0

I'm building a store page for a website, and want to add images when i add new stock items to the database. I'm trying to upload the image to an images file soley for the stock images and then to save the path to the image as a string in a database. to then call on the string from the database in the store page to show the image using echo $row['''].

the script is saving the destination image path to the database no problem when testing but the image is not actually being moved from its tmp location to the destination.

I've attached the script below, if anyone can point me in the right direction i'd be very grateful ! 

<?php 
$iName=$_POST['Name'];
$iDesc=$_POST['Description'];
$iFinish=$_POST['Finish'];
$iBrand=$_POST['Branding'];
$iPSLref=$_POST['Reference'];
$iAvail=$_POST['Availability'];
$file=$_FILES['image'];


if(!isset($_POST['formSubmit']))
{
    // form accessed illegally 
    // header location 
    // exit 
    header("Location: ../../psl.index.php?page=manageItems&error=illegalAccess");
    exit();

}
else 
{ 
    if(!preg_match("/^[a-zA-Z0-9\s]*$/", $iName))
    {
        // error
        header("Location: ../../psl.index.php?page=manageItems&error=illegalName");
        exit();

    }
    else 
    {
        if(!preg_match("/^[a-zA-Z0-9\s]*$/", $iDesc))
        {
            // error
            header("Location: ../../psl.index.php?page=manageItems&error=illegalDesc");
            exit();

        }
        else 
        {
            if(!preg_match("/^[a-zA-Z0-9\s]*$/", $iFinish))
            {
                // error 
                header("Location: ../../psl.index.php?page=manageItems&error=illegalFinish");
                exit();

            }
            else 
            {
                if(!preg_match("/^[a-zA-Z0-9\s]*$/", $iBrand))
                {
                    // error
                    header("Location: ../../psl.index.php?page=manageItems&error=illegalBrand");
                    exit();

                }
                else 
                {
                    if(!preg_match("/^[a-zA-Z0-9\s]*$/", $iAvail))
                    {
                        // error
                        header("Location: ../../psl.index.php?page=manageItems&error=illegalAvail");
                        exit();

                    }
                    else 
                    {


                        $fileName=$_FILES['image']['name'];
                        $fileTmpName=$_FILES['image']['tmp_name'];
                        $fileSize=$_FILES['image']['size'];
                        $fileError=$_FILES['image']['error'];
                        $fileType=$_FILES['image']['type'];


                        $fileExt=explode('.', $fileName);
                        $fileActExt=strtolower(end($fileExt));
                        $allowed=array('jpg', 'jpeg', 'png');

                        if(!in_array($fileActExt, $allowed))
                        {
                            // error 
                            header("Location: ../../psl.index.php?page=manageItems&error=illegalExtention");
                            exit();


                        }
                        else 
                        {
                            if($fileError!==0)
                            {
                                // error
                                header("Location: ../../psl.index.php?page=manageItems&error=filesError");
                                exit();

                            }
                            else 
                            {
                                if($fileSize>5000000)
                                {
                                    // error 
                                    header("Location: ../../psl.index.php?page=manageItems&error=exceededLimit");
                                    exit();

                                }
                                else 
                                {
                                    $fileNameNew=uniqid('', true).'.'.$fileActExt;
                                    $fileDestination="inc/images/".$fileNameNew;

                                    include_once 'dbConn.script.php';
                                    $sql="INSERT INTO item_data_table (name, description, finish, brand, PSLcode, availability, image) VALUES (?,?,?,?,?,?,?)";
                                    $stmt=mysqli_stmt_init($conn);
                                    if(!mysqli_stmt_prepare($stmt, $sql))
                                    {
                                        //error
                                        header("Location: ../../psl.index.php?page=manageItems&error=sqlError01");
                                        exit();


                                    }
                                    else 
                                    {
                                        mysqli_stmt_bind_param($stmt, "sssssss", $iName, $iDesc, $iFinish, $iBrand, $iPSLref, $iAvail, $fileDestination);
                                        mysqli_stmt_execute($stmt);
                                        move_uploaded_file($fileTmpName, $fileDestination);
                                        header("Location: ../../psl.index.php?page=manageItems");
                                        exit();
                                    }


                                    mysqli_stmt_close($stmt);
                                    mysqli_close($conn);


                                }
                            }
                        }

                    }
                }
            }
        }
    }
}






?>
deluchie1991
  • 1
  • Does the file get uploaded successfully (`$fileError`)? What does `move_uploaded_file` return? See [PHP move_uploaded_file() error?](https://stackoverflow.com/questions/3501749/php-move-uploaded-file-error). – showdev Mar 24 '20 at 19:10
  • im getting no such directory errors with a rewritten script.``` – deluchie1991 Mar 24 '20 at 19:31
  • i've tried referring to the uploads, ../uploads and ../../uploads. as ../../psl.index.php is in the root folder for the site and the uploads folder is in the root folder. I have also tried an "inc/images/" directory and all permissions are set to read and write through windows. not sure about the 777 thing – deluchie1991 Mar 24 '20 at 19:33
  • Consider [using an absolute path](https://stackoverflow.com/a/10951485/924299). Also see [this troubleshooting checklist](https://stackoverflow.com/questions/36577020/php-failed-to-open-stream-no-such-file-or-directory/36577021#36577021). – showdev Mar 24 '20 at 19:49
  • working on through the checklist ill let you guys know how i get on thanks :) – deluchie1991 Mar 29 '20 at 13:45
  • Thanks guys, Using the SITE_ROOT method im now able to move the uploaded files ! Next issue is showing images in the browser based on the name that has been saved in the sql database. – deluchie1991 Mar 29 '20 at 16:31

0 Answers0