1

I am currently building a website that has a gallery which is accessed through php and mysql. When you view on the website the gallery takes the code from mysql and the image from my folder (on the machine).

I am having a problem that when I upload an image (using the php) the image_pathname comes up, so does the image_description (with the image_gallery database), but the author does not - and instead a number appears.

I think it's something maybe I can fix easily but I've been working on the site for a while and my brain is fried - and assuming it's something impossible.

This is my table syntax:

CREATE TABLE images(
id INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
image_pathname VARCHAR( 50 ) ,
image_author VARCHAR( 50 ) ,
image_description VARCHAR( 50 ) ,
genreID VARCHAR( 100 )
)

This is my HTML:

<form method="post" action="upload_file.php" enctype="multipart/form-data">

            <p>
              Image Author:
            </p>
            <input type="text" name="image_author"/>

            <p>
              Please enter a decscription:
            </p>
            <input type="text" name="image_description"/>
            <p>
             Please upload an image.
            </p>
            <p>
              Photo:
            </p>
            <input type="hidden" name="size" value="350000">
            <input type="file" name="photo"> 


            <input TYPE="submit" name="upload" title="Add image/data to the Database" value="Add Image"/>
          </form>

and this is my php:

<?php

//This is the directory where images will be saved
$target = "images/";
$target = $target . basename( $_FILES['photo']['name']);

//This gets all the other information from the form
$name= (isset($_POST['image_author']));
$description= ($_POST['image_description']);
$pic=($_FILES['photo']['name']);


// Connects to your Database
mysql_connect("localhost", "root", "root") or die(mysql_error()) ;
mysql_select_db("image_gallery") or die(mysql_error()) ;

//Writes the information to the database
mysql_query("INSERT INTO images (image_author, image_description, image_pathname)
VALUES ('$name', '$description', '$pic')") ;

//Writes the photo to the server
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
{

//Tells you if its all ok
echo "The file has been uploaded, and your information has been added to the directory <p> <a href='upload.php'> Go back</a>";
}
else {

//Gives and error if its not
echo "Sorry, there was a problem uploading your file.";
}
?>
Improve this question
5
  • 1
    Please, stop using mysql_* functions. They are no longer maintained and are officially deprecated. Learn about prepared statements instead, and use PDO. DANGER! You need to prevent SQL Injection! Commented Jan 20, 2015 at 14:19
  • You can also use mysqli functions, which will be easier to integrate into your code. Commented Jan 20, 2015 at 14:22
  • @SpencerWieczorek, would this be okay to use, or could this also be deprecated? Commented Jan 20, 2015 at 14:26
  • @Coli-Eza Yes it's ok to use. Prepared statements and mysqli are equivalent in security. Commented Jan 20, 2015 at 14:29
  • whether you use PDO or mysqli, prepared statements should be implemented. Commented Jan 20, 2015 at 14:34

2 Answers 2

Reset to default
3

You are erroneously calling isset() when assigning your value to your variable. The result is you get a boolean value, which is what isset() retuens) instead of the actual value of $_POST['image_author'].

 $name= (isset($_POST['image_author']));

should be

$name= $_POST['image_author'];

FYI, you are wide open to SQL injections and using an obsolete API.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You can assign your form variables like this way and see comment of Jay Blanchard about MYSQL API, use instead MYSQLI or PDO which will help you to write SQL INJECTION free code.

//This gets all the other information from the form
$name= (isset($_POST['image_author']))? $_POST['image_author']:'';
$description= (isset($_POST['image_description']))? $_POST['image_description']:'';
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.