0

I have a working image upload that saves images to an upload directory. I'm now trying to insert the filepath along with an image name into my mysql database using PDO.

No errors are being thrown but the insertion into the database isn't working. The SQL statement seems to halt the program when its run as any echo after it will not output anything.

This is my input form:

<!DOCTYPE html>
<html>
<body>

<form action="views/imageupload/imageupload.php" method="post" enctype="multipart/form-data">
    <label>Image Tag: <input type="text" name="img_tag"></label>
    <input type="file" name="fileToUpload" id="fileToUpload">
    <input type="submit" value="Upload Image" name="submit">
</form>

</body>
</html>

And this is my php upload:

<?php
$target_dir = "uploads/";
$target_store_url = basename($_FILES["fileToUpload"]["name"]);
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);

if(isset($_POST["submit"])) {
    $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
    if($check !== false) {
        echo "File is an image -  " . $check["mime"] . ".";
        $uploadOk = 1;
    } else {
        echo "File is not an image.";
        $uploadOk = 0;
    }
}

$image_insert_tag = $_POST['img_tag'];
$image_insert_SQL = "INSERT INTO images VALUES ('','$image_insert_tag', $target_store_url)";
$insert_exec = $link->query($image_insert_SQL);

// Check if uploadOK = 0 because of an error
if ($uploadOk == 0) {
    echo "Sorry, your file was not uploaded.";

//Upload file - code
} else {
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {

        echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
    } else {
        echo "Sorry, there was an error uploading your file.";
    }
}

?>

For clarification, both of these files are in 'views/imageupload' and inside this directory is another directory called 'uploads' for storing the images. This is all accessed from an index page that includes this page when its clicked on in the nav bar.

I've been reading loads of other questions along these lines but I haven't managed to fix it yet. The reason I'm trying to do this is because I'm going to create another page that will be a gallery and display all the uploaded images. To do this I'll use a statement to pull all the image URL's and display them. I had thought about storing the images themselves in the database but was told that is advised against.

c.timothy
  • 97
  • 10
  • Either check the log for errors or turn on php error reporting. – Sloan Thrasher Apr 27 '17 at 16:24
  • Your code is vulnerable to [**SQL injection attacks**](https://en.wikipedia.org/wiki/SQL_injection). You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky Apr 27 '17 at 16:28
  • `$target_store_url` that's a string; you need to treat it as one. If you're wanting to insert as a BLOB, you need to escape it. – Funk Forty Niner Apr 27 '17 at 16:31
  • *"but was told that is advised against."* - [Storing Images in DB - Yea or Nay?](http://stackoverflow.com/q/3748/1415724) – Funk Forty Niner Apr 27 '17 at 16:38
  • @SloanThrasher - I have error reporting on (its included in my 'database_connect' file included through the index. – c.timothy Apr 27 '17 at 16:38
  • @Fred-ii- ooh okay thankyou. As far as the string thing goes, im trying to just store the URL of the image in string format in my database so I can pull it on another page and display the image – c.timothy Apr 27 '17 at 16:41
  • `('','$image_insert_tag', '$target_store_url')` then @c.timothy – Funk Forty Niner Apr 27 '17 at 16:42
  • @Fred-ii- I tried this but it didn't work **it no longer halts the file but just doesn't add anything to the db: $image_insert_tag = $_POST['img_tag']; $image_insert_SQL = "INSERT INTO images VALUES ('','$image_insert_tag', '$target_store_url')"; $insert_exec = $link->query($image_insert_SQL); – c.timothy Apr 27 '17 at 16:43
  • PHP's error reporting http://php.net/manual/en/function.error-reporting.php and `mysqli_error($link)` for the query; see what comes of it. – Funk Forty Niner Apr 27 '17 at 16:55

1 Answers1

0

You using my sql database with php PDO .in php PDO have some role to insert data into base you have to follow role.

// prepare sql and bind parameters
    $stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email)
VALUES (:firstname, :lastname, :email)");
$stmt->bindParam(':firstname', $firstname);
$stmt->bindParam(':lastname', $lastname);
$stmt->bindParam(':email', $email);

// insert a row
$firstname = "John";
$lastname = "Doe";
$email = "john@example.com";
$stmt->execute();

I hope if you try to insert like this it't will work properly.

For more help please see. https://php.net/manual/en/pdo.prepared-statements.php

MD.Mahedi hasan
  • 102
  • 1
  • 5