Hi,
I am trying to add an image upload script however I am confused has to how it works. Is the image added to a file which I designate and then add a link to the database?
Can anyone advise how an image upload script works?
You can either upload a file to your server’s file system (that is, the uploaded file is stored on your server, as is).
Or, you can upload a file to a database directly.
Personally, I prefer the first method, as I can then browse the uploaded files with ease.
If I upload the image to a folder how is a link entered in the database to the image?
That could be done a couple ways. Some people just stick the filename into the table, instead of the binary data. Others just store image stats, and then rename the uploaded file with the new records ID value. Just find something you like and go with it.
FWIW, I’m just having to implement this functionality for a project I’m working on right now, so if you have any concrete questions, I’ll be happy to help.
Also, a quick Google search turns up tons of results as to how to do this: http://www.google.com/search?q=php+fileupload+script
It’s pretty simple.
Create a form with HTML, remember to set the method to post and include the enctype.
Upon clicking submit, the file will be stored under tmp folder and can be access through $_FILE variable.
Just move the file from tmp folder to designated folder and insert the path to your database.
That’s all 
Although this is true, don’t forget there are various security concerns to bear in mind when allowing the general public to upload stuff to your server.
Here is an article which details them: http://www.acunetix.com/websitesecurity/upload-forms-threat.htm
@Pullo: If I only allow registered user to upload files, does that add up to the security?
It limits your exposure.
Sadly, there’s nothing stopping your registered users attempting to do malicious things to your web server, though.
My apologies, for some reason I read your questions as being general in nature.
I’d have a look at this page: http://us1.php.net/manual/en/features.file-upload.post-method.php
Related functions to look up: is_uploaded_file, move_uploaded_file, getimagesize, filesize, mime_content_type.
Hi,
I attempted to use this example http://php.about.com/od/advancedphp/ss/php_file_upload_3.htm however I am unable to move the temp file to the permanent file which I have changed to test.
It seems to add “upload.php” to the link I want to place the image in. Is this correct? I have tried around 10 different targets and the test folder is definitely active. Can anyone advise what the error is please?
$target = "http://www.website.com/test/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ok=1;
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
Unable to move ‘/tmp/phpZecAhN’ to ‘http://www.website.com/test/imagetest.gif’ in /home/test/website.com/test/upload.php on line 27
Unable to move ‘/tmp/phpZecAhN’ to ‘http://www.website.com/test//imagetest.gif’ in /home/test/website.com/test/upload.php on line 78
The first thing I’d do is check to make sure your test folder is writable.
Yup, that’s very probably the cause of the error.
You need to make sure that the folder permissions are correct.
Try changing them to 775.
This might help a bit further: http://stackoverflow.com/questions/10990/what-are-the-proper-permissions-for-an-upload-folder-with-php-apache
Brilliant, that sorted the first error.
I have tried to fix the second error by putting the full link into the code but this hasn’t helped solve the problem.
I do have folder called ‘tmp’. Should the file go into their first as nothing appears in their or does it create a folder which I cant see. Any suggestions please?
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
if (file_exists("http://www.website.com/test/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"http://www.website.com/test/" . $_FILES["file"]["name"]);
echo "Stored in: " . "http://www.website.com/test/" . $_FILES["file"]["name"];
}
}
}
Hi there,
AFAIK file_exists only checks whether a file or directory exists on the same server as the script.
Could you try changing that to a local path.
Other that that could you post your full code (which is presumably a PHP script and a simple HTML form) and I’ll take a look.
Cheers dude, this is the full code.
Like you say there is a simple HTML form on another page.
<?php
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
}
?>
<?php
$allowedExts = array("jpg", "jpeg", "gif", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/png")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
}
}
else
{
echo "Invalid file";
}
?>
<?php
$allowedExts = array("jpg", "jpeg", "gif", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/png")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
if (file_exists("http://www.website.com/test/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"http://www.website.com/test/" . $_FILES["file"]["name"]);
echo "Stored in: " . "http://www.website.com/test/" . $_FILES["file"]["name"];
}
}
}
else
{
echo "Invalid file";
}
?>
Keep in mind that this code is being run FROM your server. With that said, you will always see a performance gain on both the front and back end if you avoid using the fully qualified name. PHP has access to the file system, so why create a new HTTP request when it is not needed?
if (file_exists("/user/home/www/test/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
Hi,
I have put the full domain name in to get the right links as I thought that was the issue. I shall remove them when the code fully works.
Any suggestions on what the last issue is please?
Hi,
Any suggestions on how I can resolve this last issue please? Almost there with it.
Hi There,
I had a look at your code and got it working.
As far as I could see, the main error was that you were specifying the website url as an argument to move_uploaded_file and file_exists, you need to use the server path (e.g. /mnt/web/…/htdocs/yoursite/test/).
Here is the revised code:
<?php
$allowedExts = array("jpg", "jpeg", "gif", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ($_FILES["file"]["size"] < 60000 && in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
if (file_exists("/mnt/web/.../htdocs/yoursite/test/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"/mnt/web/.../htdocs/yoursite/test/" . $_FILES["file"]["name"]);
echo "Stored in: " . "http://www.yoursite.com/test/" . $_FILES["file"]["name"];
}
}
}
else
{
echo "Invalid file";
}
?>