysqli_select_db($con, "andrew_history");

                $result=mysqli_query($con,"SELECT * FROM historytable ORDER BY id DESC");

                while($rows = mysqli_fetch_array($result))
                {
                    echo '<img height="300" width="300" src="data:image;base64,'.$row[2].' "> ';
                }

            }




if($submit)
{
    if($LastName&&$FirstName&&$Year&&$Press&&$Description&&$Title)
    {
        $insert=mysqli_query($con, "INSERT INTO historytable (FirstName,LastName,Year,Press,Description,Title) VALUES ('$LastName','$FirstName','$Year','$Press', '$Description', '$Title') ");
        echo "<meta HTTP-EQUIV='REFRESH' content='0; url=history.php'>";
    }
}




?>

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>History</title>
<style>
.error{
    color: red;
}


</style>
</head>
<center>
<body>

<form action="display.php" method="POST" enctype="multipart/form-data">
   <table>

    <tr>
        <td>Last Name: 
            <input type="text" id="LastName" name="LastName"/>
            <span class="error"> <?php echo $LastNameErr;?></span>
        <br><br>
        </td>
    </tr>

    <tr>
        <td>First Name: 
            <input type="text" id="FirstName" name="FirstName"/>
            <span class="error"> <?php echo $FirstNameErr;?></span>
        <br><br>
        </td>
    </tr>

    <tr>
        <td>Year: <select name="Year"> 
            <?php
                $starting_year  =date('Y', strtotime('-100 year'));
                $ending_year = date('Y', strtotime('+1 year'));
                $current_year = date('Y');
                    for($starting_year; $starting_year <= $ending_year;    $starting_year++) {
                        echo '<option value="'.$starting_year.'"';
                            if( $starting_year ==  $current_year ) {
                                echo ' selected="selected"';
                            }
                        echo ' >'.$starting_year.'</option>';
                    }               
                 echo '<select>';?>

            <span class="error"> <?php echo $YearErr;?></span>
            <br><br>
            </td>
        </tr>

        <tr>
            <td>Press: 
                <input type="text" id="Press" name="Press"/>
                <span class="error"> <?php echo $PressErr;?></span>
            <br><br>
            </td>
        </tr>

        <tr>
            <td>Title: 
                <input type="text" id="Title" name="Title"/>
                <span class="error"> <?php echo $TitleErr;?></span>
            <br><br>
            </td>
        </tr>

        <tr>
            <td colspan="2">Description: 
            </td>
        </tr>

        <tr>
            <td colspan="5">
                <textarea name="Description" rows="10" cols="50"></textarea>
                <span class="error"> <?php echo $DescriptionErr;?></span>
        <br><br>
            </td>
        </tr>



            Select image to upload:
            <input type="file" name="image" id="image"><span class="error">    </span>
            <br>
            <tr>
                <td colspan="2">
                    <input type="submit" name="submit" value="Submit">

            <br><br>
                </td>
            </tr>
        </form>

   </table>




 </center>
</body>
</html>
Alexander
  • 155
  • 13
AndrewSwanson94
  • 15
  • 6
  • but do consider this: http://stackoverflow.com/a/38829952/267540 – e4c5 Aug 09 '16 at 18:27
  • delete the password out of this post asap – Alexander Aug 09 '16 at 18:27
  • wow can't believe i missed that thanks – AndrewSwanson94 Aug 09 '16 at 18:27
  • OK, i have a script written up that uploads the files to a directory, I will look into this more thoroughly right now, thank you. – AndrewSwanson94 Aug 09 '16 at 18:30
  • still multiple times in there mate – Alexander Aug 09 '16 at 18:30
  • forgot to approve, got it – AndrewSwanson94 Aug 09 '16 at 18:34
  • **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST` or `$_GET` data directly into a query, it can be very harmful if someone seeks to exploit your mistake. I don't know what `test_input` is, but it's probably wrong. – tadman Aug 09 '16 at 19:32

0 Answers0