I Have a problem with saving a photo. When i put
<form action="" method="post" enctype="multipart/form-data">
i saves the photo on the path but it doesnt saves it on the database. Althought the other values are saved (title,date, id etc). When i put
<meta http-equiv="Content-Type" content="text/html">
<form action="" method="post" enctype="multipart/form-data">
the photo it is saved on the database but not on the path i choose i tried enctype="plain/text" still the same
any help?
Jump to PostYou should escape ALL input ($_POST) variables if you use them in mysql queries. Alternatively use bound parameters with prepared statements in PDO or mysqli.
I'm a bit confused as to saving the path to DB.
$name = $_POST['event_img'];Does not exist, does it? Wouldn't it …
Jump to Post^^or just $_FILES['event_img']['name'];
Not good practice to save the path as well in case it might change sometime into the future.
leave enctype as m/f.
You don't show any php code or form markup for us to look at.
What are you trying to save to the database? the path string or the photo itself.
if you are saving the path, you need to post the upload processing code for us to review. If you are saving the photo into the database, you need to use blob in the database and base64 encode the image file.
Sorry for the delay i ddnt know that the activation email was going on ht junk folder. I didnt posted the php code because i dont think thats wrong. Here it is
<?php
include_once('includes.php');
$file_exts = array("jpg", "bmp", "jpeg", "gif", "png");
$upload_exts = end(explode(".", $_FILES["event_img"]["name"]));
if ((($_FILES["event_img"]["type"] == "image/gif")
|| ($_FILES["event_img"]["type"] == "image/jpeg")
|| ($_FILES["event_img"]["type"] == "image/png")
|| ($_FILES["event_img"]["type"] == "image/pjpeg"))
&& ($_FILES["event_img"]["size"] < 2000000)
&& in_array($upload_exts, $file_exts))
move_uploaded_file($_FILES["event_img"]["tmp_name"],
'c:\wamp\www\wall/uploads/photos/events/' . $_FILES["event_img"]["name"]);
if(isset($_POST['Events']))
{
$event_id=mysql_real_escape_string($event_id);
$uid=mysql_real_escape_string($uid);
$title = $_POST['event_title'];
$date = $_POST['datetimepicker'];
$venue= $_POST['venue_name'];
$name = $_POST['event_img'];
$query = mysql_query("INSERT INTO events (event_id, user_id, event_title, event_date, venue_name, event_img) VALUES ('$event_id', '$uid', '$title', '$date', '$venue', '$name')") or die(mysql_error());
}
?>
c:\wamp\www\wall/uploads/photos/events/
That strikes me as odd, you've got backward slashes and forward slashed mixed up.
Best just to go with forward slashes and with that it should be more OS compliant - either windows or unix.
You should escape ALL input ($_POST) variables if you use them in mysql queries. Alternatively use bound parameters with prepared statements in PDO or mysqli.
I'm a bit confused as to saving the path to DB.
$name = $_POST['event_img'];
Does not exist, does it? Wouldn't it be...
$name = 'uploads/photos/events/' . $_FILES['event_img']['name'];
^^or just $_FILES['event_img']['name'];
Not good practice to save the path as well in case it might change sometime into the future.
That's true, the full path would have to change in all records if you did change the upload directory at some point.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.