1

I want to upload images to mysql server using php. I have created html and sql connectivity but the image upload shows error. I cant upload the image, it shows error of valid image i.e. you must upload jpeg,bmp,gif; and read/write in directory.

Can any1 help me solving this problem the php file is 

    <?php
//Start session
session_start();

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

// Check to see if the type of file uploaded is a valid image type
function valid($file)
{
    // This is an array that holds all the valid image MIME types
    $valid_types = array("image/jpg", "image/jpeg", "image/bmp", "image/gif");

    //echo $file['type'];
    if (in_array($file['type'], $valid_types))
        return 1;
    return 0;
}

// Build our target path full string.  This is where the file will be moved do
// i.e.  images/picture.jpg
$TARGET_PATH = "image/";
$TARGET_PATH = $TARGET_PATH . basename( $_FILES['image']['name']);

$pimage = $_FILES['image']['name'];

// Check to make sure that our file is actually an image
    // You check the file type instead of the extension because the extension can easily   be faked
    if (!valid($pimage))
    {
   $_SESSION['ERRMSG_ARR'] = array('You must upload a jpeg, gif, or bmp');
   header("Location: admin.php");
   exit;
     }

// Here we check to see if a file with that name already exists
   // You could get past filename problems by appending a timestamp to the filename and then      continuing
   if (file_exists($TARGET_PATH))
   {
 $_SESSION['ERRMSG_ARR'] = array('A file with that name already exists');
 header("Location: admin.php");
     exit;
   }

 // Lets attempt to move the file from its temporary directory to its new home
   if (move_uploaded_file($_FILES['image']['tmp_name'], $TARGET_PATH))
   {
  // NOTE: This is where a lot of people make mistakes.
  // We are *not* putting the image into the database; we are putting a reference to the     file's location on the server
   $sql = "insert into people (p_category, p_name, p_quantity, p_desc, p_image) values        ('$pcategory', '$pname','$pquantity','pdesc', '" . $pimage['name'] . "')";
   $result = mysql_query($sql);
    //Check whether the query was successful or not
      if($result) {
    $_SESSION['ERRMSG_ARR'] = array('Product added');;
    $_SESSION['MSG_FLAG'] = 0;
    session_write_close();
    header("location: admin.php");
    exit();
     }else {
    die("Query failed: ".mysql_error());
        }
       }
       else
       {
     // A common cause of file moving failures is because of bad permissions on the     directory attempting to be written to
     // Make sure you chmod the directory to be writeable
     $_SESSION['ERRMSG_ARR'] = array('Could not upload file.  Check read/write persmissions on the directory');
      header("Location: admin.php");
      exit;
       }
?>
Improve this question
5
  • looks like your code is trying to upload image to the disk but your question says you're trying to upload it to MySQL? Commented Sep 17, 2013 at 17:49
  • What's the error? Are you writing to a database or to the file system? The error you describe suggests the latter. Commented Sep 17, 2013 at 17:50
  • "We are not putting the image into the database; we are putting a reference to the file's location on the server"... so we're not uploading images to MySQL using PHP - we're storing their temporary file names, which may or may not be unique..... Commented Sep 17, 2013 at 17:56
  • 1
    Please, before you write any more SQL interfacing code, you must read up on proper SQL escaping to avoid severe SQL injection bugs. Also, mysql_query should not be used in new applications. It's a deprecated interface that's being removed from future versions of PHP. A modern replacement like PDO is not hard to learn and will make your database code easier to get right. Commented Sep 17, 2013 at 18:04
  • 1
    Nowhere in your code to actually check if the upload actually succeeded. You're just assuming everything worked perfectly. Bad idea... Commented Sep 17, 2013 at 18:04

2 Answers 2

Reset to default
1

I think

$pimage = $_FILES['image']['name'];

should be

$pimage = $_FILES['image'];

You probably missed this because your code is quite inconsistent - sometimes you use $pimage, while elsewhere you reference the $_FILES array directly. This makes it harder to maintain should the file field's name change. You could also type hint the valid() function to make PHP complain if $file isn't an array:

function valid(array $file) { ... }

What level of error reporting do you have set? It would highlight errors like trying to access undefined array keys.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

See you are passing the image type in the line if (!valid($pimage)) But in the valid() function you are again trying to get the type of image $file['type'].

What George said should also work, but since you are making variables for the image type $ptype and name $pimage, you can use them itself.

So the changes should be $file['type'] becomes $file and $file['type'] & in the insert query $pimage['name'] becomes $pimage

I'm sure this solves it, Bahua ;)

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.