-3

I try to use lazyload but it's load image poorly so I want to use thumbnail so it can load faster and save bandwidth. There's a lot of source code that I can use for reducing image data and resolution, I am trying to merge it with my upload.php but it doesn't work, I'm trying move_upload_path and copy below move_upload_path, it work and storing in more than one folder but it's not showing up on my MySQL database. Here's my code (I'm not using the new one that storing in multiple folder path)

<?php 


echo "<pre>";
print_r($_FILES['my_image']);
echo "</pre>";

$img_name = $_FILES['my_image']['name'];
$img_size = $_FILES['my_image']['size'];
$tmp_name = $_FILES['my_image']['tmp_name'];
$error = $_FILES['my_image']['error'];

if ($error === 0) {
    if ($img_size > 125000000) {
        $em = "Sorry, your file is too large.";
        header("Location: index1.php?error=$em");
    }else {
        $img_ex = pathinfo($img_name, PATHINFO_EXTENSION);
        $img_ex_lc = strtolower($img_ex);

        $allowed_exs = array("jpg", "jpeg", "png"); 

        if (in_array($img_ex_lc, $allowed_exs)) {
            $new_img_name = uniqid("IMG-", true).'.'.$img_ex_lc;
            $img_upload_path = 'uploads/'.$new_img_name;
            move_uploaded_file($tmp_name, $img_upload_path);

            
            $sql = "INSERT INTO images(image_url) 
                    VALUES('$new_img_name')";
            mysqli_query($conn, $sql);
            header("Location: index.php");
        }else {
            $em = "You can't upload files of this type";
            header("Location: index.php?error=$em");
        }
    }
}else {
    $em = "unknown error occurred!";
    header("Location: index.php?error=$em");
}
ADyson
  • 57,178
  • 14
  • 51
  • 63
MrBurger900series
  • 1
  • 2
    The correct syntax would be `INSERT INTO images (image_url) VALUES (?)` and pass in your $new_imag_name (you should have a column for the path as well ($img_upload_path) to cross reference it later, it looks like your only passing in the name). Currently your query is wide open for SQL Injections so look into handling the `INSERT` properly. – griv Oct 12 '22 at 14:44
  • 1
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Oct 12 '22 at 14:53
  • 1
    Add `mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` before your `mysqli_connect()` (or `new mysqli()`) command, and this will ensure that errors with your SQL queries are reported correctly to PHP automatically. – ADyson Oct 12 '22 at 15:42

1 Answers1

0

Php's Upload is for a one-time copy from a remote site to your site.

Lazyload, <picture>, and WebP are for speeding up the rendering of your page to users.

INSERTing images into your database is [usually] the wrong approach. Instead, store the image on disk and INSERT the URL pointing to it into the database. Then use <img...> to allow for HTML to fetch the image in parallel after the text on the page has been loaded. This, then, allows for lazyload, etc. to be used.

It is possible to have an image 'inline' by using base64 encoding and using as 'data' in <img...>. This might be useful for thumbnails, but I have decided that it is rarely worth the hassle.

PHP has the "image*()" routines for scaling (etc) images. I would use these for a one-time transformation to a different size (for <picture>) or better compression (WebP) or thumbnail.

It is also possible to use a PHP script to dynamically build an image. I would not use this for repeated build. I use something like this to experiment with different croppings, etc: <img src=".../crop.php?w=...>.

<img ... height=123 width=234> is an easy way to make a thumbnail (or other size) of a picture from the original. However, it requires the client to download the original, then, change the height and width, so it is not optimal for performance.

When storing an image in MySQL, be sure to use, say, MEDIUMBLOB. That it is limited to 16MB (not the 120MB that you are checking for). I don't know if MySQL can INSERT a blob bigger than that, in spite of having LONGBLOB which theoretically can hold 4GB. I hesitate because of various other limits in the encoding and transmission of the image from client to server.

I suspect that PNG files are bigger than the equivalent JPG. If space and download speed mater more than "lossy", consider converting PNGs to JPGs. Or even test the relative sizes when you initially acquire (Upload) each PNG.

If you will be storing images on your machine and serving from your machine, be aware of the web server's (Apache?) limitations on where things can be placed.

Rick James
  • 135,179
  • 13
  • 127
  • 222