Wednesday 15 June 2011

html - Form To Upload Multiple Images & Data To MySQL DB Via PHP -



html - Form To Upload Multiple Images & Data To MySQL DB Via PHP -

we developing application internal utilize upload 2 images , text boxes mysql database via form , php script.

we can simple form work text boxes submitted no image fields, , can form image fields work , upload images mysql database blob, when combining 2 can upload images, , not text boxes.

please find below code our php upload script, when our form submitted uploads database 2 image fields blob, not other text fields, help point out have gone wrong appreciated:

<?php $con=mysqli_connect("localhost","username","password","outofhours"); // check connection if (mysqli_connect_errno()) { echo "failed connect mysql: " . mysqli_connect_error(); } $maxsize = 10000000; //set approx 10 mb $sitename = mysqli_real_escape_string($con, $_post['sitename']); $siteaddress = mysqli_real_escape_string($con, $_post['siteaddress']); $sitepostcode = mysqli_real_escape_string($con, $_post['sitepostcode']); $eqmake = mysqli_real_escape_string($con, $_post['eqmake']); $eqmodel = mysqli_real_escape_string($con, $_post['eqmodel']); $eqdesc = mysqli_real_escape_string($con, $_post['eqdesc']); $eqserial = mysqli_real_escape_string($con, $_post['eqserial']); $eqassetno = mysqli_real_escape_string($con, $_post['eqassetno']); $eqconttype = mysqli_real_escape_string($con, $_post['eqconttype']); $brewery = mysqli_real_escape_string($con, $_post['brewery']); $date = mysqli_real_escape_string($con, $_post['date']); $onsitetime = mysqli_real_escape_string($con, $_post['onsitetime']); $offsitetime = mysqli_real_escape_string($con, $_post['offsitetime']); $custprintname = mysqli_real_escape_string($con, $_post['custprintname']); $custposition = mysqli_real_escape_string($con, $_post['custposition']); $engname = mysqli_real_escape_string($con, $_post['engname']); // check if file submitted if(!isset($_files['engsig1'])) { echo '<p>please select file</p>'; } else { seek { $msg= upload(); //this upload image echo $msg; //message showing success or failure. } catch(exception $e) { echo $e->getmessage(); echo 'sorry, not upload file'; } } // upload function function upload() { include "file_constants.php"; $maxsize = 10000000; //set approx 10 mb //check associated error code if($_files['engsig1']['error']==upload_err_ok) { //check whether file uploaded http post if(is_uploaded_file($_files['engsig1']['tmp_name'])) { //checks size of uploaded image on server side if( $_files['engsig1']['size'] < $maxsize) { //checks whether uploaded file of image type $finfo = finfo_open(fileinfo_mime_type); if(strpos(finfo_file($finfo, $_files['engsig1']['tmp_name']),"image")===0) { // prepare image insertion $imgdata1 =addslashes (file_get_contents($_files['engsig1']['tmp_name'])); $imgdata2 =addslashes (file_get_contents($_files['custsig1']['tmp_name'])); // set image in db... // database connection mysql_connect($host, $user, $pass) or die (mysql_error()); // select db mysql_select_db ($db) or die ("unable select db".mysql_error()); // our sql query $sql = "insert oohours (sitename, siteaddress, sitepostcode, eqmake, eqmodel, eqdesc, eqserial, eqassetno, eqconttype, brewery, date, onsitetime, offsitetime, custprintname, custsig1, custposition, engname, engsig1) values ('$sitename', '$siteaddress', '$sitepostcode', '$eqmake', '$eqmodel', '$eqdesc', '$eqserial', '$eqassetno', '$eqconttype', '$brewery', '$date', '$onsitetime', '$offsitetime', '$custprintname', '{$imgdata1}', '$custposition', '$engname', '{$imgdata2}')"; // insert image mysql_query($sql) or die("error in query: " . mysql_error()); $msg='<p>image saved in database id ='. mysql_insert_id().' </p>'; } else $msg="<p>uploaded file not image.</p>"; } else { // if file not less maximum allowed, print error $msg='<div>file exceeds maximum file limit</div> <div>maximum file limit '.$maxsize.' bytes</div> <div>file '.$_files['engsig1']['name'].' '.$_files['engsig1']['size']. ' bytes</div><hr />'; } } else $msg="file not uploaded successfully."; } else { $msg= file_upload_error_message($_files['engsig1']['error']); } homecoming $msg; } // function homecoming error message based on error code function file_upload_error_message($error_code) { switch ($error_code) { case upload_err_ini_size: homecoming 'the uploaded file exceeds upload_max_filesize directive in php.ini'; case upload_err_form_size: homecoming 'the uploaded file exceeds max_file_size directive specified in html form'; case upload_err_partial: homecoming 'the uploaded file partially uploaded'; case upload_err_no_file: homecoming 'no file uploaded'; case upload_err_no_tmp_dir: homecoming 'missing temporary folder'; case upload_err_cant_write: homecoming 'failed write file disk'; case upload_err_extension: homecoming 'file upload stopped extension'; default: homecoming 'unknown upload error'; } } ?>

you error lies in fact using mysql , mysqli functions through each other. doesnt work. either go mysqli or got mysql .. go mysqli.

i mean, check yourself. sanitize them mysqli, within upload function connect database, utilize mysql function.

// set image in db... // database connection mysql_connect($host, $user, $pass) or die (mysql_error()); // select db mysql_select_db ($db) or die ("unable select db".mysql_error()); // our sql query $sql = "insert oohours (sitename, siteaddress, sitepostcode, eqmake, eqmodel, eqdesc, eqserial, eqassetno, eqconttype, brewery, date, onsitetime, offsitetime, custprintname, custsig1, custposition, engname, engsig1) values ('$sitename', '$siteaddress', '$sitepostcode', '$eqmake', '$eqmodel', '$eqdesc', '$eqserial', '$eqassetno', '$eqconttype', '$brewery', '$date', '$onsitetime', '$offsitetime', '$custprintname', '{$imgdata1}', '$custposition', '$engname', '{$imgdata2}')"; // insert image mysql_query($sql) or die("error in query: " . mysql_error()); $msg='<p>image saved in database id ='. mysql_insert_id().' </p>';

is mysql function, while utilize rest mysqli

<?php $con=mysqli_connect("localhost","username","password","outofhours"); // check connection if (mysqli_connect_errno()) { echo "failed connect mysql: " . mysqli_connect_error(); } $maxsize = 10000000; //set approx 10 mb $sitename = mysqli_real_escape_string($con, $_post['sitename']); $siteaddress = mysqli_real_escape_string($con, $_post['siteaddress']); $sitepostcode = mysqli_real_escape_string($con, $_post['sitepostcode']); $eqmake = mysqli_real_escape_string($con, $_post['eqmake']); $eqmodel = mysqli_real_escape_string($con, $_post['eqmodel']); $eqdesc = mysqli_real_escape_string($con, $_post['eqdesc']); $eqserial = mysqli_real_escape_string($con, $_post['eqserial']); $eqassetno = mysqli_real_escape_string($con, $_post['eqassetno']); $eqconttype = mysqli_real_escape_string($con, $_post['eqconttype']); $brewery = mysqli_real_escape_string($con, $_post['brewery']); $date = mysqli_real_escape_string($con, $_post['date']); $onsitetime = mysqli_real_escape_string($con, $_post['onsitetime']); $offsitetime = mysqli_real_escape_string($con, $_post['offsitetime']); $custprintname = mysqli_real_escape_string($con, $_post['custprintname']); $custposition = mysqli_real_escape_string($con, $_post['custposition']); $engname = mysqli_real_escape_string($con, $_post['engname']);

so @ point, have established connection mysql in function, text in mysqli sanitized, has no clue it. simple said bove, chose 1 or other ;)

php html mysql database image

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)