|
Posted by The Natural Philosopher on 10/13/07 12:04
Kye wrote:
> Can anybody suggest to me a good tutorial on how to upload images in php and
> have their location put into a MySQL database?
>
> I know that this is really basic but so are my PHP skills at the moment.
>
> TIA
> Kye.
>
>
>
Here are some snippets from code that actually works. I Actually shove
the files iN the database. Not references to them.
// Yawn bugger, Files. File data should be stored in the $_FILES[]
array, so let's start with the the new ones..
for ($i=0;$i<10;$i++)
{
$index="new_file".$i;
$filename= $_FILES[$index]["name"]; //orig filename
$filesize= $_FILES[$index]["size"]; // the size in bytes of the
uploaded file
$tmpname=$_FILES[$index]["tmp_name"]; // the name of the temporary
copy of the file stored on the server
$index="new_description".$i; // where new file decscriptors are stored
$filedescription=$_POST[$index];
if ($filename=="" || $filesize==0) // skip emptiness.
continue;
// one supposes one has a file at this point..massage the name
into just the filename without the slashes
$newname=$tmpname.$i;
copy($tmpname,$newname);
$filename=basename($filename);
$query=sprintf("insert into project_files set
project_id='%s',current='yes', date='%s' ,user='%d', size='%d',
description='%s', name='%s', content=LOAD_FILE('%s') ",
$project_id,
date('Y-m-d'),
$employee_id,
$filesize,
$filedescription,
$filename,
$newname);
mysql_query($query);
unlink($newname);
}
} // end if update..
Note the use of the copy command to sidestep a 'feature' of PHP5that it
doesn't in fact create aan actual disk file that Mysql can LOAD until it
exits, unless you COPY it.
The form section that allows te user to upload files is this..
// Ok lets put up 12 new file boxes for upload
?><B>Add new files:</B><Br>
<TABLE width="50%" border="0" align="center"> <tr>
<TD align="left"><B>Select file to upload</b></TD><TD
align="left"><b>Enter Brief Description</b></td></TR>
<?
for($i=0;$i<10;$i++)
{
?><TR><TD align="left"><INPUT size="50" TYPE="file"
name="new_file<?echo $i;?>" ></td>
<TD align="left"><INPUT type="text" size="50" value=""
name="new_description<?echo $i;?>" maxlength="64" >
</TD></tr>
<?
}
?></table>
And to retrieve the file for download, I simply use a URL pointing at
this code, with the file ID as a get variable.
open_database(); // ready to check
// get file id..use GET rather than POST as there is adequate security
anyway
// and it makes clickable download URLS easier to generate.
// i.e. <A HREF="filesend.php?id=XXXX"> Download the file here</A> will work
// if you know the file iD in the database. And have permissions to
access the project it's in.
$file_id=$_GET['id'];
$login=getenv("REMOTE_USER");
// first check whether the user exists on the database. If they have
got this far this should never fail
// unless someone manually deletes a database entry or corrupts it.
$query="Select id, privilege_level from employees where login_name =
'".$login."'";
$result=mysql_query($query);
if(($result>0) && (($rows=mysql_numrows($result)) == 1)) //got some data
{
$employee_id=mysql_result($result,0,"id"); // id in employees table
$privilege=mysql_result($result,0,"privilege_level"); // and get their
privilege Power users can access any project
}
else abort_session(" this user is unkown - Access denied!\r\n");
if ($privilege < $privilege_level) // can access the file only if
employees.id matches project creator
{
$query="select employee from projects, project_files where
project_files.id='".$file_id."' and project_files.project_id=projects.id";
$result=mysql_query($query);
if(($result>0) && (($rows=mysql_numrows($result)) == 1)) //got some data
{
if($employee_id!=mysql_result($result,0,'employee')) // user doesn't
have access rights to this project
{
abort_session("you have insufficient privileges to access this
file!\r\n");
//which begs the question of how they got to start trying to
download it,. Hmm..bug elsewhere?
}
}
}
//ok we can access the file legally..how about actually?
$query="select name, content, size from project_files where
id='".$file_id."'";
$result=mysql_query($query);
if(($result>0) && (($rows=mysql_numrows($result)) == 1)) //got some data
{
$name=mysql_result($result,0,'name');
$content=mysql_result($result,0,'content');
$size=mysql_result($result,0,'size');
}
else abort_session ("the file ID you requested cannot be found\r\n"); //
no such file/project in the database
$mtype=get_mime($name);
//spit out standard header stuff
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Type: ".$mtype);
header("Content-Disposition: attachment; filename=\"".$name."\"");
header("Content-Transfer-Encoding: binary");
print $content;
?>
Note that there are lots of calls to library stuff I have written but
you should be able to get the gist of what is going on.
In practice this is working very well. We use it to exchange working
documents with a database server. The code is npot elegant, but them I
am fairly new to PHP.
It does, however work.
Navigation:
[Reply to this message]
|