tags:

views:

696

answers:

3
Q: 

Using PHP to upload an image and store data in MSSQL

Hi there, I'm attempting to upload an image as well as add details such as; title, description and filepath into a database table.

I'm using the following code, but it isn't adding any data to the database;

(The session.php include contains the database connectivity.)

<?php include('includes/session.php');

$uploadDir = 'submitted/pictures/';

if(isset($_POST['submit']))
{
$fileName = $_FILES['file']['name'];
$tmpName  = $_FILES['file']['tmp_name'];
$fileSize = $_FILES['file']['size'];
$fileType = $_FILES['file']['type'];

$filePath = $uploadDir . $fileName;

$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading <strong>file</strong>";
exit;
}

if(!get_magic_quotes_gpc())
{
    $fileName = addslashes($fileName);
    $filePath = addslashes($filePath);
}

$title = $_POST['title'];
$description = $_POST['description'];

$query = "INSERT INTO $user_pictures (file, title, description) VALUES ('$filePath', '$title', '$description')";

mssql_query($query); 

}

?>

The form code;

<form name="Image" enctype="multipart/form-data" action="upload-pics2.php" method="POST">
 Title <input type="text" name="title" maxlength="100" class="textbox" value="<?php echo $form->value("title"); ?>" />
 Description <textarea name="description" rows="8" cols="40" class="textbox" value="<?php echo $form->value("description"); ?>"></textarea>
 File <input type="file" name="file" accept="image/gif, image/jpeg, image/x-ms-bmp, image/x-png" size="26" class="textbox" />
 <input type="submit" name="submit" value="Upload" class="button" />
</form>

I was wondering if someone could tell me what might be going wrong?

Thank you.

+1  A: 

You has an error at this line if(isset($_POST['Upload']))

Change this to the if(isset($_POST['submit']))

antyrat  2009-10-09 13:52:50
+1  A: 

is the 'submitted/pictures/' writable? also you might want to run is_uploaded_file() for an extra layer of security.

Also your query seems to be wrong

"INSERT INTO $user_pictures ( file ) VALUES ('$filePath')"

$user_pictures needs to be a table

try 

"INSERT INTO `user_pictures` ( `file` ) VALUES ('$filePath')"
dotty  2009-10-09 13:57:32
@dotty Thanks for that. Apparently file is a keyword, so i will have to change that.
Neil Bradley  2009-10-09 14:00:02
what do you mean keyword?
dotty  2009-10-09 14:02:41
+1  A: 

This code do not work because of several problems.

First, you should rename one of html fields or change field name when you are checking for upload:

<input type="submit" name="Upload" value="Upload" class="button" />

or

if(isset($_POST['submit']))

Second one, this script will not store any data into DB. You should get, sanitize and write data into according fields, for example:

$title = mysql_real_escape_string($_POST['title']);
$description = mysql_real_escape_string($_POST['description']);
$query = "INSERT INTO $user_pictures (file, title, description) VALUES ('$filePath', '$title', '$description')";

You should make sure these fields present in DB, if not - you should create them:

ALTER table user_pictures ADD column description text, add column title varchar(255);
Max S. Yarchevsky  2009-10-09 14:02:43
Hey Max, is there an MSSQL equivalent to mysql_real_escape_string ?
Neil Bradley  2009-10-09 14:12:11
Now seem to be getting this error;Warning: mssql_query() [function.mssql-query]: message: Incorrect syntax near '('. (severity 15) in upload-pics2.php on line 31
Neil Bradley  2009-10-09 14:15:26
no, there is no equivalent to escape mssql, but you can use simple escaping function: function mssql_escape_string($string_to_escape) { $replaced_string = str_replace("'","''",$string_to_escape); return $replaced_string; } and then call $title = mssql_escape_string($_POST['title']);$description = mssql_escape_string($_POST['description']);
Max S. Yarchevsky  2009-10-09 14:22:26
I have no ideas on that warning, sorry. :(Only can recommend to check syntax of the query.
Max S. Yarchevsky  2009-10-09 14:26:24
No worries Max. Got it working now, just need to put some validation in to check for correct file type, file size and to display a success/error messages.
Neil Bradley  2009-10-09 15:04:24

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases