1

I am trying to save an image generated from html5 canvas into mysql database. I know how to insert the image in base64 format, but I learned that base64 will take 33% more storage space, so I want to save it as either as BLOB or as file, but I'm having trouble with these two methods. I am receiving the base64 string from an ajax method from another page, and use $_POST["image"] to get it. my first attempt is to save the image as blob:

    $data = $_POST["image"];
    $data = str_replace('data:image/png;base64,', '', $data);
    $data = str_replace(' ','+',$data);

    $data = base64_decode($data);
    $sql=mysql_query("INSERT INTO capimages(image)VALUES('$data')");

but if I open the table nothing really got inserted.

For saving it as a file path, I don't quite understand how file_put_content or imagepng can save the file in the database, because there is no sql query with insert statement. I tried the following code, but after executing it I cannot find anything in my table: 

 define('upload_dir', 'images/');
    $img = $_POST["image"];
    $img = str_replace('data:image/png;base64,', '', $img);
    $img = str_replace(' ', '+', $img);
    $data = base64_decode($img);
    $file = uploaddir . uniqid() . '.png';
    $success = file_put_contents($file, $data);

Can someone show me how to save it to the table either as a BLOB or as a file path after I receive the image in base64 format? Also, does it really matter than base64 format will take 33% more storage space if i'm not expecting a lot of volume for my website?

gravition
  • 113
  • 1
  • 3
  • 13
  • **WARNING**: If you're just learning PHP, please, do not use the [`mysql_query`](http://php.net/manual/en/function.mysql-query.php) interface. It’s so awful and dangerous that it was removed in PHP 7. A replacement like [PDO is not hard to learn](http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/) and a guide like [PHP The Right Way](http://www.phptherightway.com/) explains best practices. Your user data is **not** [properly escaped](http://bobby-tables.com/php.html) and there are [SQL injection bugs](http://bobby-tables.com/) and can be exploited. – tadman May 18 '17 at 00:33
  • 1
    Pro Tip: Don't save images in your database. They're extremely inconvenient for your server to deliver to the client, there's so many layers of encoding and decoding necessary to get them from the database table to the socket, and they often bloat your database to the point where it becomes extremely painful to backup and restore. Do store them on a filesystem or object-store like Riak or [Amazon S3](https://aws.amazon.com/s3/) and store a file path or URL instead. – tadman May 18 '17 at 00:35
  • I **STRONGLY** suggest you take a look at my answer over here: http://stackoverflow.com/questions/38509334/full-secure-image-upload-script/38712921#38712921 Remember that your visitors have full control over the request headers. They can upload some very bad stuff to your server if you don't do something about your security. The answer over there will walk you through it step by step. – icecub May 18 '17 at 00:40
  • Hi I looked at your answers, it seems to me that it uses a form to upload image, but in my project the image is generated from a html5 canvas and passed by ajax, so how do you use $_FILES['image']['name'] when everything you get from the post method is the string in base64 format? – gravition May 18 '17 at 03:26

1 Answers1

3

In general you don't want to store images in a relational database.

But as you want.

here's the code to store a blob using MySQLi(mysqli manual):

first: Create a table to store your images.

CREATE TABLE `test` (
  `id` int(11) NOT NULL,
  `content` blob NOT NULL
)

then:

<?php
$host = 'localhost';
$user = 'root';
$pass = 'root';
$db_name = 'test';

$base64_data = $_POST['base64_data'];

$link = mysqli_connect($host, $user, $pass, $db_name);

$stmt = mysqli_prepare($link, "INSERT INTO test (id, content) VALUES (?, ?)");

$stmt->bind_param('ib', $id, $content);

$id = 1;

$content = null;

//$base64_data = base64_decode(base64_encode(file_get_contents('3413983627135443.jpg')));
//$stmt->send_long_data(1, $base64_data);
$stmt->send_long_data(1, base64_decode($base64_data));

mysqli_stmt_execute($stmt);
printf("%d Row inserted.\n", mysqli_stmt_affected_rows($stmt));
mysqli_stmt_close($stmt);

Do not use the MySQL (Original)Extensions : intro.mysql

Lycho
  • 89
  • 5