PHP Insert image in Xampp Mysql database

Asked

Viewed 406 times

-1

I’m trying to put an image in the bank MySql via PHP, actually the path of it, after moving the picture to a folder at the root. I’m using xampp. All the codes I have tested normally enter the other form data but not the image. Does anyone know anything else that should be done? What I want is to register a user and their profile photo. Can help?

Part of My code (separate files):

Form

<form method="POST" action="cadusuario.php" enctype="multipart/form-data">                                                      
    <label for="nomecompleto">Nome completo:</label>
    <input type="text" name="nomecompleto" id="nomecompleto" placeholder="Digite seu usuario ex. nome.sobrenome" size="50" />
    <br class="block" />
    <label for="nome">Usuario:</label>
    <input type="text" name="nome" id="nome" placeholder="Digite seu usuario ex. nome.sobrenome" size="50" />
    <br class="block" />
    <label for="cpf">CPF:</label>
    <input type="text" name="cpf" id="cpf" placeholder="Digite seu CPF"  size="45" />
    <br class="block" />
    <label for="senha">Senha:</label>
    <input type="password" name="senha" id="senha" placeholder="Digite sua senha de acesso" size="30" />
    <input type="text" name="setor" id="setor"/>
    <br class="block" />
    <label for="avatar">Avatar:</label>
    <input type="file" name="avatar" id="avatar" placeholder="Abrir Foto" />

    <button type="btn" data-icon="plus" data-rel="dialog">Cadastrar</button><p>                                 
</form>

PHP

$nome  =   mysqli_real_escape_string($conn, $_POST['nome']);
$cpf   =  (int) $_POST['cpf'];
$senha =  md5($_POST['senha']);
$nomecompleto = $_POST['nomecompleto']; 
$setor = $_POST['setor'];
$PASTA = "./imagensPHP/";

$imagem = $_FILES["avatar"]["name"];
$temp = $_FILES["avatar"]["tmp_name"];                      

if (!file_exists($PASTA)){
    mkdir("$PASTA", 0700);
}
move_uploaded_file($temp,$PASTA.$imagem);                       
$str_insert = "INSERT INTO `tb_usuarios` (cpf, nomeusuario, senha, nomecompleto, avatar, setor) 
                VALUES ('".$cpf."','".$nome."','".$senha."','".$nomecompleto."','".$imagem."','".$setor."')";                           
$result = mysqli_query($conn,$str_insert);          
print_r($_FILES['avatar']);
  • 1

    You’re not getting your way into the bank, are you? You ask what should be done but do not clarify the problem you are facing, I suggest you edit the question to make it clearer the point where we should help

  • You didn’t leave a question, but I’ll leave you some tips: A) You should check if the data sent in the form is in the correct format, for example, in (int) $_POST['Cpf'], it would result in error if the client put non-integer characters. B) About the image that is uploaded on the server, I saw in a video about security techniques, which would be recommended you re-save the image, instead of moving it to a server folder, because they can upload an image with malicious code and spread it to every client who views the image, and it’s interesting that in your case, given that you

  • When registering the user, I want to insert a profile photo. I read that saving the file in a folder and its address in the database is better than saving the image directly in the database. name, Cpf... these are registered normally, but the photo, is not moved to folder and is not saved the path in the bank.

1 answer

0

In the picture variable, use:

$image = addslashes(file_get_contents($_FILES['file']['tmp_name']));

  • The function addslashes does not exactly fit what you are imagining. The correct function to escape strings specifically for insertion into the DB in question is mysqli_real_escape_string. - Moreover, file_get_contents does not make sense in author’s code. It is saving the file in filesystem with move_uploaded_file and recording the name and path, not the contents of the file in DB

  • I’m checking and posting the result, thank you.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.