How to upload and insert multiple images in PHP and mysql database

Question

I am a beginner in PHP. I encoded some images in a base64String. All images are successfully decoding in the specified folder. My problem is am only able to record one image/path in the database. Somebody help me to come up with the PHP to insert all images paths in one row in the database.

here is the php code

 <?PHP
if(isset($_POST['image']))
{
$image = $_POST['image'];
$identity = $_POST['id'];
$username = $_POST['username'];

//create unique image file name based on micro time and date
$now = DateTime::createFromFormat('U.u', microtime(true));
$id = rand(1000000, 10000000000);
$id2=rand(1000000, 10000000000);

$upload_folder = "upload";
$id="$id$id2";
$path = "$upload_folder/$id.jpeg";

if(file_put_contents($path, base64_decode($image)) != false){
    echo "uploaded_success";

   $sql = "UPDATE apartment SET Image_path = '$path' WHERE apart_username 
  ='$username' AND id = '$identity'";

   mysqli_query($conn, $sql);   

}
else{
    echo "uploaded_failed";
}    
exit;
}
else{
echo "images_not_in";
exit;

} ?>

[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, Jun 19 '17 at 16:05
I know about the prepared statements. Am using this code for personal trials. am stuck. Please help if you can. — KingAndy, Jun 19 '17 at 16:22
If you don't have time to do it right the first time, when will you find the time to add it later? I hate when people say *"I'm not that far along..."* or *"This site will not be public..."* or *"It's only for school, so security doesn't matter..."*. If teachers and professors are not talking about security from day one, they're doing it wrong. Challenge them. They're teaching sloppy and dangerous coding practices which students will have to unlearn later. I also hate it when folks say, *"I'll add security later..."* or *"Security isn't important now..."* or *"Ignore the security risk..."*. — Jay Blanchard, Jun 19 '17 at 16:24

Usman Shahid · Answer 1 · 2017-06-19T16:32:43.040

You need some sort of loop...all I did in the example below was instead of making a single variable called image I made a array called $imagesArr. And I added a foreach loop on the imagesArr so it will run the code you wrote for each image you input into that array. I also killed the exit at the end as that would stop the loop. That should work

 <?PHP
if(isset($_POST['image']))
{
//$image = $_POST['image']; - I commented this out
$imagesArr = array('image1.jpeg','image2.jpeg','image3.jpeg'); //etc. put all of your images here into this array    
$identity = $_POST['id'];
$username = $_POST['username'];
foreach ($imagesArr as $key => $image) {
//create unique image file name based on micro time and date
$now = DateTime::createFromFormat('U.u', microtime(true));
$id = rand(1000000, 10000000000);
$id2=rand(1000000, 10000000000);

$upload_folder = "upload";
$id="$id$id2";
$path = "$upload_folder/$id.jpeg";

if(file_put_contents($path, base64_decode($image)) != false){
    echo "uploaded_success";

   $sql = "UPDATE apartment SET Image_path = '$path' WHERE apart_username 
  ='$username' AND id = '$identity'";

   mysqli_query($conn, $sql);   

}
else{
    echo "uploaded_failed";
}    
}
else{
echo "images_not_in";
}
}

The images are coming from Android and i want to insert all their paths in one row in the database. — KingAndy, Jun 19 '17 at 16:35
How you architect your database is totally up to you (I would personally make each image its own row)...you still would need a foreach loop to make the images, but you could put them all in one row if you wanted to...what part are you getting stuck on? Posting the images to an array? — Usman Shahid, Jun 19 '17 at 16:43

How to upload and insert multiple images in PHP and mysql database

1 Answers1