Menu
I'd like to include in my MySQL table a path to an image. The image path gets into the table by inserting the value of a "file" textfield (one of those Browse kind of deals). So the value that gets entered is something like: image001.jpg. But I can't seem to use that value to put an image into a html page. if it goes into the table fine, why can't I get it out?
I upload an image but I don't know where it's gone. Because there's no value entered in image field when I checked it through PhpMyadmin.
Table schema
CREATE TABLE employee_details
(
emp_image varchar(255),
employee_name varchar(50),
employee_address varchar(50),
employee_designation varchar(50),
employee_salary int(),
);
Query
$sql="
INSERT INTO employee_detail(
emp_image,
employee_name,
employee_address,
employee_contact,
employee_designation,
employee_salary
)
VALUES(
'$_POST[emp_image]',
'$_POST[employee_name]',
'$_POST[employee_address]',
'$_POST[employee_contact]',
'$_POST[employee_designation]',
'$_POST[employee_salary]'
)";
515
Create The Upload File PHP Script $target_file specifies the path of the file to be uploaded. $uploadOk=1 is not used yet (will be used later) $imageFileType holds the file extension of the file (in lower case) Next, check if the image file is an actual image or a fake image.
There are two ways to save images. Most common way is to save the file name in MySQL table and upload image in folder. Another way is to store the image into directly into the Database.
On your comment you ask how to upload and store the data to mysql. So here it is:
To get the file, you should have a script in your html like this:
<html>
<body>
<form action="upload_file.php" method="post" enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>
Now, on POST, your PHP file should look like this but please take note that you have to check if the file exists on your POST:
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
}
Since the "Stored in:" part is just the temporary path, you should move to your 'real' image path using move_uploaded_file(). Let say the real/default path for your images is in:
$image_dir= '/images/';
You just have to move the file using this:
move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $image_dir. $_FILES['uploaded_file']['name']);
And your full path to the image would be
$image = $final_save_dir . $_FILES['uploaded_file']['name'];
There are several ways to store the path to your database:
1st: Is to store just the filename and concatenate the path of the image in PHP using $_SERVER['DOCUMENT_ROOT'] and your default image path like:
$sql="insert into employee_detail( emp_image, employee_name, employee_address,
employee_contact, employee_designation, employee_salary)
values( '$image', '$_POST[employee_name]', '$_POST[employee_address]', '$_POST[employee_contact]',
'$_POST[employee_designation]','$_POST[employee_salary]')";
2nd: Is to store the full path like:
$sql="insert into employee_detail( emp_image, employee_name, employee_address,
employee_contact, employee_designation, employee_salary)
values( '".$_SERVER['DOCUMENT_ROOT']."\\images\\".$image."', '$_POST[employee_name]', '$_POST[employee_address]', '$_POST[employee_contact]',
'$_POST[employee_designation]','$_POST[employee_salary]')";
What I recommend is this approach wherein you will input the partial path (without the root dir) so that later you don't have a problem on deploying it:
$sql="insert into employee_detail( emp_image, employee_name, employee_address,
employee_contact, employee_designation, employee_salary)
values( 'images\\".$image."', '$_POST[employee_name]', '$_POST[employee_address]', '$_POST[employee_contact]',
'$_POST[employee_designation]','$_POST[employee_salary]')";
And make sure that the images are successfully upload to that default image dir/path.
UPDATE
I also recommend that you use mysqli_* or PDO and use prepare() method /function to prevent sql injection.
68
If you upload an image, it is saved in the temporary path at first. You'll have to move it to your final directory, otherwise it'll be gone after script execution. What basically happens is this:
If you have a form with some form fields (text, checkbox, textarea, whatever), AND a file field (<input type="file" name="uploaded_file" />), all 'normal' fields will be accessible with the $_POST array. The file(s) however will be accessible in the $_FILES array (see also the man page about file uploads).
Now when you receive the POST request, the uploaded files are stored in your temporary directory. If you don't do anything, it'll be deleted again after script execution. So you'd need to call the move_uploaded_file() function. Example:
$final_save_dir = '/path/to/images/dir/';
move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $final_save_dir . $_FILES['uploaded_file']['name']);
And your full path to the image would be
$image_full_path = $final_save_dir . $_FILES['uploaded_file']['name'];
This path can be saved in your database:
$sql="
INSERT INTO employee_detail(
emp_image,
...
)
VALUES(
'$image_full_path',
...
)";
IMPORTANT: please take note on @brewal's comment. Your script is VERY unsafe like this.
29
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
