Insert image plus text into mysql database

Question

1.00/5 (1 vote)

See more:

Helo Coders

I'm trying to insert text along with text to mysql database but it is not working. I would like to restrict the image type to jpg only. Here is my code.

PHP

<?php
$username= "root";
$password= "";
$hostname= "localhost";
$dbhandle=mysql_connect($hostname, $username, $password) or die("could not connect to the database");

$selected=mysql_select_db("unic", $dbhandle);
$imageName=mysql_real_escape_string($_FILES["image"]["name"]);
$imageData=mysql_real_escape_string($_FILES["image"]["tmp_name"]);
$imageType=mysql_real_escape_string($_FILES["image"]["type"]);
$extension=strtolower(substr($imageName, strpos($imageName, '.')+ 1));
if(isset($_POST['FullName']) && isset($_POST['YourGender']) && isset($_POST['AgeGroup'])  && isset($_POST['Institution'])  && isset($_POST['Purpose']) && isset($_POST['NRC'])  && isset($_POST['Province']) && isset($_POST['dbDate']) && isset($_POST['NRC'])  && isset($_POST['Province']) && isset($_POST['Address'])){
if(isset($imageName)){
if(!empty($imageName)){
if(($extension=='jpg'||$extension=='jpeg')&&$imageType=='image/jpeg'){
$name=$_POST['FullName'];
$gender=$_POST['YourGender'];
$age=$_POST['AgeGroup'];
$institution=$_POST['Institution'];
$purpose=$_POST['Purpose'];
$nrc=$_POST['NRC'];
$province=$_POST['Province'];
$dbdate=$_POST['dbDate'];
$address=$_POST['Address'];
$query = mysql_query("SELECT * FROM students WHERE NRC='$nrc'");
if(mysql_num_rows($query) > 0){
echo ' The NRC you entered is already taken ';
}else{
mysql_query("INSERT INTO `students` set FullName='$name', Gender='$gender', AgeGroup='$age', Organisation='$institution', Purpose='$purpose', NRC='$nrc', Province='$province', dbDate='$dbdate', Address='$address' Image='$imageName'");
echo("Record was Succesfully Entered");
}
}else{
echo 'Only jpg Images allowed';
}
}
}
}
mysql_close();
?>

Posted 17-Dec-14 2:52am

Member 11301170

Add a Solution

Comments

PIEBALDconsult 17-Dec-14 9:35am

Find out how to use a parameterized statement, because what you have now can't do it.

Chubby Ninja 17-Dec-14 10:26am

What isn't working currently? Do you get an error from the sql query? - is it an option for you to look at prepared statements like PHP PDO?

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Chubby Ninja · Answer 1 · 2014-12-17T04:48:00

There's a couple of issues, including that you are not actually moving the image into a upload directory - check out my modifications which include sanitizing your data

PHP

$username= "root";
$password= "";
$hostname= "localhost";

$allowed_ext = array( 'jpg', 'jpeg' ); // allowed extensions
$allowed_mime = array( 'image/jpeg' ); // allowed mime types
$upload_dir = $_SERVER['DOCUMENT_ROOT'] . '/uploads/'; // change this to your upload directory - include the trailing slash

$required = array( 'FullName', 'YourGender', 'AgeGroup', 'Institution', 'Purpose', 'NRC', 'Province', 'dbDate', 'Address');
$sanitized = array( );

$error = false;

// loop through each required POST field and sanatize it
foreach( $required as $req )
{
    if( !isset($_POST[ $req ]) )
    {
        $error = true;
    } else {
        $sanitized[ $req ] = mysql_real_escape_string( $_POST[ $req ] );
    }
}

// if not all the required fields are set
if( $error )
{
    die( 'Error - Not all required fields posted' );
}

// check if upload has been sent
if( !isset( $_FILES ) )
{
    die( 'Error - No file sent' );
}

$imageName=mysql_real_escape_string($_FILES["image"]["name"]);
// check if the imagename is set
if( empty( $imageName ) )
{
    die( 'Not image name set' );
}
$sanitized['Image'] = $imageName;


$imageType=mysql_real_escape_string($_FILES["image"]["type"]);
$extension=strtolower(substr($imageName, strpos($imageName, '.')+ 1));
// check if the extension is in the allowed list
if( !in_array($extension, $allowed_ext ) || !in_array($imageType, $allowed_mime) )
{
    die( 'Only JPG images allowed' );
}


$imageData=mysql_real_escape_string($_FILES["image"]["tmp_name"]);
// try move the file
if( !move_uploaded_file($imageData, $upload_dir . $imageName ) )
{
    die( 'Could not move file into upload directory' );
}

// all error checks have passed, assume all is ok


$dbhandle=mysql_connect($hostname, $username, $password) or die("could not connect to the database");
$selected=mysql_select_db("unic", $dbhandle);

$query = mysql_query("SELECT * FROM `students` WHERE `NRC`='" . $sanitized['NRC'] . "'");

if(mysql_num_rows($query) > 0)
{
    echo ' The NRC you entered is already taken ';
}else{
    mysql_query("INSERT INTO `students` (" . implode(',', array_keys($sanitized)) . ") VALUES ('" . implode( "','", $sanitized ) . "')");
    echo("Record was Succesfully Entered");
}

mysql_close();