PHP Uploader

Question

kiLLer.zoh_1 0 Light Poster

11 Years Ago

I have been inserting the file path in to data base but it s giving a mysql syantax error can any pne fix it

<?php
include 'db.php';
if($_SERVER['REQUEST_METHOD']=='POST')
{
    if(isset($_FILES['photo'])&& is_uploaded_file($_FILES['photo']['tmp_name'])
            && $_FILES['photo']['error']==UPLOAD_ERR_OK)
    {
        if($_FILES['photo']['type']=='image/jpeg') 
        {
            $tmp_img = $_FILES['photo']['tmp_name'];
            $path = "d:/xampp/htdocs/upload/images/" .$_FILES['photo']['name'];
            move_uploaded_file($_FILES['photo']['tmp_name'], $path);
            $imgname=$_FILES['photo']['name'];
            $q="Insert INTO image (name,imgpath) VALUES($imgname,$path)";
            mysql_query($q) or die(mysql_error());
        }
        else 
        {
            echo "Uploaded file was not a JPG image.";
        }
    }   
    else 
    {
         echo "No file Uploaded";
    }
}
?>

php

5 Contributors
25 Replies
301 Views
4 Days Discussion Span
Latest Post 11 Years Ago Latest Post by Webville312

pixelsoul 272 Red Pill

11 Years Ago

What was the SQL error you got from it?

pritaeas 2,194 ¯\_(ツ)_/¯

11 Years Ago

Missing quotes I think.

$q = "INSERT INTO image (name, imgpath) VALUES ('$imgname', '$path')";

pixelsoul commented: good call +0

Webville312 14 Newbie Poster

11 Years Ago

Wwhy not use this code instead?

  $target_path = "d:/xampp/htdocs/upload/images/";
    $target_path = $target_path . basename( $_FILES['photo']['name']);

And then when inserting to the database, you can use;

"insert into photos (id,image_name,image) values ('$id','$_FILES[photo]','".$target_path."')";

That should work ...

Edited 11 Years Ago by Webville312 because: added some codes

pixelsoul 272 Red Pill

11 Years Ago

You are missing closing quotes on this line;

Actually, no it doesn't need quotes here if it ends with a variable. The quotes just close the string.

Webville312 14 Newbie Poster

11 Years Ago

Sorry, my bad; My first post was offside, but I edited it with a line of code that actually works for me ...

Once again sorry ...

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

kiLLer.zoh_1 0 Light Poster · Answer 1 · 2013-03-28T13:13:41+00:00

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':/xampp/htdocs/upload/images/graphics.JPEG)' at line 1

kiLLer.zoh_1 0 Light Poster · Answer 2 · 2013-03-28T13:17:58+00:00

now i i have put the quotes file name saved successfully but still image path is not saved in db

kiLLer.zoh_1 0 Light Poster · Answer 3 · 2013-03-28T13:24:13+00:00

that creates the error "Webville" look again i have been concatenating both strings

kiLLer.zoh_1 0 Light Poster · Answer 4 · 2013-03-28T13:30:54+00:00

i have just chk the $path by echo and showing the without an error but problm is that its not getting
in to the database

pixelsoul 272 Red Pill Featured Poster · Answer 5 · 2013-03-28T13:32:54+00:00

Use http://php.net/manual/en/function.mysql-real-escape-string.php on your data that you are entering into the database.

Webville312 14 Newbie Poster · Answer 6 · 2013-03-28T13:33:12+00:00

I had suggested a code fragment that actually works for me, and it is;

$target_path = "d:/xampp/htdocs/upload/images/";
    $target_path = $target_path . basename( $_FILES['photo']['name']);

And the insert is;

"insert into photos (id,image_name,image) values ('$id','$_FILES[photo]','".$target_path."')";

kiLLer.zoh_1 0 Light Poster · Answer 7 · 2013-03-29T14:32:02+00:00

kiLLer.zoh_1 0 Light Poster

11 Years Ago

this is not working :(

TonyG_cyprus 36 Newbie Poster · Answer 8 · 2013-03-29T15:08:23+00:00

$path = "d:/xampp/htdocs/upload/images/" .$_FILES['photo']['name'];

you have an extra space there, before the .$files

$path = "d:/xampp/htdocs/upload/images/".$_FILES['photo']['name'];

might do it. Mysql's funny about things like that.

pixelsoul 272 Red Pill Featured Poster · Answer 9 · 2013-03-29T15:55:57+00:00

this is not working :(

So does this mean that you are getting an error still? Or is there no error and it just is not inserting the file path into the db?

Can you post your current code again after the changes you have made?

kiLLer.zoh_1 0 Light Poster · Answer 10 · 2013-03-29T17:38:25+00:00

<?php 
include "db.php";
$target_path = "images/";

$target_path = $target_path . basename( $_FILES['file']['name']); 

if(move_uploaded_file($_FILES['file']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['file']['name']). 
    " has been uploaded";
} else{
    echo "There was an error uploading the file, please try again!";
}
$q ="Insert Into image(name,imgpath) VALUES ('".$_FILES['file']['name']."','".$target_path."')";

mysql_query($q) or die(mysql_error());


?>

kiLLer.zoh_1 0 Light Poster · Answer 11 · 2013-03-29T17:41:23+00:00

i dnt get error by using this script the only thing is that file path aint saving in to the db

kiLLer.zoh_1 0 Light Poster · Answer 12 · 2013-03-29T17:42:02+00:00

kiLLer.zoh_1 0 Light Poster

11 Years Ago

although file name saved successfully

pixelsoul 272 Red Pill Featured Poster · Answer 13 · 2013-03-29T18:06:28+00:00

Hmm, what are the rest of the columns in your SQL table "image"? Can you just show us the table structure?

kiLLer.zoh_1 0 Light Poster · Answer 14 · 2013-03-29T18:16:32+00:00

i have just created the db with name upload with three attributes imgid, ,name,imgpath

pixelsoul 272 Red Pill Featured Poster · Answer 15 · 2013-03-29T18:22:09+00:00

The name of the table is "upload" or is that the name of the database?

Try this:

<?php 
include "db.php";

$target_path = "images/";
$img_name = mysql_real_escape_string($_FILES['file']['name']);

if(move_uploaded_file($_FILES['file']['tmp_name'], $target_path.$img_name)) {

    // Moved this here. Would there be a reason to put it into the database if the file upload failed?
    $q = "INSERT INTO upload (imgid,name,imgpath) VALUES ('','$img_name','". $target_path.$img_name ."')";
    $result = mysql_query($q) or die (mysql_error());
    echo "The file $img_name has been uploaded";

}else{
    echo "There was an error uploading the file, please try again!";
}
?>

Just change the name of the table in the SQL if it really is just "image".

kiLLer.zoh_1 0 Light Poster · Answer 16 · 2013-03-29T18:22:34+00:00

kiLLer.zoh_1 0 Light Poster

11 Years Ago

thanks bro there was a blunder in ma db

kiLLer.zoh_1 0 Light Poster · Answer 17 · 2013-03-29T18:23:25+00:00

i had put type int with img path attibute thats why it was not saving in database

TonyG_cyprus 36 Newbie Poster · Answer 18 · 2013-03-29T19:22:15+00:00

Personally I would use

$name=$files['file']['name'];

$q ="Insert Into image(name,imgpath) VALUES ('$name','$target_path')";

pixelsoul 272 Red Pill Featured Poster · Answer 19 · 2013-03-29T22:45:55+00:00

Yes, there are a lot of different/better ways to do this operation. I don't like using just $name because it is very general to me and could be the name of anything when I have a lot of code in one file that does more than just deal with an image. Of course, at the end of the day I would probably have written a function or class (which I have) and just call that.

@kiLLer.zoh_1 Make sure you take your script further and put in error checking, and file upload restrictions if you are planning on having this public facing for anyone to use. As it is right now, someone/anyone could bring your entire website down with being able to access this.

Webville312 14 Newbie Poster · Answer 20 · 2013-04-02T09:22:52+00:00

and do you have a folder named "images" ???

And why are you concatenating the imagename with the target path in this line?;

  $q = "INSERT INTO upload (imgid,name,imgpath) VALUES ('','$img_name','". $target_path.$img_name ."')";

You only need the target path ONLY ...