Upload Text and Image with one form, storing path and text in database with PHP
Solved: Below is working code to; Upload File/image to ftp directory, store the path in database table, store current date, and text from form ALL FROM ONE FORM.
I searched for weeks online looking for a concise way to submit all this information on one row in the db, simultaneously. Could only piece it together, here it is for you guys.
For beginners: 1)Create 2 files in your html daw. Index.php and file_upload.php. Index will be where you put your html, the file_upload.php file is where you add the php code. Php files usually start with
The ID row must be set to primary key and INT. The rest should be set to Varchar with a specific amount of characters (your choosing).
4)Create upload folder at same location as index.php and file_upload.php. Be sure and add file permissions to upload folder to prohibit or allow public edits.
5) switch out 'http://www.yourwebsite.com/directory' in my code with your website and page directory.
In the following case, upgrade is the database name, and Testimonials is the table name.
file_upload.php
<?php
if(isset($_POST['add']))
{
$dbhost = '';
$dbuser = '';
$dbpass = '';
$db_name = 'upgrade';
$tbl_name = 'Testimonials';
$ftp_user = '';
$ftp_pass = '';
$ftp_server = "";
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("$db_name")or die("cannot select DB");
$ftp_conn = ftp_connect($ftp_server) or die("Could not connect to $ftp_server");
// login with username and password
$login_result = ftp_login($ftp_conn, $ftp_user, $ftp_pass);
// check connection
if ((!$ftp_conn) || (!$login_result)) {
echo "FTP connection has failed!";
echo "Attempted to connect to $ftp_server for user $ftp_user";
exit;
} else {
echo "Connected to $ftp_server, for user $ftp_user";
}
$Fname = $_POST['fname'];
$Email = $_POST['email'];
$Content = $_POST['content'];
$Type = $_POST['type'];
$uploadDir = 'http://www.yourwebsite.com/directory/'.'upload/';
$fileName = $_FILES['image']['name'];
$filePath = $uploadDir . $fileName;
if(move_uploaded_file($_FILES["image"]["tmp_name"],"upload/".$_FILES["image"]["name"]))
{
// If file has uploaded successfully, store its name in data base
$query_image = "INSERT INTO $tbl_name(fname,email,content,image,type,submission_date) VALUES ('$Fname','$Email','$Content','$filePath','$Type',curdate())";
if(mysql_query($query_image))
{
echo "Stored in: " . "upload/" . $_FILES["image"]["name"];
}
else
{
echo 'File name not stored in database';
}
}
else{echo 'File not uploaded';}
}
?>
THE FORM
<form method="post" enctype="multipart/form-data" action="/testimonials/file_upload.php">
<table>
<tr>
<td width="250">Name</td>
<td>
<input name="fname" type="text" id="fname" /><br />
</td>
</tr>
<tr>
<td width="250">Email: (will not be publicized)</td>
<td>
<input name="email" type="text" id="email" /><br />
</td>
</tr>
<tr>
<td width="250">Client Type</td>
<td id="mainselection">
<select name="type" id="type">
<option></option>
<option value="Residential">Residential</option>
<option value="Business">Business</option>
</select>
</td>
</tr>
<tr>
<td width="250">Comments</td>
<td>
<textarea id="content" name="content" rows="10" cols="50" style="border-style:groove;box-shadow: 4px 4px 4px 4px #888888;"placeholder="Please describe your experience"></textarea>
</td>
</tr>
<tr>
<td width="250">Image</td>
<td>
<input name="image" type="file" id="file">
</td>
</tr>
<tr>
<td width="250"> </td>
<td>
<input name="add" type="submit" id="add" value="Add Testimonial">
</td>
</tr>
</table>
</form>
thanks to @engvrdr
Kate Obrien
Updated on July 05, 2022Comments
-
Kate Obrien almost 2 years
I've been working on this code for the last week and its racking my brain. I've searched on forums high and low and can only find very little on this specific subject.
I want to use a form to upload Text and images. Images get uploaded to directory (upload/), while image path and text is INSERTed INTO database table (upgrade.Testimonials). The index, uploader php, and upload folder all exist at www.mywebsite.com/testimonials
UPON EXECUTING THE FORM I RECEIVE A "Connected to $ftp_server, for user $USERNAME SAVED Stored in: upload/" BUT NO PHOTO IS UPLOADED AND THE PATH STORED IN DB HAS NO TITLE. BUT ALL OTHER INFORMATION IS SUBMITTED TO DATABASE FINE.
I've opened it the file_upload.php in TextWrangler and it doesn't give me any errors. Hosting with Godaddy.
Other than NY major vulnerability to SQL Injection, why am i not able to upload the images!?
Here is what I have so far, please help!
file_upload.php
<?php if(isset($_POST['add'])) { $dbhost = ''; $dbuser = ''; $dbpass = ''; $db_name = 'upgrade'; $tbl_name = 'Testimonials'; $ftp_user = ''; $ftp_pass = ''; $conn = mysql_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die('Could not connect: ' . mysql_error()); } mysql_select_db("$db_name")or die("cannot select DB"); $ftp_server = ""; $ftp_conn = ftp_connect($ftp_server) or die("Could not connect to $ftp_server"); // login with username and password $login_result = ftp_login($ftp_conn, $ftp_user, $ftp_pass); // check connection if ((!$ftp_conn) || (!$login_result)) { echo "FTP connection has failed!"; echo "Attempted to connect to $ftp_server for user $ftp_user"; exit; } else { echo "Connected to $ftp_server, for user $ftp_user"; } $Fname = $_POST['fname']; $Email = $_POST['email']; $Content = $_POST['content']; $filePath="http://www.mywebsite.com/testimonials/upload/" . $_FILES["file"]["name"]; $Type = $_POST['type']; if ($_FILES["file"]["error"] > 0) { echo "Error: NO CHOSEN FILE <br />"; echo"INSERT TO DATABASE FAILED"; } else { move_uploaded_file($_FILES["file"]["tmp_name"], __DIR__ . "/upload/" . $_FILES["file"]["name"]); echo"SAVED<br>"; $query_image = "INSERT INTO $tbl_name (fname, email, content, image,type, submission_date) VALUES ('$Fname','$Email','$Content','$filePath','$Type',curdate())"; if(mysql_query($query_image)) { echo "Stored in: " . "upload/" . $_FILES["file"]["name"]; } else { echo 'File name not stored in database'; } } } ?>The Form from INDEX.php
<form method="post" enctype="multipart/form-data" action="/testimonials/file_upload.php"> <table> <tr> <td width="250">Name</td> <td> <input name="fname" type="text" id="fname" /><br /> </td> </tr> <tr> <td width="250">Email: (will not be publicized)</td> <td> <input name="email" type="text" id="email" /><br /> </td> </tr> <tr> <td width="250">Client Type</td> <td id="mainselection"> <select name="type" id="type"> <option></option> <option value="Residential">Residential</option> <option value="Business">Business</option> </select> </td> </tr> <tr> <td width="250">Comments</td> <td> <textarea id="content" name="content" rows="10" cols="50" style="border-style:groove;box-shadow: 4px 4px 4px 4px #888888;"placeholder="Please describe your experience"></textarea> </td> </tr> <tr> <td width="250">Image</td> <td> <input name="image" type="file" id="file"> </td> </tr> <tr> <td width="250"> </td> <td> <input name="add" type="submit" id="add" value="Add Testimonial"> </td> </tr> </table> </form>