Hell,,
I am trying to send images to he databse but not getting any response the images are not sending in the database can any one help me out

function add_watch() {
    global $connection;

    $prodimg= $_FILES["prodimg"]['name'];
    $prodtype=$_FILES["prodimg"]['type'];
    $prodtemp=$_FILES["prodimg"]['tmp_name'];
    $target_path = 'Products/'.$prodimg;

    $id     = $_POST["u_id"];
    $brand  = $_POST["brand"];
    $model  = $_POST["model"];
    $reff   = $_POST["reff"];
    $retail = $_POST["retail"];
    $disc   = $_POST["disc"];
    $price  = $_POST["price"];
    echo $paper  = $_POST["papers"];
    $cmts   = $_POST["cmts"];
    $cond   = $_POST["cond"];
    $mtrl   = $_POST["mtrl"];
    $box    = $_POST["box"];
    echo $seller  = $_POST["seller"];
    $serial = $_POST["serial"];

    move_uploaded_file($prodimg, $target_path);

    $query = "insert into products(brand, u_id, model, reff, cmts, cond, mtrl, retail, disc, price, box, paper, serial, seller, image)";
    $query .= " values('$brand', '$id', '$model', '$reff', '$cmts', '$cond', '$mtrl', '$retail', '$disc', '$price', '$box', '$paper', '$serial', $seller', '$prodtmp')";

    if (isset($_POST["add"])) {
        $query_confirm = mysqli_query($connection, $query);
        header("Location:watch_search.php");
    } 
}

here is the form

            <form method="post" action="add_watch.php?uid=<?php echo $_SESSION["uid"]; ?>">
            <input type="hidden" name="u_id" value="<?php echo $_SESSION["uid"]; ?>" />
            <div class="info">
                <label>
                    <p class="info_staic">Brand</p>
                    <p class="info_dynamic"><input type="text" class="field" name="brand" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Model</p>
                    <p class="info_dynamic"><input type="text" class="field" name="model" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Ref.#</p>
                    <p class="info_dynamic"><input type="text" class="field" name="reff" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Retail Price</p>
                    <p class="info_dynamic"><input type="text" class="field" name="retail" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Disc</p>
                    <p class="info_dynamic"><input type="text" class="field" name="disc" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Price</p>
                    <p class="info_dynamic"><input type="text" class="field" name="price" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Seller</p>
                    <p class="info_dynamic"><input type="text" class="field" name="seller" required /></p>
                    <div class="clear"></div>
                </label>

            </div><!-- End of content left-->

            <div class="info">
                <label>
                    <p class="info_staic">CMTS</p>
                    <p class="info_dynamic"><input type="text" class="field" name="cmts" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Condition</p>
                    <p class="info_dynamic"><input type="text" class="field" name="cond" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Material</p>
                    <p class="info_dynamic"><input type="text" class="field" name="mtrl" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Box</p>
                    <p class="info_dynamic"><input type="text" class="field" name="box" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Papers</p>
                    <p class="info_dynamic"><input type="text" class="field" name="papers" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Serial</p>
                    <p class="info_dynamic"><input type="text" class="field" name="serial" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                    <p class="info_staic">Papers</p>
                    <p class="info_dynamic"><input type="text" class="field" name="papers" required /></p>
                    <div class="clear"></div>
                </label>



                <label>
                    <p class="info_staic">Watch Image</p>
                    <p class="info_dynamic"><input type="file" class="field" name="prodimg" required /></p>
                    <div class="clear"></div>
                </label>

                <label>
                <input type="submit" class="btn" value="Add New" name="add" style="margin:0;" />
                <div class="clear"></div>
                <label>
            </div><!-- End of content right-->
            </form>
        <div class="clear"></div> 

Thank You

You say you're moving images to the database but is it the move_upload_file you are having trouble with?
If it is, that function returns a warning if something goes wrong so you can turn warnings on and see the problem. But you can also check the filename stored in $prodimg is valid and that your destination folder exists and is writable.

Member Avatar

Before trying to use this, I think we should point out that you ar open to SQL injections with this and therefore should consider using prepared statements - or at the very least use mysqli_real_escape_string (yuk!).

ALso - the session uid - not sure what this is, but is it sensitive data? ALso does it need to be in the querystring and as a hidden field?

@diafol

Well uid is stored in session because only who's logged in can insert data so its a logged in user so I got uid which is stored in session did i mean to say its stored in form as hidden fieldi took correct step or should i have to use it in hidden field??

Member Avatar

You don.t need it to be passed at all if it.s a session variable as it.s available everywhere. So no need to add it to URL. No need to add it to form. As far as I can see

Hello,

okay i set this into the URL but stil the image is not sending in the folder na dnot saving in the database as well.. what should i do now?

Member Avatar

Show you're updated code if you've changed it

function add_watch() {
    global $connection;

    $prodimg= mysqli_real_escape_string($_FILES["prodimg"]['name']);
    $prodtype=$_FILES["prodimg"]['type'];
    $prodtemp=$_FILES["prodimg"]['tmp_name'];

    move_uploaded_file($prodtemp,'images/product/'.$prodimg);

    $id     = $_SESSION["uid"];
    $brand  = mysqli_real_escape_string($_POST["brand"]);
    $model  = mysqli_real_escape_string($_POST["model"]);
    $reff   = mysqli_real_escape_string($_POST["reff"]);
    $retail = mysqli_real_escape_string($_POST["retail"]);
    $disc   = mysqli_real_escape_string($_POST["disc"]);
    $price  = mysqli_real_escape_string($_POST["price"]);
    $paper  = mysqli_real_escape_string($_POST["papers"]);
    $cmts   = mysqli_real_escape_string($_POST["cmts"]);
    $cond   = mysqli_real_escape_string($_POST["cond"]);
    $mtrl   = mysqli_real_escape_string($_POST["mtrl"]);
    $box    = mysqli_real_escape_string($_POST["box"]);
    $paper  = mysqli_real_escape_string($_POST["paper"]);
    $serial = mysqli_real_escape_string($_POST["serial"]);

    $query = "insert into products(brand, u_id, model, reff, cmts, cond, mtrl, retail, disc, price, box, paper, serial, image)";
    $query .= " values('$brand', '$id', '$model', '$reff', '$cmts', '$cond', '$mtrl', '$retail', '$disc', '$price', '$box', '$paper', '$serial', '$prodimg')";

    if (isset($_POST["add"])) {
        $query_confirm = mysqli_query($connection, $query);

        header("Location: watch_search.php");
    } 
}

and one thing more no other user like guests cannot add watches only registered users are allowed to add watches that is why i have placed id

Member Avatar

OK, this is getting pretty fragmented. Only show the form if a registered user is logged in - do not show it otherwise - so a guest can't post the form in the first place.

The session uid should be used as a check when form is posted to the handler:

if(isset($_SESSION['uid']) && $_POST) add_watch($connection);

Don't use 'global' - pass the connection as a parameter.

Your image is not being saveed probably due to the wrong enctype:

<form method="post" action="add_watch.php">

Should be:

<form method="post" action="add_watch.php" enctype="multipart/form-data">

perfect so this small thing was disturbing me for last 2 days OMG so typical to come out from the bugs .

Thank You very much I have one small bug can you help me out with that as well should I have to open a new post for thatright??

Member Avatar

You may as well shove it in here if it's related to the code you've already posted. If not and it's unrelated, then, yes, post a new thread.