0

Hell,,
I am trying to send images to he databse but not getting any response the images are not sending in the database can any one help me out

function add_watch() {
    global $connection;

    $prodimg= $_FILES["prodimg"]['name'];
    $prodtype=$_FILES["prodimg"]['type'];
    $prodtemp=$_FILES["prodimg"]['tmp_name'];
    $target_path = 'Products/'.$prodimg;

    $id     = $_POST["u_id"];
    $brand  = $_POST["brand"];
    $model  = $_POST["model"];
    $reff   = $_POST["reff"];
    $retail = $_POST["retail"];
    $disc   = $_POST["disc"];
    $price  = $_POST["price"];
    echo $paper  = $_POST["papers"];
    $cmts   = $_POST["cmts"];
    $cond   = $_POST["cond"];
    $mtrl   = $_POST["mtrl"];
    $box    = $_POST["box"];
    echo $seller  = $_POST["seller"];
    $serial = $_POST["serial"];

    move_uploaded_file($prodimg, $target_path);

    $query = "insert into products(brand, u_id, model, reff, cmts, cond, mtrl, retail, disc, price, box, paper, serial, seller, image)";
    $query .= " values('$brand', '$id', '$model', '$reff', '$cmts', '$cond', '$mtrl', '$retail', '$disc', '$price', '$box', '$paper', '$serial', $seller', '$prodtmp')";

    if (isset($_POST["add"])) {
        $query_confirm = mysqli_query($connection, $query);
        header("Location:watch_search.php");
    } 
}

here is the form

            <form method="post" action="add_watch.php?uid=<?php echo $_SESSION["uid"]; ?>">
            <input type="hidden" name="u_id" value="<?php echo $_SESSION["uid"]; ?>" />
            <div class="info">
                <label>
                    <p class="info_staic">Brand</p>
                    <p class="info_dynamic"><input type="text" class="field" name="brand" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Model</p>
                    <p class="info_dynamic"><input type="text" class="field" name="model" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Ref.#</p>
                    <p class="info_dynamic"><input type="text" class="field" name="reff" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Retail Price</p>
                    <p class="info_dynamic"><input type="text" class="field" name="retail" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Disc</p>
                    <p class="info_dynamic"><input type="text" class="field" name="disc" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Price</p>
                    <p class="info_dynamic"><input type="text" class="field" name="price" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Seller</p>
                    <p class="info_dynamic"><input type="text" class="field" name="seller" required /></p>
                    <div class="clear"></div>
                </label>

            </div><!-- End of content left-->

            <div class="info">
                <label>
                    <p class="info_staic">CMTS</p>
                    <p class="info_dynamic"><input type="text" class="field" name="cmts" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Condition</p>
                    <p class="info_dynamic"><input type="text" class="field" name="cond" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Material</p>
                    <p class="info_dynamic"><input type="text" class="field" name="mtrl" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Box</p>
                    <p class="info_dynamic"><input type="text" class="field" name="box" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Papers</p>
                    <p class="info_dynamic"><input type="text" class="field" name="papers" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Serial</p>
                    <p class="info_dynamic"><input type="text" class="field" name="serial" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Papers</p>
                    <p class="info_dynamic"><input type="text" class="field" name="papers" required /></p>
                    <div class="clear"></div>
                </label>



                <label>
                    <p class="info_staic">Watch Image</p>
                    <p class="info_dynamic"><input type="file" class="field" name="prodimg" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                <input type="submit" class="btn" value="Add New" name="add" style="margin:0;" />
                <div class="clear"></div>
                <label>
            </div><!-- End of content right-->
            </form>
        <div class="clear"></div> 

Thank You

3
Contributors
11
Replies
43
Views
2 Years
Discussion Span
Last Post by diafol
0

You say you're moving images to the database but is it the move_upload_file you are having trouble with?
If it is, that function returns a warning if something goes wrong so you can turn warnings on and see the problem. But you can also check the filename stored in $prodimg is valid and that your destination folder exists and is writable.

0

Before trying to use this, I think we should point out that you ar open to SQL injections with this and therefore should consider using prepared statements - or at the very least use mysqli_real_escape_string (yuk!).

ALso - the session uid - not sure what this is, but is it sensitive data? ALso does it need to be in the querystring and as a hidden field?

0

@diafol

Well uid is stored in session because only who's logged in can insert data so its a logged in user so I got uid which is stored in session did i mean to say its stored in form as hidden fieldi took correct step or should i have to use it in hidden field??

0

You don.t need it to be passed at all if it.s a session variable as it.s available everywhere. So no need to add it to URL. No need to add it to form. As far as I can see

0

Hello,

okay i set this into the URL but stil the image is not sending in the folder na dnot saving in the database as well.. what should i do now?

0
function add_watch() {
    global $connection;

    $prodimg= mysqli_real_escape_string($_FILES["prodimg"]['name']);
    $prodtype=$_FILES["prodimg"]['type'];
    $prodtemp=$_FILES["prodimg"]['tmp_name'];

    move_uploaded_file($prodtemp,'images/product/'.$prodimg);

    $id     = $_SESSION["uid"];
    $brand  = mysqli_real_escape_string($_POST["brand"]);
    $model  = mysqli_real_escape_string($_POST["model"]);
    $reff   = mysqli_real_escape_string($_POST["reff"]);
    $retail = mysqli_real_escape_string($_POST["retail"]);
    $disc   = mysqli_real_escape_string($_POST["disc"]);
    $price  = mysqli_real_escape_string($_POST["price"]);
    $paper  = mysqli_real_escape_string($_POST["papers"]);
    $cmts   = mysqli_real_escape_string($_POST["cmts"]);
    $cond   = mysqli_real_escape_string($_POST["cond"]);
    $mtrl   = mysqli_real_escape_string($_POST["mtrl"]);
    $box    = mysqli_real_escape_string($_POST["box"]);
    $paper  = mysqli_real_escape_string($_POST["paper"]);
    $serial = mysqli_real_escape_string($_POST["serial"]);

    $query = "insert into products(brand, u_id, model, reff, cmts, cond, mtrl, retail, disc, price, box, paper, serial, image)";
    $query .= " values('$brand', '$id', '$model', '$reff', '$cmts', '$cond', '$mtrl', '$retail', '$disc', '$price', '$box', '$paper', '$serial', '$prodimg')";

    if (isset($_POST["add"])) {
        $query_confirm = mysqli_query($connection, $query);

        header("Location: watch_search.php");
    } 
}
0

and one thing more no other user like guests cannot add watches only registered users are allowed to add watches that is why i have placed id

0

OK, this is getting pretty fragmented. Only show the form if a registered user is logged in - do not show it otherwise - so a guest can't post the form in the first place.

The session uid should be used as a check when form is posted to the handler:

if(isset($_SESSION['uid']) && $_POST) add_watch($connection);

Don't use 'global' - pass the connection as a parameter.

Your image is not being saveed probably due to the wrong enctype:

<form method="post" action="add_watch.php">

Should be:

<form method="post" action="add_watch.php" enctype="multipart/form-data">

Edited by diafol

0

perfect so this small thing was disturbing me for last 2 days OMG so typical to come out from the bugs .

Thank You very much I have one small bug can you help me out with that as well should I have to open a new post for thatright??

0

You may as well shove it in here if it's related to the code you've already posted. If not and it's unrelated, then, yes, post a new thread.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.