0

I've spent most of my day working on this image uploader, after browsing and visitng many many threads and forums I've found several solutions to my problems however I am now at the point where if I try a different solution, something else breaks.

What I've got so far:

 <form action="create.php" method="post" enctype="multipart/form-data">

    Select File
    <input type="file" name="upload">

    <input type="submit" name="submit" value="Upload" />
    <input type="text" name="title" placeholder="Title" />
    <input type="text" name="description" placeholder="Description" />
    <input type="text" name="category" placeholder="Category" />

</form>
<?php
$conn = new PDO ("mysql:host=localhost;dbname=project;", "root", "0612733771Aa");

Full PHP is here, couldnt figure the formatting

https://pastebin.com/LGeuzLRH

The main error I'm getting is this: 

if (isset($_POST["submit"]) && isset($_FILES['upload'])) {
$image_size = getimagesize($_FILES['upload']['tmp_name']);
if ($image_size === FALSE) {
die("Unable to determine image type of uploaded file");
}

Warning: getimagesize(): Filename cannot be empty in C:\Apache24\htdocs\create.php on line 29 Unable to determine image type of uploaded file

Any help would be much appreciated!

Lara Croft
  • 80
  • 11
  • You haven't asked a question or described what's not working. Please see [**How do I ask a good question?**](https://stackoverflow.com/help/how-to-ask) and [**What topics can I ask about here?**](https://stackoverflow.com/help/on-topic). – Alex Howansky Apr 20 '17 at 18:18
  • Your code is vulnerable to [**SQL injection attacks**](https://en.wikipedia.org/wiki/SQL_injection). You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky Apr 20 '17 at 18:19
  • Nobody is going to write the whole thing for you. And paste what you have tried – Rotimi Apr 20 '17 at 18:19
  • Thanks for the heads up on SQL injection, will look into that further. Apologies for lack of clarity it's been a long day. – Lara Croft Apr 20 '17 at 19:11

1 Answers1

0

You need to call at the end of php file after all the image validations

if (move_uploaded_file($image, $any_custom_target_file_path)) {
        echo "The file has been uploaded.";
    } else {
        echo "Sorry, there was an error uploading your file.";
    }

After this you can save the $any_custom_target_file_path in the database. As once the script is executed, tmp file will get deleted so we need to save this to some location.

Agam Banga
  • 2,708
  • 1
  • 11
  • 18
  • Would I use something like dirname() to point the image to a storage location? – Lara Croft Apr 20 '17 at 19:16
  • It can be any directory with the file name appended, where do you want to store the image. Provide the absolute path. Please see the following post http://www.tutorialrepublic.com/php-tutorial/php-file-upload.php – Agam Banga Apr 20 '17 at 19:19
  • Thanks, looking now. However I still have an error which prevents me from testing this, I updated the question, I don't know whether or not you are able to help there as well. Thanks – Lara Croft Apr 20 '17 at 19:30
  • You can get the file size by ($_FILES["upload"]["size"] / 1024) – Agam Banga Apr 20 '17 at 19:35
  • Thanks for your help, I'm working on a solution now based upon your input, thanks! – Lara Croft Apr 20 '17 at 19:42