PHP upload image to folder and insert record to database

Question

I made code in PHP for uploading images, but I have one problem, when I upload image, there is no record in database, but image is uploaded to path where I want it.

this is my code:

<form action="upload.php" method="post" enctype="multipart/form-data" id="upload_form">
    <input id="file" type="file" name="file[]" />
    <input type="submit" id="upload" name="submit" value="Dodaj" />
</form>

include 'init.php';

    $uploaded = [];
    $allowed = ['jpg', 'png'];

    $succeeded = [];
    $failed = [];

    if(!empty($_FILES['file'])){
        foreach($_FILES['file']['name'] as $key => $name){
            if($_FILES['file']['error'][$key] == 0){
                $temp = $_FILES['file']['tmp_name'][$key];

                $ext = explode('.', $name);
                $ext = strtolower(end($ext));

                $file = md5_file($temp) . time() . '.' . $ext;              

                if(in_array($ext, $allowed) === true && move_uploaded_file($temp, "uploads/{$file}") === true){
                    $succeeded[] = array('name' => $name, 'file' => $file);
                    $path = 'uploads';
                    $sql = "INSERT INTO users (img_path, img_name, img_type) VALUES ('$path', '$file', '$ext') WHERE id = '$session_user_id'";
                    $result = mysql_query($sql);                    
                }else{
                    $failed[] = array('name' => $name); 
                }               
            }       
        }

init file:

session_start();

    mysql_connect('localhost','root','');
    mysql_select_db('croglas'); 
    mysql_query('SET CHARACTER SET utf8');

    include 'functions.php';

    if(logged_in() === true){
        $session_user_id = $_SESSION['id'];
        $user_data = user_data($session_user_id, 'id', 'username', 'password', 'email', 'address', 'zip', 'phone_number', 'city', 'type', 'points', 'img_path', 'img_name', 'img_type');
    }

You're simply assuming your query succeeded. You have no error checking at all. $result = mysql_query(...) or die(mysql_error()) should be the bare MINIMUM handling you have. never EVER assume success with a db operation. always assume it'll fail, and treat success as a pleasant surprise. — Marc B
– Marc B, Commented Sep 1, 2015 at 17:02
dev.mysql.com/doc/refman/5.6/en/insert-select.html --- dev.mysql.com/doc/refman/5.6/en/insert-on-duplicate.html - in regards to WHERE. Read that as well as a prepared statement. If the intention is to do an UPDATE, well, that's a different animal altogether. — Funk Forty Niner
– Funk Forty Niner, Commented Sep 1, 2015 at 17:03
If you can, you should stop using mysql_* functions. They are no longer maintained and are officially deprecated. Learn about prepared statements instead, and consider using PDO, it's really not hard. — Jay Blanchard
– Jay Blanchard, Commented Sep 1, 2015 at 17:14

David · Accepted Answer · 2015-09-01 17:10:27Z

5

This is probably returning an error which the code is ignoring:

INSERT INTO users (img_path, img_name, img_type) VALUES ('$path', '$file', '$ext') WHERE id = '$session_user_id'

INSERT statements don't have WHERE clauses. Just omit the clause entirely:

INSERT INTO users (img_path, img_name, img_type) VALUES ('$path', '$file', '$ext')

Additionally, you should check for SQL errors after executing a SQL statement.

Edit: Or... Does this need to be an UPDATE statement instead? It strikes me as strange that a table called users would hold image records. Are you instead updating an existing user record to include new values? That would have a WHERE clause. Something like this:

UPDATE users SET img_page='$path', img_name='$file', img_type='$ext' WHERE id = '$session_user_id'

edited Sep 1, 2015 at 17:10

answered Sep 1, 2015 at 17:02

David

221k42 gold badges245 silver badges337 bronze badges

Sign up to request clarification or add additional context in comments.

6 Comments

CroVG Over a year ago

How will you know which user it will record?

David Over a year ago

@CroVG: If there's a column in that table to record that data, insert a value into that column as well.

CroVG Over a year ago

Yes but if i have more colums whit different users? is it same?

David Over a year ago

@CroVG: Any column for which you have data when inserting the record can be included in the INSERT statement. It's not really clear what you're asking at this point. (It's also not really clear why you're storing image data in a table called users. Maybe this should be an UPDATE statement instead of an INSERT? That would have a WHERE clause...)

Funk Forty Niner Over a year ago

^ yep, and...as I outlined here...

|

Varun · Accepted Answer · 2015-09-01 17:04:51Z

0

Your query is wrong, you cant have where in AN INSERT statement.

It should be like this,

INSERT INTO users (img_path, img_name, img_type) VALUES ('$path', '$file', '$ext')

Also,one tip: use mysqli.

answered Sep 1, 2015 at 17:04

Varun

1,9562 gold badges12 silver badges17 bronze badges

3 Comments

Nana Partykar Over a year ago

This is actually what @David Answered. Any Difference ?

Varun Over a year ago

@DanishEnam Just by accident i didn't see that a anwer was posted while i was typing.One thing is using mysqli instead of mysql :P

Funk Forty Niner Over a year ago

"Also,one tip: use mysqli." - You're missing something... using "just" mysqli_, doesn't help against injection; not on its own anyway.

Collectives™ on Stack Overflow

PHP upload image to folder and insert record to database

2 Answers 2

6 Comments

3 Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

2 Answers 2

6 Comments

3 Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related