SitePoint Sponsor

User Tag List

Results 1 to 25 of 25
  1. #1
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Image Upload, How Does It Work?

    Hi,

    I am trying to add an image upload script however I am confused has to how it works. Is the image added to a file which I designate and then add a link to the database?

    Can anyone advise how an image upload script works?

  2. #2
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    6,060
    Mentioned
    219 Post(s)
    Tagged
    12 Thread(s)
    You can either upload a file to your server's file system (that is, the uploaded file is stored on your server, as is).
    Or, you can upload a file to a database directly.
    Personally, I prefer the first method, as I can then browse the uploaded files with ease.

  3. #3
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    If I upload the image to a folder how is a link entered in the database to the image?

  4. #4
    Resident OCD goofball! bronze trophy Serenarules's Avatar
    Join Date
    Dec 2002
    Posts
    1,911
    Mentioned
    26 Post(s)
    Tagged
    0 Thread(s)
    That could be done a couple ways. Some people just stick the filename into the table, instead of the binary data. Others just store image stats, and then rename the uploaded file with the new records ID value. Just find something you like and go with it.

  5. #5
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    6,060
    Mentioned
    219 Post(s)
    Tagged
    12 Thread(s)
    FWIW, I'm just having to implement this functionality for a project I'm working on right now, so if you have any concrete questions, I'll be happy to help.
    Also, a quick Google search turns up tons of results as to how to do this: http://www.google.com/search?q=php+fileupload+script

  6. #6
    SitePoint Member Marcelc's Avatar
    Join Date
    Oct 2012
    Location
    Jakarta, Indonesia, Indonesia
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's pretty simple.
    Create a form with HTML, remember to set the method to post and include the enctype.
    Upon clicking submit, the file will be stored under tmp folder and can be access through $_FILE variable.
    Just move the file from tmp folder to designated folder and insert the path to your database.
    That's all

  7. #7
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    6,060
    Mentioned
    219 Post(s)
    Tagged
    12 Thread(s)
    Quote Originally Posted by Marcelc View Post
    It's pretty simple.
    Although this is true, don't forget there are various security concerns to bear in mind when allowing the general public to upload stuff to your server.
    Here is an article which details them: http://www.acunetix.com/websitesecur...rms-threat.htm

  8. #8
    SitePoint Member Marcelc's Avatar
    Join Date
    Oct 2012
    Location
    Jakarta, Indonesia, Indonesia
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    @Pullo: If I only allow registered user to upload files, does that add up to the security?

  9. #9
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    6,060
    Mentioned
    219 Post(s)
    Tagged
    12 Thread(s)
    It limits your exposure.
    Sadly, there's nothing stopping your registered users attempting to do malicious things to your web server, though.

  10. #10
    Resident OCD goofball! bronze trophy Serenarules's Avatar
    Join Date
    Dec 2002
    Posts
    1,911
    Mentioned
    26 Post(s)
    Tagged
    0 Thread(s)
    My apologies, for some reason I read your questions as being general in nature.

    I'd have a look at this page: http://us1.php.net/manual/en/feature...ost-method.php

    Related functions to look up: is_uploaded_file, move_uploaded_file, getimagesize, filesize, mime_content_type.

  11. #11
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    I attempted to use this example http://php.about.com/od/advancedphp/...e_upload_3.htm however I am unable to move the temp file to the permanent file which I have changed to test.

    It seems to add "upload.php" to the link I want to place the image in. Is this correct? I have tried around 10 different targets and the test folder is definitely active. Can anyone advise what the error is please?


    Code:
     $target = "http://www.website.com/test/"; 
     $target = $target . basename( $_FILES['uploaded']['name']) ; 
     $ok=1; 
     if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))


    Unable to move '/tmp/phpZecAhN' to 'http://www.website.com/test/imagetest.gif' in /home/test/website.com/test/upload.php on line 27

    Unable to move '/tmp/phpZecAhN' to 'http://www.website.com/test//imagetest.gif' in /home/test/website.com/test/upload.php on line 78

  12. #12
    SitePoint Addict kduv's Avatar
    Join Date
    May 2012
    Location
    Atlanta, GA
    Posts
    244
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    The first thing I'd do is check to make sure your test folder is writable.

  13. #13
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    6,060
    Mentioned
    219 Post(s)
    Tagged
    12 Thread(s)
    Quote Originally Posted by kduv View Post
    The first thing I'd do is check to make sure your test folder is writable.
    Yup, that's very probably the cause of the error.
    You need to make sure that the folder permissions are correct.
    Try changing them to 775.
    This might help a bit further: http://stackoverflow.com/questions/1...ith-php-apache

  14. #14
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Brilliant, that sorted the first error.

    I have tried to fix the second error by putting the full link into the code but this hasn't helped solve the problem.

    I do have folder called 'tmp'. Should the file go into their first as nothing appears in their or does it create a folder which I cant see. Any suggestions please?


    Code:
        echo "Upload: " . $_FILES["file"]["name"] . "<br />";
        echo "Type: " . $_FILES["file"]["type"] . "<br />";
        echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
        echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
    
        if (file_exists("http://www.website.com/test/" . $_FILES["file"]["name"]))
          {
          echo $_FILES["file"]["name"] . " already exists. ";
          }
        else
          {
          move_uploaded_file($_FILES["file"]["tmp_name"],
          "http://www.website.com/test/" . $_FILES["file"]["name"]);
          echo "Stored in: " . "http://www.website.com/test/" . $_FILES["file"]["name"];
          }
        }
      }

  15. #15
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    6,060
    Mentioned
    219 Post(s)
    Tagged
    12 Thread(s)
    Hi there,
    AFAIK file_exists only checks whether a file or directory exists on the same server as the script.
    Could you try changing that to a local path.

    Other that that could you post your full code (which is presumably a PHP script and a simple HTML form) and I'll take a look.

  16. #16
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Cheers dude, this is the full code.

    Like you say there is a simple HTML form on another page.


    Code:
    <?php
    if ($_FILES["file"]["error"] > 0)
      {
      echo "Error: " . $_FILES["file"]["error"] . "<br />";
      }
    else
      {
      echo "Upload: " . $_FILES["file"]["name"] . "<br />";
      echo "Type: " . $_FILES["file"]["type"] . "<br />";
      echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
      echo "Stored in: " . $_FILES["file"]["tmp_name"];
      }
    ?>
    <?php
    $allowedExts = array("jpg", "jpeg", "gif", "png");
    $extension = end(explode(".", $_FILES["file"]["name"]));
    if ((($_FILES["file"]["type"] == "image/gif")
    || ($_FILES["file"]["type"] == "image/jpeg")
    || ($_FILES["file"]["type"] == "image/png")
    || ($_FILES["file"]["type"] == "image/pjpeg"))
    && ($_FILES["file"]["size"] < 20000)
    && in_array($extension, $allowedExts))
      {
      if ($_FILES["file"]["error"] > 0)
        {
        echo "Error: " . $_FILES["file"]["error"] . "<br />";
        }
      else
        {
        echo "Upload: " . $_FILES["file"]["name"] . "<br />";
        echo "Type: " . $_FILES["file"]["type"] . "<br />";
        echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
        echo "Stored in: " . $_FILES["file"]["tmp_name"];
        }
      }
    else
      {
      echo "Invalid file";
      }
    ?>
    <?php
    $allowedExts = array("jpg", "jpeg", "gif", "png");
    $extension = end(explode(".", $_FILES["file"]["name"]));
    if ((($_FILES["file"]["type"] == "image/gif")
    || ($_FILES["file"]["type"] == "image/jpeg")
    || ($_FILES["file"]["type"] == "image/png")
    || ($_FILES["file"]["type"] == "image/pjpeg"))
    && ($_FILES["file"]["size"] < 20000)
    && in_array($extension, $allowedExts))
      {
      if ($_FILES["file"]["error"] > 0)
        {
        echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
        }
      else
        {
        echo "Upload: " . $_FILES["file"]["name"] . "<br />";
        echo "Type: " . $_FILES["file"]["type"] . "<br />";
        echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
        echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
    
        if (file_exists("http://www.website.com/test/" . $_FILES["file"]["name"]))
          {
          echo $_FILES["file"]["name"] . " already exists. ";
          }
        else
          {
          move_uploaded_file($_FILES["file"]["tmp_name"],
          "http://www.website.com/test/" . $_FILES["file"]["name"]);
          echo "Stored in: " . "http://www.website.com/test/" . $_FILES["file"]["name"];
          }
        }
      }
    else
      {
      echo "Invalid file";
      }
    ?>

  17. #17
    Always A Novice bronze trophy
    K. Wolfe's Avatar
    Join Date
    Nov 2003
    Location
    Columbus, OH
    Posts
    2,182
    Mentioned
    67 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by justlukeyou View Post
    Brilliant, that sorted the first error.

    I have tried to fix the second error by putting the full link into the code but this hasn't helped solve the problem.

    I do have folder called 'tmp'. Should the file go into their first as nothing appears in their or does it create a folder which I cant see. Any suggestions please?


    Code:
        echo "Upload: " . $_FILES["file"]["name"] . "<br />";
        echo "Type: " . $_FILES["file"]["type"] . "<br />";
        echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
        echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
    
        if (file_exists("http://www.website.com/test/" . $_FILES["file"]["name"]))
          {
          echo $_FILES["file"]["name"] . " already exists. ";
          }
        else
          {
          move_uploaded_file($_FILES["file"]["tmp_name"],
          "http://www.website.com/test/" . $_FILES["file"]["name"]);
          echo "Stored in: " . "http://www.website.com/test/" . $_FILES["file"]["name"];
          }
        }
      }
    Keep in mind that this code is being run FROM your server. With that said, you will always see a performance gain on both the front and back end if you avoid using the fully qualified name. PHP has access to the file system, so why create a new HTTP request when it is not needed?

    PHP Code:
     if (file_exists("/user/home/www/test/" $_FILES["file"]["name"]))
          {
          echo 
    $_FILES["file"]["name"] . " already exists. ";
          } 

  18. #18
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    I have put the full domain name in to get the right links as I thought that was the issue. I shall remove them when the code fully works.

    Any suggestions on what the last issue is please?

  19. #19
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    Any suggestions on how I can resolve this last issue please? Almost there with it.

  20. #20
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    6,060
    Mentioned
    219 Post(s)
    Tagged
    12 Thread(s)
    Quote Originally Posted by justlukeyou View Post
    Hi, Any suggestions on how I can resolve this last issue please? Almost there with it.
    Hi There,
    I had a look at your code and got it working.
    As far as I could see, the main error was that you were specifying the website url as an argument to move_uploaded_file and file_exists, you need to use the server path (e.g. /mnt/web/.../htdocs/yoursite/test/).
    Here is the revised code:
    Code PHP:
    <?php
    $allowedExts = array("jpg", "jpeg", "gif", "png");
    $extension = end(explode(".", $_FILES["file"]["name"]));
     
    if ($_FILES["file"]["size"] < 60000 && in_array($extension, $allowedExts))
      {
      if ($_FILES["file"]["error"] > 0)
        {
        echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
        }
      else
        {
        echo "Upload: " . $_FILES["file"]["name"] . "<br />";
        echo "Type: " . $_FILES["file"]["type"] . "<br />";
        echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
        echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
        if (file_exists("/mnt/web/.../htdocs/yoursite/test/" . $_FILES["file"]["name"]))
          {
          echo $_FILES["file"]["name"] . " already exists. ";
          }
        else
          {
          move_uploaded_file($_FILES["file"]["tmp_name"],
          "/mnt/web/.../htdocs/yoursite/test/" . $_FILES["file"]["name"]);
          echo "Stored in: " . "http://www.yoursite.com/test/" . $_FILES["file"]["name"];
          }
        }
      }
    else
      {
      echo "Invalid file";
      }
    ?>

  21. #21
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Cheers dudes, this now works fine.

    Now I just need to create a link in a database under a members profile. Any suggestions?

  22. #22
    Always A Novice bronze trophy
    K. Wolfe's Avatar
    Join Date
    Nov 2003
    Location
    Columbus, OH
    Posts
    2,182
    Mentioned
    67 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by justlukeyou View Post
    Cheers dudes, this now works fine.

    Now I just need to create a link in a database under a members profile. Any suggestions?
    Can you elaborate further on what you want to do?

  23. #23
    Gre aus'm Pott gold trophysilver trophybronze trophy
    Pullo's Avatar
    Join Date
    Jun 2007
    Location
    Germany
    Posts
    6,060
    Mentioned
    219 Post(s)
    Tagged
    12 Thread(s)
    Yup, not sure what you mean with "under a members profile".
    Creating a link in a database is straight forward though - just a matter of inserting the file path as a string into your db table.
    One point you might want to consider however, is giving the uploaded files unique names (with a time stamp or ip address or such), so that files with the same name do not overwrite each other.

  24. #24
    SitePoint Guru
    Join Date
    Feb 2007
    Posts
    731
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    The idea for the site is that people will be able to create member profiles and then upload a logo.

    Is it possible to create a folder for each member in which they can upload their company logo?

    How would a site like LinkedIn manage image upload?

  25. #25
    Always A Novice bronze trophy
    K. Wolfe's Avatar
    Join Date
    Nov 2003
    Location
    Columbus, OH
    Posts
    2,182
    Mentioned
    67 Post(s)
    Tagged
    2 Thread(s)
    http://php.net/manual/en/book.filesystem.php

    I personally do not store any images, or links to images in a db, I write in where a logo or file should be into the logic. Using the commands I gave you, once an image has been checked and uploaded, you can move the image, create directories etc based on your needs. One might problematically create a hierarchy system for the images to be stored like so:

    /usrs/$user/content/logo1.jpg

    Based on the profile being looked at, it checks that location for an existing logo. The same would be done when uploading the image, dynamically creating folders needed. Make sense?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •