Uploading Photos and Storing on a DB

Report · Jun 24, 2011

Hi Guys,

I need your assistance please. I am building a project for school on Dreamweaver CS5. I want to create a Database Website where users can register, logon to their own profile and it then allows them to upload their pics. Then other users can search for them by name and see their pics. The site is complete I just have no idea how to upload pics and have no idea how to let other users view these pics.

Please can anyone assist?

Thanks

Report · Jun 24, 2011

There is volumes and volumes of information on how to upload image files via php out on the web, and it is probably more than can be covered in a post like this. I suggest you do a search and if you have trouble getting it to work, post your code and someone will be along to help.

It is common to upload the actual image file into a folder and store the name of the image file in the database, again in doing research you will see that and the plus / minus of this method is almost alwasy discussed.

Gary

Report · Jun 29, 2011

Never store images in a database unless there is a compelling reason to do so. As Gary mentioned, store the images in a folder and store just the file names in the database.

Allowing the unwashed masses to upload images to your website is an invitation for all kinds of trouble. What if they uploade 5GB images? What if they uploade CMYK images, or TIF images, both of which can't be used on the web? It's also an invitation to hackers to upload malicious content to your website. Hackers will eventually find your upload form and try to have all sorts of malicious fun with it. So it's really important that the upload is validated before it reaches your server file system. I have never needed to write code that allows the public to upload files/images, so there is little security in the following example, except that in (2) the code checks the width and height of the image and removes (preg_replace) an assortment of illegal characters. Since you are going to make this form public, you must use tougher security than my example uses.

1. The form that accepts the image is simple. Note the 'enctype.'

<form action="#" method="post" enctype="multipart/form-data">
<p><label>Upload File:<br />
<input type="file" name="upload" size="50"/></label>
<input type="submit" value="Upload Image" /></p>
</form>

2. On the same page of script put the code to process the upload. Something like the following:

<?php
if (is_uploaded_file($_FILES['upload']['tmp_name'])) {
$uploadfile = $_FILES['upload']['tmp_name'];
$width=getimagesize($uploadfile);
$widthx=$width[0];
$heightx=$width[1];
if (($widthx > 540) or (heightx > 500)){
$message = "The image size was too large and was not submitted. Maximum image size is 540 pixels wide and/or 500 pixels high";
} else {
$_FILES['upload']['name'] = preg_replace('#[\s\&\@\#\$\%\[\]]#','', $_FILES['upload']['name']);
move_uploaded_file ($_FILES['upload']['tmp_name'], "../images/" . $_FILES['upload']['name']);
$name = $_FILES['upload']['name'];
$message = "$name has been added.";
}}
echo $message;
?>

3. Calling the image is simple, just use the IMG tag with the image name pulled from the database as variable '$value'.

echo "<img src='/images/$value' alt='photo' />";