How to store image link in database php/mysql

Question

I'm trying to allow an admin upload pictures of products in to the database, but I only want to store the link/url of the picture in the database and then store the uploaded file in a folder. This is what I've got so far, and I keep getting "Sorry there was a problem uploading your file".

Here is the PHP code:

if ($_FILES['product_image']['error'] == 0) { // checking the file for any errors
    $imgName = mysql_real_escape_string($_FILES['product_image']['name']); //returns the name of the image and stores it in variable $imgName
    $imgData = mysql_real_escape_string(file_get_contents($_FILES["product_image"]["tmp_name"])); // returns the content of the file and stores it in $imgData 
    $imgType = mysql_real_escape_string($_FILES["product_image"]["type"]); //returns image/whatever the image type is

    $targetFolder = "ProductImages/"; //directory where images will be stored...
    $targetFolder = $targetFolder . basename($imgName); //adds the image name to the directory
}

$sql = "INSERT INTO products " . "(product_name,product_model,product_price,product_width,product_height,product_weight,product_quantity,product_category,product_subcategory, product_image, product_description,date_added) " . "VALUES('$product_name','$product_model','$product_price','$product_width','$product_height','$product_weight','$product_quantity', '$product_category', '$product_subcategory', '$imgName', '$product_description', NOW())";
//echo $sql;
mysql_select_db('online_store');
$result     = mysql_query($sql, $conn);
$itemResult = "";
if (!$result) {
    die('Could not enter data: ' . mysql_error());
}
$itemResult = "Product has been added";
if (move_uploaded_file($imgData, "$targetFolder" . $imgName)) { // writes/stores the image in the targetfolder->ProductImages
    echo "The file " . basename($imgName) . "has been uploaded!";
} else {
    echo "Sorry, there was a problem uploading your file!";
}

and the HTML form:

<form id="product_form" name="product_form" enctype="multipart/form-data" action="inventory_list.php" method="post">

<label for="product_image">Product Image*:</label> <input type="file" name="product_image"id="product_image"/>
            </div>
<div>
            <button name="add" id="add">Add Item</button>
            </div>
</form

if (move_uploaded_file($imgData, "$targetFolder".$imgName)){ remove quotes from $targetFolder and try. — AyB
– AyB, Commented Apr 1, 2014 at 12:23
Looks like you are appending $imgName to your $targetFolder twice – first in your if statement on top, and then again within move_uploaded_file. — C3roe
– C3roe, Commented Apr 1, 2014 at 12:28
And of course you are handling escaping wrong (because you are applying mysql_real_escape_string to a value that you use as a filename afterwards). — C3roe
– C3roe, Commented Apr 1, 2014 at 12:29
And you are reading the contents of the uploaded file, and try to pass this data to move_uploaded_file as first parameter later, which is also nonsense … You should start reading what parameters functions actually expect in the manual, instead of going by trial&error (at least it looks like you’re doing the latter now). — C3roe
– C3roe, Commented Apr 1, 2014 at 12:30
@ICanHasCheezburger: I don't think that will cause problems as the variable will still be parsed as part of the string, however to keep things clear I guess it's better to remove the quotes — MMM
– MMM, Commented Apr 1, 2014 at 12:31

himansu · Accepted Answer · 2014-04-01 12:51:00Z

3

Use Sql Query Below.

$sql = "INSERT INTO products(`product_name`,`product_model`,`product_price`,`product_width`,`product_height`,`product_weight`,`product_quantity`,`product_category`,`product_subcategory`,`product_image`,`product_description`,`date_added`) VALUES('".$product_name."','".$product_model."','".$product_price."','".$product_width."','".$product_height."','".$product_weight."','".$product_quantity."', '".$product_category."', '".$product_subcategory."', '".$imgName."', '".$product_description."','".date("Y-m-d H:i:s")."')";

Also Change below line for upload image

$imgData = mysql_real_escape_string(file_get_contents($_FILES["product_image"]["tmp_name"]));

to

$imgData = $_FILES["product_image"]["tmp_name"];

edited Apr 1, 2014 at 12:51

answered Apr 1, 2014 at 12:38

himansu

1,9471 gold badge14 silver badges15 bronze badges

Sign up to request clarification or add additional context in comments.

3 Comments

seun Over a year ago

please what's the difference between this and the one I used? @himansu

seun Over a year ago

Please i would like to know why the "mysql_real_escape_string" was removed. @himansu

himansu Over a year ago

It's problem about file_get_contents and mysql_real_escape_string convert path to string.

Smit kalwal · Accepted Answer · 2014-04-01 12:32:13Z

Try this Hope this helps.Not tested

<form id="product_form" name="product_form" enctype="multipart/form-data" method="post" action="" >

<label for="product_image">Product Image*:</label> <input type="file" name="product_image" id="product_image" />
            </div>
<div>
            <button name="add" id="add">Add Item</button>
            </div>
</form>

PHP code :

<?php
        if ($_FILES['product_image']['error'] == 0) { // checking the file for any errors
            $imgName = mysql_real_escape_string($_FILES['product_image']['name']); //returns the name of the image and stores it in variable $imgName
            $imgData = mysql_real_escape_string(file_get_contents($_FILES["product_image"]["tmp_name"])); // returns the content of the file and stores it in $imgData 
            $imgType = mysql_real_escape_string($_FILES["product_image"]["type"]); //returns image/whatever the image type is

            $targetFolder = "ProductImages/"; //directory where images will be stored...
            $targetFolder = $targetFolder . basename($imgName); //adds the image name to the directory
        }

        $sql = "INSERT INTO products " . "(product_name,product_model,product_price,product_width,product_height,product_weight,product_quantity,product_category,product_subcategory, product_image, product_description,date_added) " . "VALUES('$product_name','$product_model','$product_price','$product_width','$product_height','$product_weight','$product_quantity', '$product_category', '$product_subcategory', '$imgName', '$product_description', NOW())";
        //echo $sql;
        mysql_select_db('online_store');
        $result     = mysql_query($sql, $conn);
        $itemResult = "";
        if (!$result) {
            die('Could not enter data: ' . mysql_error());
        }
        $itemResult = "Product has been added";
        if (move_uploaded_file($imgData, $targetFolder)) { // writes/stores the image in the targetfolder->ProductImages
            echo "The file " . basename($imgName) . "has been uploaded!";
        } else {
            echo "Sorry, there was a problem uploading your file!";
        }
?>

same problem.. The file name is stored in the database but it doesn't appear in the folder specified. @Swanish kalwal

toro2k · Accepted Answer · 2014-04-02 08:28:40Z

0

First of all in HTML form action="post" is incorrect, the action attribute should contain a path. The method attribute should contain post or get like this: method="get" or method="post".

edited Apr 2, 2014 at 8:28

toro2k

19.3k8 gold badges66 silver badges72 bronze badges

answered Apr 1, 2014 at 12:26

jmsiddhapura

574 bronze badges

Collectives™ on Stack Overflow

How to store image link in database php/mysql

3 Answers 3

3 Comments

1 Comment

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

3 Answers 3

3 Comments

1 Comment

Comments

Your Answer

Sign up or log in

Post as a guest

Related