I'm currently trying to upload an image to a mysql database using php. The image should be inserted to the same row as the user. So, in my not-so-good attempt to do this, i have created a textbox and an upload form, so when the user enters his name on the textbox and uploaded an image they will be saved at the same time. The problem here is that I'm not quite sure if the method I've tried is right. well, I'm not really good in php to begin with. any help will do!
here is my form:
<?php
require('admin.config.inc.php');
if(isset($_POST['upload'])){
$image_name = $_FILES['image']['name'];
$image_type = $_FILES['image']['type'];
$image_size = $_FILES['image']['size'];
$image_tmp_name = $_FILES['image']['tmp_name'];
$path = "/home/********/public_html/StagConnect/admin/pictures/$image_name";
if($image_name==''){
echo "Don't just click! select an image please .";
exit();
}
else{
move_uploaded_file($image_tmp_name, $path);
$mysql_path = $path."/".$image_name;
$query = "INSERT INTO `admin`(`admin_image1`,`path1`) VALUES ('$image_name','$mysql_path') where username = :user";
$query_params = array(
':user' => $_POST['username'],
':image_name' => $image_name,
':mysql_path' => $path,
);
//execute query
try {
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch (PDOException $ex) {
// For testing, you could use a die and message.
//die("Failed to run query: " . $ex->getMessage());
//or just use this use this one:
$response["success"] = 0;
$response["message"] = "Database Error. Couldn't Upload Image!";
die(json_encode($response));
}
$response["success"] = 1;
$response["message"] = "Image Uploaded Succesfully!";
echo json_encode($response);
}
}
?>
<form action="adminProfilePic.php" method="post" enctype="multipart/form-data">
Username: <input type="text" name="username">
<input type="file" name="image" >
<input type="submit" name="upload" value="Submit" >
</form>
~also, I'm not quite sure if my query_params is correct.
N.B.: There are 3 different types. 2 of which are different types of INSERT's and one UPDATE.
I used user as the column name, so you may want to either keep it, or adjust it.
I successfully tested this and do read throughout the code for additional comments.
Assuming DB variable in admin.config.inc.php is set to $db - If not, then you will need to modify the variable to suit/match,
As a regular INSERT use the following (An UPDATE version follows)
<?php
require('admin.config.inc.php');
if(isset($_POST['upload'])){
$image_name = $_FILES['image']['name'];
$image_type = $_FILES['image']['type'];
$image_size = $_FILES['image']['size'];
$image_tmp_name = $_FILES['image']['tmp_name'];
$path = "/home/********/public_html/StagConnect/admin/pictures/$image_name";
if($image_name==''){
echo "Don't just click! select an image please .";
exit();
}
else{
move_uploaded_file($image_tmp_name, $path);
$mysql_path = $path."/".$image_name;
// I am unsure of this line and how you are using it, so the UPDATE version follows.
// Test with the line below that for now
// $stmt = $db->prepare("INSERT INTO `admin_test_so` (`admin_image1`,`path1`) VALUES (:image_name,:mysql_path) where username = :user");
$stmt = $db->prepare("INSERT INTO `admin_test_so` (`admin_image1`,`path1`) VALUES (:image_name,:mysql_path)");
try {
$stmt->execute(array(
':image_name' => $image_name,
':mysql_path' => $path
));
}
catch (PDOException $ex) {
// For testing, you could use a die and message.
//die("Failed to run query: " . $ex->getMessage());
//or just use this use this one:
$response["success"] = 0;
$response["message"] = "Database Error. Couldn't Upload Image!";
die(json_encode($response));
}
$response["success"] = 1;
$response["message"] = "Image Uploaded Succesfully!";
echo json_encode($response);
/* my own tests to show what is set or not */
/*
echo "<hr>";
var_dump($image_name);
echo "<br>";
var_dump($path);
echo "<br>";
var_dump($_POST['username']);
*/
}
}
?>
UPDATE type, use the following:This will work with your WHERE clause, which will update a row if the user's name exists.
Again, assuming DB variable is set to $db
<?php
require('admin.config.inc.php');
$username=$_POST['username'];
if(isset($_POST['upload'])){
$image_name = $_FILES['image']['name'];
$image_type = $_FILES['image']['type'];
$image_size = $_FILES['image']['size'];
$image_tmp_name = $_FILES['image']['tmp_name'];
$path = "/home/********/public_html/StagConnect/admin/pictures/$image_name";
if($image_name==''){
echo "Don't just click! select an image please .";
exit();
}
else{
move_uploaded_file($image_tmp_name, $path);
$mysql_path = $path."/".$image_name;
$stmt = $db->prepare("UPDATE `admin_test_so` set admin_image1=:image_name, path1=:image_name where user = :user");
// update test_table set value=:value, value0=:value0 where value=:value
try {
$stmt->execute(array(
':user' => $username,
':image_name' => $image_name,
':mysql_path' => $path
));
}
catch (PDOException $ex) {
// For testing, you could use a die and message.
//die("Failed to run query: " . $ex->getMessage());
//or just use this use this one:
$response["success"] = 0;
$response["message"] = "Database Error. Couldn't Upload Image!";
die(json_encode($response));
}
$response["success"] = 1;
$response["message"] = "Image Uploaded Succesfully!";
echo json_encode($response);
/*
echo "<hr>";
var_dump($image_name);
echo "<br>";
var_dump($path);
echo "<br>";
var_dump($_POST['username']);
*/
}
}
?>
INSERT to also insert the username entered, use the following, which will enter 3 values.<?php
require('admin.config.inc.php');
$username=$_POST['username'];
if(isset($_POST['upload'])){
$image_name = $_FILES['image']['name'];
$image_type = $_FILES['image']['type'];
$image_size = $_FILES['image']['size'];
$image_tmp_name = $_FILES['image']['tmp_name'];
$path = "/home/********/public_html/StagConnect/admin/pictures/$image_name";
if($image_name==''){
echo "Don't just click! select an image please .";
exit();
}
else{
move_uploaded_file($image_tmp_name, $path);
$mysql_path = $path."/".$image_name;
$stmt = $db->prepare("INSERT INTO `admin_test_so` (`user`,`admin_image1`,`path1`) VALUES (:user,:image_name,:mysql_path)");
try {
$stmt->execute(array(
':user' => $username,
':image_name' => $image_name,
':mysql_path' => $path
));
}
catch (PDOException $ex) {
// For testing, you could use a die and message.
//die("Failed to run query: " . $ex->getMessage());
//or just use this use this one:
$response["success"] = 0;
$response["message"] = "Database Error. Couldn't Upload Image!";
die(json_encode($response));
}
$response["success"] = 1;
$response["message"] = "Image Uploaded Succesfully!";
echo json_encode($response);
/*
echo "<hr>";
var_dump($image_name);
echo "<br>";
var_dump($path);
echo "<br>";
var_dump($_POST['username']);
*/
}
}
?>
<form action="adminProfilePic.php" method="post" enctype="multipart/form-data">
Username: <input type="text" name="username">
<input type="file" name="image" >
<input type="submit" name="upload" value="Submit" >
</form>
You're try to bind :image_name and :mysql_path, but you insert it directly into the query. Change $image_name to :image_name and $mysql_path to :mysql_path.
$query = "INSERT INTO `admin`(`admin_image1`,`path1`) VALUES (:image_name',:mysql_path) where username = :user";
$query_params = array(
':user' => $_POST['username'],
':image_name' => $image_name,
':mysql_path' => $path,
);