how to search for a file and display it

Question

I am trying to retrieve a file uploaded to a folder with the filepath stored in the database with a form. Below is the code sample and folder structure

data insertion query

<?php
include('config.php');

if(isset($_POST['upload'])){

    $fileExistsFlag = 0; 
    $fileName = $_FILES['Filename']['name'];
    
    /* 
    *   Checking whether the file already exists in the destination folder 
    */
    $query = "SELECT filename FROM filedetails WHERE filename='$fileName'"; 
    $result = $conn->query($query) or die("Error : ".mysqli_error($conn));
    while($row = mysqli_fetch_array($result)) {
        if($row['filename'] == $fileName) {
            $fileExistsFlag = 1;
        }       
    }
    /*
    *   If file is not present in the destination folder
    */
    if($fileExistsFlag == 0) { 
        $target = "files/";     
        $fileTarget = $target.$fileName;    
        $tempFileName = $_FILES["Filename"]["tmp_name"];
        $fileDescription = $_POST['Description'];   
        $result = move_uploaded_file($tempFileName,$fileTarget);
        /*
        *   If file was successfully uploaded in the destination folder
        */
        if($result) { 
            echo "Your file <html><b><i>".$fileName."</i></b></html> has been successfully uploaded";       
            $query = "INSERT INTO filedetails(filepath,filename,description) VALUES ('$fileTarget','$fileName','$fileDescription')";
            $conn->query($query);           
        }
        else {          
            echo "Sorry !!! There was an error in uploading your file";         
        }
        mysqli_close($conn);
    }
    /*
    *   If file is already present in the destination folder
    */
    else {
        echo "File <html><b><i>".$fileName."</i></b></html> already exists in your folder. Please rename the file and try again.";
        mysqli_close($conn);
    }   

}

?>

how do i retrieve the file and display it using the form

Your script is open to [SQL Injection Attack](http://stackoverflow.com/questions/60174). Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187) You should alway use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's instead of concatenating user provided values into the query. Never trust ANY user input! — RiggsFolly, Jan 21 '21 at 13:53
You have not really told us whatthe problem is! Display the file where? — RiggsFolly, Jan 21 '21 at 13:56
Retrieve and... do what? Where is the code for the form submission handling? What is supposed to be entered in that form (from the image seems like it's the id, but that can't be good for the user). — El_Vanja, Jan 21 '21 at 14:01
The image depicting a form input field & button... is that what you hope to use to `find & display` whatever matching files? It suggests using an `id` as input - is that correct? — Professor Abronsius, Jan 21 '21 at 14:01
It is a very bad idea to use `die(mysqli_error($conn));` in your code, because it could potentially leak sensitive information. See this post for more explanation: [mysqli or die, does it have to die?](https://stackoverflow.com/a/15320411/1839439) — Dharman, Jan 21 '21 at 14:02

score 1 · Answer 1 · answered Jan 21 '21 at 13:56

1

As I understood you want to display image, so you should query database to find image path (for my example image path will be at variable $file), then display it using

<img src = "<?php echo $file; ?>">

Or use

<img src = "<?= $file ?>">

answered Jan 21 '21 at 13:56

Vadim

170
11

you can see in the screenshot that there is a `.pdf` file in the table... – Professor Abronsius Jan 21 '21 at 14:00
First two is images and you didn't said what file to show, you cant display pdf, you can make download of that file – Vadim Jan 21 '21 at 14:01
you are right - I didn't say what file to show – Professor Abronsius Jan 21 '21 at 14:04

score 0 · Answer 2 · answered Jan 21 '21 at 14:34

here is a working example I made myself

For the connectiion.php

<?php
$server_name="localhost";
$mysql_username="root";
$mysql_password="";
$db_isim="deneme1";
$conn= mysqli_connect($server_name,$mysql_username,$mysql_password,$db_isim);
$conn->set_charset("utf8");

if ($conn)
{
    echo "bağlantı var"."<br>";
}
else
{
    echo " bağlantı yok"."<br>";

}
?>

U can change the paraneters

And here is the code for image display All tested and working

<!DOCTYPE html>
<html lang="en">
<head>
  <title>formdan listeleme</title>
</head>
<body>


 
<form action="ekle1.php" method="post" enctype="multipart/form-data">
  <fieldset>
    <legend>Araba tablosuna Yeni kayıt ekle</legend>
        <label>Marka</label> 
          <label style="margin-left:50px">Model</label><br>
    <select name="markalar">
      <option value="marka1">marka1</option>
      <option value="marka2">marka2</option>
      <option value="marka3">marka3</option>
      <option value="marka4">marka4</option>
      <option value="marka5">marka5</option>
    </select>
       
     <select  style="margin-left:25px" name="modeller">
      <option value="model1">model1</option>
      <option value="model2">model2</option>
      <option value="model3">model3</option>
      <option value="model4">model4</option>
      <option value="model5">model5</option>
    </select><br><br>
    <label for="Satici">Satici No:</label><br>
  <input type="text" id="satici" name="satici"><br><br>
   <textarea name="content" rows="10" cols="50">Lütfen satılık araba ile ilgili açıklamayı buraya yazınız</textarea>
  <br><br>
        <label for="fiyat">Fiyatı:</label><br>
  <input type="number" id="fiyat" name="fiyat"><br><br>
  
  <label for="res1">İlk resim:</label><br>
  <input type="file" id="res1" name="res1"><br><br>
    <label for="res2">İkinci resim:</label><br>
  <input type="file" id="res2" name="res2"><br><br>
  <label for="vid">Video:</label><br>
  <input type="file" id="vid" name="vid"><br><br>
  
  <!-- buraya tarih yerine otomatik tarih alma yap -->
   <label for="tarih">Tarih:</label>
  <input type="datetime-local" id="tarih" name="tarih"><br><br>
    <button type="submit"  name="ekle">Kayıt ekle</button>
     <input type="reset" style="margin-left:50px">
  </fieldset>
</form>

<!--
<form action="/action_page.php">
  <input list="browsers">
  <datalist id="browsers">
    <option value="Internet Explorer">
    <option value="Firefox">
    <option value="Chrome">
    <option value="Opera">
    <option value="Safari">
  </datalist>
</form>
-->
<?php
require "baglan.php";

$marka=$_POST["markalar"];
echo $marka."<br>";
$model=$_POST["modeller"];
echo $model."<br>";
$satici=$_POST["satici"];
echo $satici."<br>";
$icerik=$_POST["content"];
echo $icerik."<br>";
$fiyat=$_POST["fiyat"];
echo $fiyat."<br>";
$tarih=$_POST["tarih"];
echo $tarih."<br>";
echo "<pre>";
print_r($_FILES);
echo "</pre>";


 $isim1 = $_FILES['res1']['name'];
 $isim2 = $_FILES['res2']['name'];
$isim3   = $_FILES['vid']['name']; 
$hedef_dizin="";
$hedef_dosya1= $hedef_dizin . basename($isim1);
$hedef_dosya2= $hedef_dizin . basename($isim2);
$hedef_dosya3= $hedef_dizin . basename($isim3);



  
//bu sayfa bir veritabanına veri eklemektedir.

 

    $sorgu= "INSERT INTO `araclar` (`Marka`, `Model`, `Satan`, `Content`, `Fiyat`, `Res1`, `Res2`, `Vide`, `Tarih`) VALUES ('ford', 'focus', '2', 'bu da başka bir araba', '55000','".$isim1."', '".$isim2."','".$isim3."', '2020-10-21 18:12:000');";
    
    $sonuc= mysqli_query($conn,$sorgu);
     move_uploaded_file($_FILES['res1']['tmp_name'],$hedef_dizin.$hedef_dosya1);
     move_uploaded_file($_FILES['res2']['tmp_name'],$hedef_dizin.$hedef_dosya2);
     move_uploaded_file($_FILES['vid']['tmp_name'],$hedef_dizin.$hedef_dosya3);
    
    

$sql = "select res1, res2, vide from araclar where id=$conn->insert_id;";
$sonuc = mysqli_query($conn,$sql);
$row = mysqli_fetch_array($sonuc);

echo "<pre>";
print_r($row);
echo "</pre>";

$image1 = $row['res1'];
$image_src1 = " ".$image1;
$image2 = $row['res2'];
$image_src2 = " ".$image2;
$image3 = $row['vide'];
$image_src3 = " ".$image3;
?>
<img src='<?php echo $image_src1;  ?>' ><br><br>
<img src='<?php echo $image_src2;  ?>' ><br><br>
<img src='<?php echo $image_src3;  ?>' ><br><br>
    <?php
    
    echo "kayıt eklendi" ; 

    //$sonuc->free();
?>
 
</body>
</html>

I made this as an example in a class so sorry for the fast and lame coding If you paste this code to an editor starting from first line

lines 10-50 are for a form to give values for the new record

What you are looking for starts from line 108

there are 3 fields with the names res1 res 2 and vide

Print_r lines are for students to show them what is actualy inside the arrays

and lines 116 to 125 displays the pictures

any further questions are wellcome

how to search for a file and display it

2 Answers2