2

I've got the following HTML form. As you can see it's saving a file.

<form enctype="multipart/form-data" action="welcome.php" method="post
"onsubmit="return validateFormOnSubmit(this)"> 
 <b>Name</b><br/> <input type="text" name="fname" /> 
 <br/>
 <b>Description</b><br/> <TEXTAREA NAME="description" COLS=40
 ROWS=6></TEXTAREA><br/><br/> <input type="hidden" name="MAX_FILE_SIZE" value="100000"/> 

<b>Upload Picture</b><br/> <input name="uploadedfile" type="file" /><br /> 
 <b>Latitude</b><br/><INPUT name="lat" id ="lat" /><br/> 
 <b>Longitude</b><br/><INPUT     name="lng" id ="lng" /><br/> <input type="submit" />

This file is being processed like so...

 $target_path = "uploads/";

 $target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

The rest of the information is being stored in a SQL database. I'd like to store the file uploaded in that database. How would I go about doing this via the php file the information get's sent to? I'm inserting it like..

   $query = "INSERT INTO <TABLE> (name, message, lat, lng, type)VALUES ('".$title."', '".$des."', '".$lati."', '".$long."', '".$type."')";
   $q=mysql_query($query) or die(mysql_error());
Improve this question
2
  • I'm not good enough with MySQL to give a detailed response, so I'm just gonna say: BLOBS! dev.mysql.com/doc/refman/5.0/en/blob.html Commented Jul 21, 2010 at 14:07
  • 7
    SQL Injection Attack off the starboard bow, cap'n! Commented Jul 21, 2010 at 14:08

3 Answers 3

Reset to default
5

If you definitely want to insert your HTML file in your MySQL DB, there are two ways:

  1. Use the BLOB type to store the file.

  2. Convert your file into a string, as it is HTML, and store it in a TEXT field.

However, my recommendation would be to store files on the server filesystem, and not in the database.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

If he stores the file in a blob he is going to have to convert that string back into an image afterwards, (looking at his code the file has a label upload picture)
My mistake, I thought he wanted to store the html file itself. You're absolutely right.
3

You can do this in tow ways.

  1. Copying the file into filesystem and saving its path in database

  2. Storing the file as binary data in database.

    $data = file_get_contents($_FILES['photo']['tmp_name']);
$data = mysql_real_escape_string($data);

and then save data in a field (you need to create that field as blob)

Improve this answer

2 Comments

How would I then extract that data e.g if it was a photo display it in HTML?
You may create a file, after getting data from database, you need to write that data into the file. Or stackoverflow.com/questions/1330138/…
2

You mean the contents of the uploaded file?

Pretty much like below:

// Obtain the file content (add error handling here...)
$contents = file_get_contents($_FILES['uploadedfile']['tmp_name']);
// Escape all special characters
$contents = mysql_real_escape_string($contents)
// Do the insert
$query = 'INSERT INTO <TABLE> (....) VALUES ("' . $contents . '")';
$q=mysql_query($query) or die(mysql_error());

Edit: marvin is right, its file_get_contents.

Improve this answer

3 Comments

The field in the table: if it is going to be HTML: a TEXT or LONGTEXT should be okay. I would advice to add checks everywhere: the length of the file, the contents, etc... file stuff always brings along inherent risks
As other commenters said, use a blob for this unless the file is guaranteed to be less than 255 chars long. TEXT might work too, depends on the file format.
A blob and a text have the same maximum length IIRC. The difference is that a blob allows binary content. I adviced the regular TEXT type since it was indicated that it would be HTML.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.