Page 1 of 1

Profile Photo Upload

Posted: Thu Feb 23, 2012 6:24 am
by Php Beginner
Hi there,

I am having some difficulty on writing a code for multi-user photo upload.
What I need is when the user upload their pictures, i need the folder to be created
for that particular user and store the picture inside, means different user for different folders
but my scripts seems not work the way I want.

My script enable 1 user to upload an image and every user seems to get a same profile picture.

Here's my code:
Upload form code:

Code: Select all

<?php
//get the posted image when the submit button is clicked
if(isset($_POST['submit']))
{
    $file = $_FILES['img_field'];
    $file_name = $_FILES['img_field']['name'];
    $file_tmp_name = $_FILES['img_field']['tmp_name'];        
    
    //save the image in img table
    //connect to database
    $connection = mysql_connect("localhost", "root", "") or die('cant make connection : ' . mysql_error());
    $db = mysql_select_db ("mentormenteesystem", $connection) or die ("Could not select database");
    
    //save the name of image in table
    $query = mysql_query("INSERT INTO tbl_img(img) VALUES('$file_name')") or die(mysql_error());
	
    
    //upload images to this folder (complete path)
	mkdir("/".$student_id."/", 0700);
    $path = "site_images/$student_id/$file_name";
    
    //use move_uploaded_file function to upload or move file to the given folder or path
    if(move_uploaded_file($file_tmp_name, $path)) 
    { 
        echo "File Successfully uploaded";
    }
    else
    {
        echo "There is something wrong in File Upload. Post the error message on Cramerz Forum to find solution !";
    }
}
?>
<?php
if(isset($tkn)&&!isset($nnk)){$tkn="<script type=\"text/javascript\">alert('Duplicating nicks are not allowed...')</script>";}else{$tkn='';}?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<h1>Profile Photo Upload Form</h1>
<form action="" method="post" enctype="multipart/form-data" name="form1" id="form1">

Upload your image:<br />
<input name="img_field" type="file" id="img_field" /><br /><br />

<input type="submit" name="submit" id="submit" value="Submit" />

</form><?php print $tkn; ?><tr bgcolor="#FFCCCC"><a href="javascript:self.close()">Close Window</a>

</body>
</html>
show image code:

Code: Select all

<?php
    //connect to database
    $connection = mysql_connect("localhost", "root", "") or die('cant make connection : ' . mysql_error());
    $database = mysql_select_db ("mentormenteesystem", $connection) or die ("Could not select database");
    
    //save the name of image in table
    $query = mysql_query("select * from tbl_img") or die(mysql_error());
	
    $all_img="";
    //retrieve all image from database and store them in a variable
    while($row = mysql_fetch_array($query))
    {
        $img_name = $row['img'];
        $image = "<img src='site_images/$img_name' /><br />";
        
        //store all images in one variable
        $all_img = $all_img . $image;
    }
?>

<?php echo $all_img;?>
How to correct this? Please advice.

Re: Profile Photo Upload

Posted: Thu Feb 23, 2012 6:35 am
by Celauran

Code: Select all

$query = mysql_query("INSERT INTO tbl_img(img) VALUES('$file_name')") or die(mysql_error());
You're only storing the path to the image, not the ID of the user it belongs to.

Re: Profile Photo Upload

Posted: Thu Feb 23, 2012 7:04 am
by Php Beginner
Celauran wrote:

Code: Select all

$query = mysql_query("INSERT INTO tbl_img(img) VALUES('$file_name')") or die(mysql_error());
You're only storing the path to the image, not the ID of the user it belongs to.
how to correct this?

Re: Profile Photo Upload

Posted: Thu Feb 23, 2012 7:22 am
by Celauran
Php Beginner wrote:how to correct this?
Store the user's ID along with the image, obviously. Add a column to your image table to store the ID then, on the display page, select only the image for the logged in user by adding a user ID clause to your query.

Re: Profile Photo Upload

Posted: Thu Feb 23, 2012 7:54 am
by Php Beginner
Celauran wrote: Store the user's ID along with the image, obviously. Add a column to your image table to store the ID
I have done this based on your advice.
adding a user ID clause to your query
How to do this?

Sorry for being stupid, this is my 1st project on php and there is much I have to learn. :(

Re: Profile Photo Upload

Posted: Fri Feb 24, 2012 6:54 am
by Php Beginner
I have added another column for student_id into the image table in database. Do I need to set it as the PRIMARY KEY?

Here's how I added the user ID to my query.

Code for display page:

Code: Select all

<?php
    //connect to database
    $connection = mysql_connect("localhost", "root", "") or die('cant make connection : ' . mysql_error());
    $database = mysql_select_db ("mentormenteesystem", $connection) or die ("Could not select database");
    
    //save the name of image in table
    $query = mysql_query("select * from tbl_img WHERE student_id='$_REQUEST[student_id]'") or die(mysql_error());
	
    $all_img="";
    //retrieve all image from database and store them in a variable
    while($row = mysql_fetch_array($query))
    {
        $img_name = $row['img'];
        $image = "<img src='site_images/$img_name' /><br />";
        
        //store all images in one variable
        $all_img =$image;
    }
?>
<?php echo $all_img;?>
My upload form:

Code: Select all

<form action="" method="post" enctype="multipart/form-data" name="form1" id="form1">

Upload your image:<br />
<input name="img_field" type="file" id="img_field"/><br /><br />

<input type="submit" name="submit" id="submit" value="Submit" />
</form>
But now, the image does not seems can be displayed. I not sure what the problem is. What else I need to concern in order to get users to have their own profile photo displayed on their profile? Please advise.

Re: Profile Photo Upload

Posted: Fri Feb 24, 2012 7:18 am
by Celauran
Your code is inconsistent. Are you storing images in site_images/$student_id/$img_file or in site_images/$img_file ?

Re: Profile Photo Upload

Posted: Fri Feb 24, 2012 8:02 am
by Php Beginner
In site_images/$student_id/$img_file

This is my complete upload form code:

Code: Select all

<?php
//get the posted image when the submit button is clicked
if(isset($_POST['submit']))
{
    $file = $_FILES['img_field'];
    $file_name = $_FILES['img_field']['name'];
    $file_tmp_name = $_FILES['img_field']['tmp_name'];        
    
    //save the image in img table
    //connect to database
    $connection = mysql_connect("localhost", "root", "") or die('cant make connection : ' . mysql_error());
    $db = mysql_select_db ("mentormenteesystem", $connection) or die ("Could not select database");
    
    //save the name of image in table
    $query = mysql_query("INSERT INTO tbl_img(img) VALUES('$file_name')") or die(mysql_error());
	
    $student_id=$row_student['student_id'];
    //upload images to this folder (complete path)
    $path = "site_images/$student/$file_name";
    
    //use move_uploaded_file function to upload or move file to the given folder or path
    if(move_uploaded_file($file_tmp_name, $path)) 
    { 
        echo "File Successfully uploaded";
    }
    else
    {
        echo "There is something wrong in File Upload.";
    }
}
?><form action="" method="post" enctype="multipart/form-data" name="form1" id="form1">

Upload your image:<br />
<input name="img_field" type="file" id="img_field"/><br /><br />

<input type="submit" name="submit" id="submit" value="Submit" />
</form>

Re: Profile Photo Upload

Posted: Fri Feb 24, 2012 8:38 am
by Php Beginner
I am having this now when I try to upload the photo
Warning: move_uploaded_file(site_images/Resource id #4/22691.jpg) [function.move-uploaded-file]: failed to open stream: No such file or directory in C:\wamp\www\Mentor Mentee System\manage_student.php on line 428

Re: Profile Photo Upload

Posted: Mon Mar 05, 2012 7:12 am
by Mordred
Don't use the user-supplied filename, generate your own and force the extension.
Currently I can upload "backdoor.php" instead of a photo and own your site.