How to upload multiple image using longblob

if (count($_FILES) > 0) {
    if (is_uploaded_file($_FILES['userImage']['tmp_name'])) {

        $imgData = addslashes(file_get_contents($_FILES['userImage']['tmp_name']));
        $imageProperties = getimageSize($_FILES['userImage']['tmp_name']);

        $sql = "INSERT INTO trial (imageType ,imageData,uploaded_on, user_id,tax_payer_id)
				VALUES('{$imageProperties['mime']}', '{$imgData}',NOW(),'".$_SESSION['id']."','".$_GET['id']."')";
        $current_id =  mysqli_query($db, $sql) or die("<b>Error:</b> Problem on Image Insert<br/>" . mysqli_error($db));
		$current_id = mysqli_insert_id($db);
        if (isset($current_id)) {
           echo "Upload Succesfully";
        }else{
        	echo "There is a problem";
        }
    }
}
?>	
	
	<form name="frmImage" enctype="multipart/form-data" action="" method="post" 						class="frmImageUpload">
        <label>Upload QrCode File:</label><br /> 
        <input type="file" class="inputFile" name="userImage"  />
		<input type="hidden" name="imageID"  value="<?php if(!empty($_GET['id'])){ echo $_GET['id'];} ?>">
        <input type="submit" value="Submit" class="btnSubmit" />
    </form>

I want to upload multiple images using LONGBLOB.

Would need to be changed to an array input by adding [] to the name and adding the attribute multiple.

<input type="file" class="inputFile" name="userImage[]" multiple />

The processing script would also need to handle this as an array with the extra open KEYs, i.e. 0, 1, 2, 3, etc. You can loop through this array using while(). Your processing would go where the example is.

while(list($key,$value) = each($_FILES['userImage']['name']))
{
	if(!empty($value))
	{	
		//Example of how you apply the KEY to get the value
		$_FILES['userImage']['tmp_name'][$key];

	}
}

Note: This is an outdated approach, like me I guess. :smirk:

should I just copy and paste this code
while(list($key,$value) = each($_FILES[‘userImage’][‘name’]))
{
if(!empty($value))
{
//Example of how you apply the KEY to get the value
$_FILES[‘userImage’][‘tmp_name’][$key];

}

}
or do I need to change in my code?

You would place your code where the example is and LIKE the example you would use the extra array [$key] where you do not have it. I was hoping you can figure it out.

OK… A more familiar approach to iterate an array is to use foreach. What you would see in normal multiple upload would be an array something like this.

Array
(
    [name] => Array
        (
            [0] => 001.jpg
            [1] => 002.jpg
            [2] => 003.jpg
            [3] => 004.jpg
        )

    [type] => Array
        (
            [0] => image/jpeg
            [1] => image/jpeg
            [2] => image/jpeg
            [3] => image/jpeg
        )

    [tmp_name] => Array
        (
            [0] => C:\....\....\tmp\php545E.tmp
            [1] => C:\....\....\tmp\php545F.tmp
            [2] => C:\....\....\tmp\php546F.tmp
            [3] => C:\....\....\tmp\php5470.tmp
        )

    [error] => Array
        (
            [0] => 0
            [1] => 0
            [2] => 0
            [3] => 0
        )

    [size] => Array
        (
            [0] => 55453
            [1] => 65521
            [2] => 26248
            [3] => 57827
        )

)

You can see the main array keys name,type,tmp_name, error and size but what we are really looking for are the open KEY’s I mentioned, which are shown in each section of the array. So if we just loop through one section, e.g. 'name' we will be dealing with key => value pairs so if we use

foreach($_FILES['userImage']['name'] as $key => $value):

we would see and have access to these $key => $value pairs.

Array
(
    [0] => 001.jpg
    [1] => 002.jpg
    [2] => 003.jpg
    [3] => 004.jpg
)

So now that you have the $key for each image uploaded, you can use this $key to get any of the primary Key => Values… You are primarily using 'tmp_name' but you could also move a copy of the image to a directory and save the image name to the database. But to the point. You will use the key like this.

$_FILES['userImage']['tmp_name'][$key]

Now your previous script uses a header to send the user to a preview page when an image is uploaded. Now that you are changing this to upload multiple images, this header will need to be moved to After the closing foreach bracket or tag so it will only preview the last image uploaded. My version of your image processing looks like this.

if(!empty($_FILES)):
	foreach($_FILES['userImage']['name'] as $key => $value):
		if(!empty($value)):	
			if(is_uploaded_file($_FILES['userImage']['tmp_name'][$key])):
			
				$imgData = addslashes(file_get_contents($_FILES['userImage']['tmp_name'][$key]));
				$imageProperties = getimageSize($_FILES['userImage']['tmp_name'][$key]);
				
				$sql = "INSERT INTO trial (imageType ,imageData, user_id)
				VALUES('{$imageProperties['mime']}', '{$imgData}','".$_SESSION['id']."')";
				mysqli_query($db, $sql) or die("<b>Error:</b> Problem on Image Insert<br/>" . mysqli_error($db));
				$current_id = mysqli_insert_id($db);
			endif;
		endif;
	endforeach;
	//You will preview just the last image
	if(!empty($current_id)):
		header("Location: preview.php?image_id=".$current_id);
		exit;
	endif;
endif;

Are these multiple images for the same tax_payer_id or are there multiple tax payer ids, a different one for each image? If each image is for a different tax payer id, you will need to design a User Interface (UI) that supports selecting the id per image (if you read my reply in one of your previous threads for this assignment, I offered a method that would work for one or more images - image can be uploaded but I cant an upload an image for specific user - #23 by mabismad )

Don’t use addslashes, use a prepared query instead. You should already be using a prepared query, since all external, unknown, dynamic values can contain sql special characters which can break the sql query syntax, which is how sql injection is accomplished. From the php.net documentation -

The addslashes() is sometimes incorrectly used to try to prevent SQL Injection. Instead, database-specific escaping functions and/or prepared statements should be used.

Each has been removed starting with php8.

Lastly, your code needs validation logic and error handling for any statement that can fail. At any step, you must tell the user if anything they did didn’t work and what they can do to correct the problem. For (multiple) file uploads, this is even more important since a user can upload files that exceed the post_max_size setting on the server. In this case, both the $_FILES and $_POST arrays will be empty. Also, any individual file can exceed the upload_max_filesize setting. Your current code will do nothing in these cases, leaving the user wondering what went wrong.

Thank you .

Thank you.