0

I am creating a real estate web application and now creating a form which i will allow the editor to input data concerning a certain property , among of those inputs is images, but i do not know how to input multiple values in one column in the database. Here are my codes.

if(!empty($_FILES)){
    $photo1 = $_FILES['photo1'];
    $photo2 = $_FILES['photo2'];
    $photo3 = $_FILES['photo3'];
    $photo4 = $_FILES['photo4'];
    $photo5 = $_FILES['photo5'];
    $photo6 = $_FILES['photo6'];
    $photo7 = $_FILES['photo7'];
    $photo = [$photo1,$photo2,$photo3,$photo4,$photo5,$photo6,$photo7];
    foreach ($photo as $photos) {
        $name = $photos['name'];
        $nameArray = explode('.',$name);
        $filename = $nameArray[0];
        $fileEXT = $nameArray[1];
        $mime = explode('/', $photos['type']);
        $mimeType = $mime[0];
        $mimeEXT = $mime[1];
        $temploc = $photos['tmp_name'];
        $filesize = $photos['size'];
        $allowed = array('png','jpg','jpeg','gif',);
        $uploadname = md5(microtime()).'.'.$fileEXT;
        $uploadpath = LINKURL.'/imgs/photos/'.$uploadname;
        $dbpath = '/realeastate/imgs/photos/'.$uploadname;
        if($mimeType != 'image'){
            $errors[]= 'File must be an image';
        }
        if(!in_array(strtolower($fileEXT), $allowed)){
            $errors[]= 'The photo extension must be jpg,png,jpeg or gif.';
        }
        if($filesize > 25000000){
           $errors[]= 'The file size must be less than 25MB.';
        }
        if(strtolower($fileEXT) != $mimeEXT && $mimeEXT == 'jpeg' && strtolower($fileEXT) != 'jpg' ){
            $errors[]= 'File extension does not match the file.';
        }

        if(!empty($errors)){
            echo show_errors($errors);
      } else {
            //upload file and insert into database
            if (!empty($_FILES)) {
                move_uploaded_file($temploc,$uploadpath);
            }
            if(isset($_GET['edit'])){
                $db->query("UPDATE property SET taken ='$taken' WHERE id ='$edit_id'");
            }else{ 
                $db->query("INSERT INTO property (category,status,purpose,cover,images,city,place,price,payment,garage,wideness,visit,takenhome,hospital,school,market,bank,church,mosque,government,datetostart,floor) VALUES ('$category','$status','$purpose','$dbpath','$city','$place','$price','$payment','$garage','$wide','$dprice','$adprice','$hospital','$school','$church','$mosque','$government','$opendate','$floor')");
            }

        }

    }

    $_SESSION['success'] = 'Property  Added successful';
    header('Location: house.php');

 }
Henry Bukuru
  • 11
  • 5
  • 6
    NNnnnooooooooooo! Dont do it – RiggsFolly Apr 26 '18 at 16:56
  • 1
    Recommended reading: https://stackoverflow.com/questions/3653462/is-storing-a-delimited-list-in-a-database-column-really-that-bad – Don't Panic Apr 26 '18 at 16:56
  • 2
    Or just spend an hour or 2 reading a few Database design for beginners tutorials – RiggsFolly Apr 26 '18 at 16:56
  • 1
    And if you also research bound and prepared queries you wont be open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's – RiggsFolly Apr 26 '18 at 17:00
  • @RiggsFolly , i have edited, i need to know can i can input multiple images in one column – Henry Bukuru Apr 26 '18 at 17:22
  • 2
    @RiggsFolly is right. You can't find much online help on how to do this, because it runs contrary to the way SQL works. Read up on database normalization., – O. Jones Apr 26 '18 at 17:23
  • 1
    Either store data properly or don't bother with a relational database – Strawberry Apr 26 '18 at 19:36

0 Answers0