PHP DatabasesUsing PHP in conjunction with databases. PHP questions not specific to databases should be directed to one of the other PHP forums.
Welcome to the p2p.wrox.com Forums.
You are currently viewing the PHP Databases section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
1.) Set up a field containing a unique ID
2.) Set up a BLOG field for the file data.
3.) Set up a VARCHAR mime type field if you will be storing more than one type of file.
Optional.. add fields for file name or other details.
Basically you need to extract the binary data from the file using a few PHP functions, addslashes, file will be kept in a normal variable, and then inserted like you would insert any other type of data.
// Read the contents of the file into a variable, addslashes for DB insertion
// where 'userfile' is the name of the upload field
// file_get_contents PHP 4 >= 4.3.0
if (false === ($query = mysql_query("INSERT INTO `files` VALUES(null, '{$file}', '{$mime}')")))
{
echo 'insertion failed';
}
Here is another method which does the same as the above:
// Read the contents of the file into a variable, addslashes for DB insertion.
$file = addslashes(fread(fopen($_FILES['userfile']['tmp_name'], 'r'), filesize($_FILES['userfile']['tmp_name'])));
The following is what you do to retrieve the contents of the file:
<?php
// if passing the ID via GET
if (isset($_GET['id']))
{
$id = $_GET['id'];
}
// get_file.php
// Make SELECT query
$data = mysql_fetch_array(mysql_query("SELECT `file`, `mime` FROM `files` WHERE `id` = '{$id}'"), MYSQL_ASSOC);
// Set the content type header
header('Content-type: {$data['mime']}');
// Also notice that I am not stripping the slashes,
// Doing so may corrupt data in certain file types,
// while you may need to do so for others.
echo $data['file'];
?>
Then simply include a link to the PHP file...
For images,
<img src='get_file.php?id=5' />
Be extra careful about resource consumption here, it may be both more efficient and practical to simply store the file in a directory file system!
CREATE TABLE `files` (
`id` INT( 11 ) NOT NULL AUTO_INCREMENT ,
`file` MEDIUMBLOB NOT NULL ,
`mime` VARCHAR( 50 ) NOT NULL ,
PRIMARY KEY ( `id` )
);
2.) Write HTML/PHP
Basically only two fields are required to upload a file, a 'file' input field, and a 'MAX_FILE_SIZE' hidden field. The latter isn't really required, but will prevent the user from trying to upload a file that is too large on the client-side. This can be easily circumvented by the user and should be accompanied by server-side file validation. It accepts a file size in Bytes, I have set this to accept a file of 10000 bytes, or roughly 10KB. And one attribute *must* appear in the form tag to get the browser to upload data, enctype='multipart/form-data'.
The following should be pretty straight forward. It has been tested and works for me!
Code:
<?php
//upload2db.php
if (!isset($_POST['do_action']))
{
echo "<html>\n",
" <head>\n",
" <title>UPLOAD TO DATABASE</title>\n",
" </head>\n",
" <body>\n",
" <form action='{$_SERVER['PHP_SELF']}' method='post' enctype='multipart/form-data'>\n",
" <input type='file' name='userfile' />\n",
" <input type='hidden' name='MAX_FILE_SIZE' value='10000' />\n",
" <input type='submit' name='do_action' value='Upload' />\n",
" </form>\n",
" </body>\n",
"</html>";
}
else
{
if (isset($_FILES['userfile']['tmp_name']))
{
if (($_FILES['userfile']['size'] <= 10000) && ($_FILES['userfile']['type'] == 'image/jpeg' || $_FILES['userfile']['type'] == 'image/pjpeg'))
{
// Make a database connection here!
$link = mysql_connect('localhost', 'user', 'pass');
mysql_select_db('test', $link);
// file_get_contents() PHP >= 4.3.0
$file = addslashes(file_get_contents($_FILES['userfile']['tmp_name']));
// If using PHP < 4.3.0 use the following:
// $file = addslashes(fread(fopen($_FILES['userfile']['tmp_name'], 'r'), filesize($_FILES['userfile']['tmp_name'])));
if (!mysql_query("INSERT INTO `files` VALUES(null, '{$file}', '{$_FILES['userfile']['type']}')", $link))
{
// do database error reporting here...
echo 'Upload failed: Unable to insert image into database.';
}
else
{
echo "Upload successful! <a href='viewdbfile.php?id=".mysql_insert_id()."'>Click here to view the file!</a>\n";
}
}
else
{
echo 'Upload failed: File must be a JPEG file type and 10KB or less in size';
}
}
else
{
echo 'Upload failed: A valid file has not been uploaded!';
}
}
?>
<?php
// viewdbfile.php
// if passing the ID via GET
if (isset($_GET['id']))
{
$id = $_GET['id'];
}
$link = mysql_connect('localhost', 'user', 'pass');
mysql_select_db('test', $link);
// Make SELECT query
$data = mysql_fetch_array(mysql_query("SELECT `file`, `mime` FROM `files` WHERE `id` = '{$id}'", $link), MYSQL_ASSOC);
// Set the content type header
header('Content-type: '.$data['mime']);
// Also notice that I am not stripping the slashes,
// Doing so may corrupt data in certain file types,
// while you may need to do so for others.
echo $data['file'];
?>
Well you aren't supposed to dump the binary data into the <img> tag. You must refer to an external php script via the img tag to get the browser to display the image.
$risultati = mysql_query("SELECT ID FROM filebinari", $collegamento);
$data = mysql_fetch_assoc ($risultati);
Where is your WHERE clause?? Are you selecting *all* of the rows in the database? Select the unique ID and pass it to another, a second, PHP script to output the image. This is the same as you would use to reference a .jpg or .gif.. file. The PHP script essentially mimicks everything neccessary for the image to be displayed. I suggest you have another look at my last example. In the second script, you must make a content-type header change for the images's MIME type, such as, image/jpeg, image/x-png, image/gif, etc.. whichever one corresponds to your image type being used. This header change will tell the browser that the content coming along is an image and trigger it to process it as one.
If you use my original script as is, you need only modify this line to the following... and the query above to SELECT the ID field instead of the binary data...
Look at my original example again, this time modify the following line:
echo "Upload successful! <a href='viewdbfile.php?id=".mysql_insert_id()."'>Cli ck here to view the file!</a>\n";
To say the following:
echo "Upload successful!<br />Image inserted:<br /><img src='viewdbfile.php?id=".mysql_insert_id()."' style='border: 1px solid black; margin: 10px;' />";
The mysql_insert_id() refers to the unique ID just assigned to the field, in this case an auto-incrementing integer. Without the ID you would not be able to distinguish one image from another.
If that doesn't make sense to you then I suggest you explain what doesn't make sense about it.
upload files
