How to upload multiple image in one record database SQL?

The query doesn’t look correct to me. Leaving aside using the deprecated mysql() calls rather than mysqli or PDO, you list a set of column names that end

lat, lon, image1, image2, image3, image4,)

but you supply the following data:

$_POST['lat']
$_POST['lon']
$_POST['alamat']
$aMyUploads[0]
$aMyUploads[1]
$aMyUploads[2]
$aMyUploads[3]
$aMyUploads[4]

so you have an extra entry ‘alamat’, and an extra image as you supply potentially five, you specify 17 columns but provide 19 values. I’m also not sure what that hanging comma at the end of the column names in the query would do.

ok, i’ll try it.

This does look odd, i’m surprised you don’t get a MySQL error for it.

<?php
	if (isset($_POST['submit']))
	{ //Open 1
		$tipe_file1	= $_FILES['file1']['type']; // Why are we doing this?
		$tipe_file2	= $_FILES['file2']['type']; // Also, if the files are meant to be doing the same thing
		$tipe_file3	= $_FILES['file3']['type']; // Probably should have just called the field 'image[]' or something
		$tipe_file4	= $_FILES['file4']['type']; // And used an array. But we'll roll with it.
		if ($tipe_file1 == "image/jpeg" || $tipe_file1 == "image/jpg"){ //$_FILES['file1']['type'] works here instead. But instead... [Open2]
	$aMyUploads = array();
	foreach ($_FILES as $aFile) { //Open3
             //Better yet, lets put the type check if HERE, and check $aFile['type'] instead.
		if(0 === $aFile['error']){ //Open4
		$newLocation = 'foto/'.$aFile['name'];
		if(0 === $aFile['error'] && (false !== move_uploaded_file($aFile['tmp_name'], $newLocation))){ //We did already check $aFile['error']. [Open5]
		$aMyUploads[] = $newLocation;
		} else {
		$aMyUploads[] = '';
		} //[Close5]
	}//Close4
}//Close3

    	print_r($aMyUploads); //I assume this looks 'right' to you at this point.
    mysql_query("INSERT INTO smamakudus (nss, npsn, nama_sekolah, jenis_sekolah, akreditasi, alamat, tlp, web, jmlguru, jmlsiswa, kecamatan, lat, lon, image1, image2, image3, image4,) VALUES
    (
    '".$_POST['nss']."',
    '".$_POST['npsn']."',
    '".$_POST['nama_sekolah']."',
    '".$_POST['jenis_sekolah']."',
    '".$_POST['akreditasi']."',
    '".$_POST['alamat']."',
    '".$_POST['tlp']."',
    '".$_POST['web']."',
    '".$_POST['jmlguru']."',
    '".$_POST['jmlsiswa']."',
    '".$_POST['kecamatan']."',
    '".$_POST['lat']."',
    '".$_POST['lon']."',
    '".$_POST['alamat']."', //This shouldnt be here.
    '".$aMyUploads[0]."',
    '".$aMyUploads[1]."',
    '".$aMyUploads[2]."',
    '".$aMyUploads[3]."',
    '".$aMyUploads[4]."',)") or die(mysql_error());; //Double Semicolon All the way cross the sky what does it mean?
//Also... you've got 5 entries for "$aMyUploads" here, but you only have 4 fields.
     echo "<script>alert('Successfully added')</script>";
    	}else{ 
            // This should be an abort sequence inside the foreach; instead of asserting that the file type is one of the two assert that if it is not-either of the two, throw a message and continue;
    		echo "<script>alert('Failed to add data! Images must be inputed at last one and filetype JPG/JPEG')</script>
    		<script>setTimeout(\"self.history.back();\",0000);</script>";
    		}//[Close2]
    }//[Close1]
    echo "</div>
    	</div>";
?>

MySQL should fail this query every time because the number of values provided (19) doesn’t match the number of field names (17).

Additional notes:

  1. Check into Normalizing your data.
  2. mysql_ is deprecated and being removed in PHP7. Consider strongly learning PDO instead, or at the very least, upgrading to mysqli_.

I fix it with specify 17 columns value, but i get this error

“Array ( [0] => foto/005.jpg [1] => foto/006.jpg ) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘)’ at line 19”.

*I’m newbie in php n sql… Help me :frowning:

The number of columns specified and the number of column values must match. If you specify17 columns, you need 17 column values.

Also you seem to be doing this:
(value1, value2, value3,)

You shouldn’t have a comma before the closing bracket. So like this:
(value1, value2, value3)

Yeah i’m newbie in programming PHP n SQL …hihihi,
i’m using old php n my_sql cause some script that i use need run in php 5.2

i’m fix this value like this :

   mysql_query("INSERT INTO smamakudus (nss, npsn, nama_sekolah, jenis_sekolah, akreditasi, alamat, tlp, web, jmlguru, jmlsiswa, kecamatan, lat, lon, foto, foto2, foto3, foto4) VALUES
(
'".$_POST['nss']."',
'".$_POST['npsn']."',
'".$_POST['nama_sekolah']."',
'".$_POST['jenis_sekolah']."',
'".$_POST['akreditasi']."',
'".$_POST['alamat']."',
'".$_POST['tlp']."',
'".$_POST['web']."',
'".$_POST['jmlguru']."',
'".$_POST['jmlsiswa']."',
'".$_POST['kecamatan']."',
'".$_POST['lat']."',
'".$_POST['lon']."',
'".$aMyUploads[0]."',
'".$aMyUploads[1]."',
'".$aMyUploads[2]."',
'".$aMyUploads[3]."')") or die(mysql_error());;

but the values still doesn’t send to my table “smamakudus”.
parsed like this '".$_POST['name']."' or '$_POST[name]' which allowed?

What does your mysql_error say now?

OH GOD, n thanks guys… It fixed with this code above…
Not send cause the $_POST values is not match with the column in the table… HIihihiii…
Many Thanks… :smile:

@StarLion : help me, how can i describe that all 4 file images must have filetype “JPEG/JPG” ?
in this code bellow showing that only file 1 must type “JPG/JPEG”

$tipe_file1	= $_FILES['file1']['type']; // Why are we doing this?
	$tipe_file2	= $_FILES['file2']['type']; // Also, if the files are meant to be doing the same thing
	$tipe_file3	= $_FILES['file3']['type']; // Probably should have just called the field 'image[]' or something
	$tipe_file4	= $_FILES['file4']['type']; // And used an array. But we'll roll with it.
	if ($tipe_file1 == "image/jpeg" || $tipe_file1 == "image/jpg" //how should be this code? Thanks

As i mention a few lines down, what i would do is move that if down into the foreach, invert the condition, and use it as a skipper.

foreach($_FILES AS $aFile) {
  if ($aFile['type'] != "image/jpeg" && $aFile['type'] != "image/jpg") { echo "Image ".$aFile['name']." was not a JPEG. Skipping."; continue; }

Key to thinking: You want to check EACH file. So…the code shoulld be part of the for each

Good news.
mysqli_ PHP ver. 5.0.0 +
PDO PHP ver 5.1 +

Do yourself a favor and leave mysql_

Thanks “Star…” It works

Why mysql should be leaved??

And what advantages n disadvantages if using mysqli or PDO beside mysql?

It’s being removed in PHP7. So your code will break eventually in the near future.

Once you’ve migrated to either mysqli or PDO you need to use prepared statements to eliminate the risk of sql injection attacks, right now you’re code is wide open to sql injection attacks

Hii,
i get some problem again.
The input data is filled up now, but how to update the data value and changed the images based column “image1, image2, image3, image4” ?
form images input like this :

<tr>
	<td>Images </td><td>*)Dikosongkan jika tidak diganti<br/> <input type='file' style='padding:5px;width:250px;background:#f0f0f0;' name='file1' id='f1' placeholder='image1'/><br /> <input type='file' style='padding:5px;width:250px;background:#f0f0f0;' name='file2' id='f2' placeholder='image2' /><br />
		<input type='file' style='padding:5px;width:250px;background:#f0f0f0;' name='file3' id='f3' placeholder='image3'/><br />
		<input type='file' style='padding:5px;width:250px;background:#f0f0f0;' name='file4' id='f4' placeholder='image4'/></td></tr>

if using foreach($_FILES as $aFile){} the images can’t change in a right column, like input ‘image2’ will change a content in column ‘images2’ and unlink the image that saved before
my code update :

mysql_query("UPDATE smamakudus SET nss='$_POST[nss]', npsn='$_POST[npsn]', nama_sekolah='$_POST[nama_sekolah]', jenis_sekolah='$_POST[jenis_sekolah]', akreditasi='$_POST[akreditasi]', alamat='$_POST[alamat]',tlp='$_POST[tlp]',web='$_POST[web]',jmlguru='$_POST[jmlguru]',jmlsiswa='$_POST[jmlsiswa]',kecamatan='$_POST[kecamatan]', image1='$aMyUploads[0]', image2='$aMyUploads[1]', image3='$aMyUploads[2]', image4='$aMyUploads[3]' ,lat='$_POST[lat]',lon='$_POST[lon]' where id='$_POST[id]'");
unlink("foto/$_POST[nama_gambar]");

How can i do to solve this?

All those $_POST calls inside of the update can be used to apply any data at all into your statement - you don;t know what that UPDATE will do because you don’t know what someone will tell it to do - simplest would be to delete your database, slightly more complicated would be to overflow your server space with junk. Of course if someone other than a script kiddie used that obvious attack vector then you might be held responsible for the virus that wipes out the internet.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.