Well the subject line is pretty explicit. I found this script that uploads a picture onto a folder on the server called images, then inserts the the path of the image on the images folder onto a VACHAR field in a database table.
[php]
";
print_r($array);
echo "";
}
// Set some constants
// This variable is the path to the image folder where all the images are going to be stored
// Note that there is a trailing forward slash
$TARGET_PATH = "images/";
// Get our POSTed variable
$image = $_FILES['image'];
// Sanitize our input
$image['name'] = mysql_real_escape_string($image['name']);
// Build our target path full string. This is where the file will be moved to
// i.e. images/picture.jpg
$TARGET_PATH .= $image['name'];
// Make sure all the fields from the form have inputs
if ( $image['name'] == "" )
{
$_SESSION['error'] = "All fields are required";
header("Location: member.php");
exit;
}
// Check to make sure that our file is actually an image
// You check the file type instead of the extension because the extension can easily be faked
if (!is_valid_type($image))
{
$_SESSION['error'] = "You must upload a jpeg, gif, or bmp";
header("Location: member.php");
exit;
}
// Here we check to see if a file with that name already exists
// You could get past filename problems by appending a timestamp to the filename and then continuing
if (file_exists($TARGET_PATH))
{
$_SESSION['error'] = "A file with that name already exists";
header("Location: member.php");
exit;
}
// Lets attempt to move the file from its temporary directory to its new home
if (move_uploaded_file($image['tmp_name'], $TARGET_PATH))
{
// NOTE: This is where a lot of people make mistakes.
// We are *not* putting the image into the database; we are putting a reference to the file's location on the server
$sql = "insert into images (member_id, image_cartegory, image_date, image) values ('{$_SESSION['id']}', 'main', NOW(), '" . $image['name'] . "')";
$result = mysql_query($sql) or die ("Could not insert data into DB: " . mysql_error());
header("Location: images.php");
echo "File uploaded";
exit;
}
else
{
// A common cause of file moving failures is because of bad permissions on the directory attempting to be written to
// Make sure you chmod the directory to be writeable
$_SESSION['error'] = "Could not upload file. Check read/write persmissions on the directory";
header("Location: member.php");
exit;
}
} //End of if session variable id is not present.
?>
[/php]
The script seems to work fine because I managed to upload a picture which was successfully inserted into my images folder and into the database.
Now the problem is, I can’t figure out exactly how to write the script that displays the image on an html page. I used the following script which didn’t work.
[php]
//authenticate user
//Start session
session_start();
//Connect to database
require (‘config.php’);
$sql = mysql_query("SELECT* FROM images WHERE member_id = '".$_SESSION['id']."' AND image_cartegory = 'main' ");
$row = mysql_fetch_assoc($sql);
$imagebytes = $row['image'];
header("Content-type: image/jpeg");
print $imagebytes;
[/php]
Seems to me like I need to alter some variables to match the variables used in the insert script, just can’t figure out which. Can anyone help??