-1

I am currently attempting to upload images from my HTML form to a MySQL BLOB column.

Here is the current relevant code for my HTML code (input file type is just a placeholder, I will of course change it out to whatever it must be. These values are in table data form, but I condensed it down to be easier to read)

                    <form method="post" action="inspectionprocessing.php">
                    <input type="text" name ="unit" value="">
                    <input type="text" name ="notes" value="">
                    <input type="file" name ="media">   
                <input type="submit" value="Submit Inspections" name="submit">
                    </form>

Here is the code to insert into MySQL.

         //Establishing variables
     $unitNumber = $_POST["unit"];
     $unitNotes = $_POST ["notes"];
     $unitMedia = $_POST ["media"];

         // Create connection
     $con = mysqli_connect($host, $username, $password); 
     // Check connection
     if (!$con) {
     die("Connection failed: " . mysqli_connect_error());
                }
     echo ""; 
     
        //Query database
     $sql = "INSERT into inspect.building_1 (Unit, Notes, Media) values ('$unitNumber','$unitNotes', '$unitMedia')";
     $inspection = mysqli_query($con, $sql);

Here is the code to display information from the database

    $sql = "SELECT * FROM inspect.building_1 "; 
$apartments = mysqli_query($con, $sql); 
while($apartment = mysqli_fetch_assoc($apartments)){
    echo "<tr>";
    echo "<td>" . $apartment ["Unit"] . "</td>";
    echo "<td>" . $apartment ["Notes"] . "</td>";
    echo "<td>" . $apartment ["Media"] . "</td>";
    echo "<td>" . $apartment ["Date"] . "</td>";
    echo "<td>" . $apartment ["InspectionID"] . "</td>";

In sum, I m looking for HTML code to upload multiple images to a table under one InspectionID in the database. I need the database to store the images and display them on a separate page. I am totally open to a file path, but I will need all of the necessary code - I am very much a beginner here doing it all for the first time. Thank you so much for your help!

Images if you want to know what it looks like. UI to upload pictures Datbase Structure UI Display area

Note: Database connections and everything works, I only need help with images

Dharman
  • 30,962
  • 25
  • 85
  • 135
OleTunaCan
  • 9
  • 1
    Right off the bat I can see your form tag is missing `enctype="multipart/form-data"` which you'll need when you're uploading files – Kinglish Apr 28 '21 at 18:57
  • BTW your code is open to SQL injection because it's not using prepared statements or parameterized queries. See https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php for more info. – WOUNDEDStevenJones Apr 28 '21 at 19:12
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Apr 28 '21 at 19:18
  • _"but I will need all of the necessary code"_ - That's not really how this site works. We can help you sort out issues with your existing code, but we're not here to write it for you. The [manual](https://www.php.net/manual/en/features.file-upload.post-method.php) has a pretty good tutorial about handling uploads in PHP with proper explanations. I would recommend that you start there. – M. Eriksson Apr 28 '21 at 19:18

2 Answers2

1

You have to add enctype="multipart/form-data" to your form so your form can accept retrieving files and second you cannot retrieve data with the $_POST super global you have to use the $_FILES super global Here is the code

    <form class="forms-sample" method="POST" enctype="multipart/form-data"> 
          <div class="form-group">
              <label for="media">Media Image</label>
              <input type="file"  name="media">
          </div>
    </form>
    
    $unitMedia = $_FILES['media']['name'];
    $unitMedia_temp = $_FILES['media']['tmp_name'];


    move_uploaded_file($unitMedia_temp, "img/$unitMedia");

and if you want to insert your image to database you can use $unitMedia to insert it That is all what i have to say And I wish that helped you

Shikigami
  • 11
  • 1
0

Right off the bat I can see your form tag is missing enctype="multipart/form-data" which you'll need when you're uploading files.

<form method="post" enctype="multipart/form-data" action="inspectionprocessing.php">

You can get the blob data right from the uploaded data. It's not going to be a $_POST variable, it's going to be a $_FILES variable. Something like this in inspectionprocessing.php:

 $unitMedia = file_get_contents($_FILES['media']["tmp_name"]);

Also, it's highly recommended to validate that the uploaded image is actually an image, is not too big, etc. There's some validation stuff you can check out here: https://www.w3schools.com/php/php_file_upload.asp

Also also, its best to get in the practice of using prepared statements for your MySQL inserts and updates to prevent SQL injection. Start this habit now! https://www.w3schools.com/php/php_mysql_prepared_statements.asp

Kinglish
  • 23,358
  • 3
  • 22
  • 43