-2
<body>
<form action="#" enctype="multipart/form-data" method="post">
<input multiple="" name="img[]" type="file" />
<input name="submit" type="submit" />
</form>
<?php
    mmysql_connect("localhost","root","");
    mysql_select_db("multiple");
    if(isset($_POST['submit'])){
        $filename = $_FILES['img']['name']);
        $tmpname = $_FILES['img']['tmp_name']
        $filetype = $_FILES['img']['type'];
        for($i=0; $i<=count($tmpname)-1; $i++){
            $name =addslashes(filename[$i]);
            $tmp = addslashes(file_get_contents($tmpname[$i]));
            mysql_query("INSERT into img(name,image) values('$name','$tmp')");
            echo "uploaded";
        }
    }
?>
</body>
</html>

I am trying to upload a simple image to my database So I can work on this user hosted site. So far nothing has worked. I'm dyin here. I've looked through so many tutorials.

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Crappy Flashes
  • 1
  • 1
  • You appear to have a stutter `mmysql_connect("localhost","root","");` – RiggsFolly Feb 17 '18 at 21:22
  • 3
    Every time you use [the `mysql_`](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) database extension in new code **[this happens](https://media.giphy.com/media/kg9t6wEQKV7u8/giphy.gif)** it is deprecated and has been for years and is gone for ever in PHP7. If you are just learning PHP, spend your energies learning the `PDO` or `mysqli` database extensions and prepared statements. [Start here](http://php.net/manual/en/book.pdo.php) – RiggsFolly Feb 17 '18 at 21:23
  • 2
    Your script is wide open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Feb 17 '18 at 21:24
  • Some sensible code indentation would be a good idea. It helps us read the code and more importantly it will help **you debug your code** [Take a quick look at a coding standard](http://www.php-fig.org/psr/psr-2/) for your own benefit. You may be asked to amend this code in a few weeks/months and you will thank me in the end. – RiggsFolly Feb 17 '18 at 21:24
  • 1
    This script does not upload file. Its just save files name to db -didn't check if its works-. Check this http://php.net/manual/en/features.file-upload.post-method.php – Mehmet SÖĞÜNMEZ Feb 17 '18 at 21:25

2 Answers2

0

From hitting an issue with file uploads before, it's much easier on the DB and your coding to upload your file to the server using 'move_uploaded_file()' and then provide a reference in your DB. In the above example, you are storing your file in a temporary folder ['tmp_name'], saving that file name, but then not transferring the file somewhere that won't delete it.

So for something generic to help:

        $fileName $_FILES['img']['name'];
        $fileType = $_FILES['img']['type'];
        $fileLocation = $_FILES['img']['tmp_name'];
        $newFileName = "newFileName.jpg";
        $img = "folder/".$newFileName;
move_uploaded_file($fileLocation, "../folder/".$newFileName);

The reason for this is that when you save to the 'tmp' folder (which you must for a bit), the file is also renamed to a seemingly random set of characters. So you need to get that file location, move it to the folder of your choice, and also name it something findable. Then you can save the $img path in your DB and call it from anywhere (with some modification). It will take some playing with, but this should help.

The Interloper
  • 150
  • 11
0

To upload an image to the database directly from an uploaded file, you need to upload the base64 encoded version of the image. And also make sure that the field type of the image in your database is actually blog or LongBlog.

Here is the code to do that 

$file = $_FILES['file'];
$filename = $file['name'];
$convert_to_base64 = base64_encode(file_get_contents($file['tmp_name']));
$base64_image = "data:image/jpeg;base64,".$convert_to_base64;
$query = mysqli_query($con, "INSERT INTO 'table'(image)VALUES('$base64_image')")
XKCD
  • 122
  • 1
  • 11