Where do I enter the code to insert file path and current session ID to the database?

Question

0.00/5 (No votes)

See more:

PHP

I have tried to simply enter the image path below but I'm sure I don't have the insert statement in the right place. New to PHP and MYSQL.

XML

<?php
session_start(); // Must start session first thing

// Here we run a login check
// Here we run a login check
$toplinks = "";
if (isset($_SESSION['id'])) {
    // Put stored session variables into local php variable
    $userid = $_SESSION['id'];
    $username = $_SESSION['username'];
    $toplinks = '<div id="Top_Links"><a  href="logout.php">Log Out </a>
             <a  href="member_account.php">My Account </a>
             <a  href="member_profile.php?id=' . $userid . '">' . $username . '</a> </div>';
} else {
   echo 'Please <a href="login.php">log in</a> to access your account';
  exit();
}
// Place Session variable 'id' into local variable
$id = $_SESSION['id'];
// Process the form if it is submitted
if ($_FILES['uploadedfile']['tmp_name'] != "") {
    // Run error handling on the file
    // Set Max file size limit to somewhere around 120kb
    $maxfilesize = 120000;
    // Check file size, if too large exit and tell them why
    if($_FILES['uploadedfile']['size'] > $maxfilesize ) {
        echo "<br /><br />Your image was too large. Must be 100kb or less, please<br /><br />
        <a href=\"edit_pic.php\">click here</a> to try again";
        unlink($_FILES['uploadedfile']['tmp_name']);
        exit();
    // Check file extension to see if it is .jpg or .gif, if not exit and tell them why
    } else if (!preg_match("/\.(gif|jpg)$/i", $_FILES['uploadedfile']['name'] ) ) {
        echo "<br /><br />Your image was not .gif or .jpg and it must be one of those two formats, please<br />
        <a href=\"edit_pic.php\">click here</a> to try again";
        unlink($_FILES['uploadedfile']['tmp_name']);
        exit();
        // If no errors on the file process it and upload to server
    } else {
        // Rename the pic
        $newname = "pic1.jpg";
        // Set the direntory for where to upload it, use the member id to hit their folder
        // Upload the file
        if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'], "memberFiles/$id/".$newname)) {
            echo "Success, the image has been uploaded and will display to visitors!<br /><br />
            <a href=\"member_account.php\">Click here</a> to return to your profile edit area";

        $file="memberFiles/$id/".$newname;
        $sql="INSERT INTO file (path) VALUES ('$file')";

        if (!mysql_query($sql))
        {
        die('Error: ' . mysql_error());
        }
        echo "<font size = '5'><font color=\"#0CF44A\">SAVED TO DATABASE";


        } else {
            echo "There was an error uploading the file, please try again. If it continually fails, contact us by email. <br /><br />
            <a href=\"member_account.php\">Click here</a> to return to your profile edit area";
            exit();
        }
    } // close else after file error checks
} // close if post the form
?>

Posted 29-Aug-14 9:34am

JonathanRyan88

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Weekendrockstar · Answer 1 · 2014-08-30T08:31:00

Just a couple of things I noticed:

1) You are setting two variables to equal the Session ID. Both $id and $userid are being set to the Session ID.

2) It appears that you are saving a person's photo they're uploading into a directory named after their Session ID. That would make it virtually impossible for you to actually make use of the the path in the future because the next time that they close their browser and come back to your site they will have a new Session and therefore a new Session ID and so there'd really be no way to link that user with that image path. That is, unless you are storing an id number you gave them at registration that you pulled from the database during the login parts that we can't see.

Now, you really wouldn't have to save a path to the database or even an image name because the the rest of the code is handling it. With the user's username store in their Session you can either have the uploading script create a directory within MemberFiles and name the new directory with the username (MemberFiles/USERNAME/pic1.jpg). Assuming that you are going to want the image file to be viewable in the browser and, let's say' when someone views that person's profile (or whatever page) then it is far more simple for you to display their image because their username is always the same whereas their Session ID would not be.

Is each member going to upload one image ever? If so, you may not even need to have a separate directory for each user. That would create a new folder in your server's filesystem for each user. Perhaps you change the name of each uploaded image to be $username.jpg and simply store them all in the one MemberFiles directory...unless there are other types of files that are going to be associated with each user, then I could see a reason each user to get their own folder within the MemberFiles directory.

I apologize if I misunderstood your initial point and/or if I've made any incorrect assumptions here.