upload image file to directory, image name to db
Posted: Wed Mar 25, 2009 12:51 am
hello,
can someone please take a look at this code and let me know where i've gone wrong? i'm going in circles and getting the same results. currently, my postTable has a field for an optional image addition. the field is image_data (blob). with my code now, if a pic is added, i receive NO image/file on my directory, i only receive an entry into my db... the field populates with the file name(eg. picone.gif... stored as BLOB - 10B.
can someone please take a look at this code and let me know where i've gone wrong? i'm going in circles and getting the same results. currently, my postTable has a field for an optional image addition. the field is image_data (blob). with my code now, if a pic is added, i receive NO image/file on my directory, i only receive an entry into my db... the field populates with the file name(eg. picone.gif... stored as BLOB - 10B.
Code: Select all
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
// define a constant for the maximum upload size
define ('MAX_FILE_SIZE', 51200);
if (isset($_FILES['image_data'])) {
// define constant for upload folder
define('UPLOAD_DIR', '/domains/mysite.com/public_html/upload');
// replace any spaces in original filename with underscores
// at the same time, assign to a simpler variable
$file = str_replace(' ', '_', $_FILES['image_data']);
// convert the maximum size to KB
$max = number_format(MAX_FILE_SIZE/1024, 1).'KB';
// create an array of permitted MIME types
$permitted = array('image_data/gif', 'image_data/jpeg', 'image_data/pjpeg', 'image_data/png');
// begin by assuming the file is unacceptable
$sizeOK = false;
$typeOK = false;
// check that file is within the permitted size
if ($_FILES['image_data']['size'] > 0 && $_FILES['image_data']['size'] <= MAX_FILE_SIZE) {
$sizeOK = true;
}
// check that file is of a permitted MIME type
foreach ($permitted as $type) {
if ($type == $_FILES['image_data']['type']) {
$typeOK = true;
break;
}
}
if ($sizeOK && $typeOK) {
$success = move_uploaded_file($_FILES['image_data']['tmp_name'], UPLOAD_DIR.'/'.$file);
}
$insertSQL = sprintf("INSERT INTO postingTable (post_id, post_title, product_name, user_id, post_date, buy_or_share, category_name, image_data) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['post_id'], "int"),
GetSQLValueString($_POST['post_title'], "text"),
GetSQLValueString($_POST['product_name'], "text"),
GetSQLValueString($_POST['user_id'], "int"),
GetSQLValueString($_POST['post_date'], "defined", 'NOW()'),
GetSQLValueString($_POST['buy_or_share'], "text"),
GetSQLValueString($_POST['category_name'], "text"),
GetSQLValueString($_FILES['image_data'], "text"));
mysql_select_db($database_connUser, $connUser);
$Result1 = mysql_query($insertSQL, $connUser) or die(mysql_error());
$insertGoTo = "userprofile.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
}