1

Is it possible to upload images/files by sending the POST or REQUEST, parameters in the URL without HTML content?

I created a PHP file that gets a image from my someone, stores that file into the database, and a in a folder on my computer. It works fine but what I want to do now is remove the html content and only allow someone to send the images/files via the URL. I tried using $_GET but I received a lot of errors. I also researched this and read that only $_POST will work.

Here is my PHP source code with HTML but keep in mind, "I want the page blank and the only way for someone to send the images/files is through URL".

PHP:

if(isset($_POST['submit'])){

    if(@getimagesize($_FILES['image']['tmp_name']) ==FALSE){

        // Select an image
        echo "Please select an image.";
    }
    else{
    // THE PATH TO STORE THE UPLOAD IMAGE
    $target = "images/".basename($_FILES['image']['name']);

    //CONNECT TO DATABASE
    $db = mysqli_connect("localhost", "root", "");
    mysqli_select_db($db, "magicsever");

    if(mysqli_connect_error()){

        die ("Database connection error");
    }
    //GET ALL THE SUBMITTED DATA
    $image = $_FILES['image']['tmp_name'];
    $name = $_FILES['image']['name'];

    //Store te submitted data to database
    $sql = "INSERT INTO image_test (name, image)VALUES ('$name','$image')";
    $query = mysqli_query($db, $sql);


    //Now lets move the uploaded image into the folder

    $nullResult = array();
    $nullResult['Image'] = (move_uploaded_file($_FILES['image']['tmp_name'], $target))? "Successful": "Unsuccessful";
    echo json_encode($nullResult);                      


    }
}

HTML:

<form action="index.php" method="post" enctype="multipart/form-data">

<input type="file" name="image">
    <br></br>
<input type="submit" name="submit" value="Upload">




</form>
Improve this question
3
  • 1
    Your code is vulnerable to SQL injection attacks. You should use mysqli or PDO prepared statements with bound parameters as described in this post. Commented May 26, 2017 at 16:50
  • 1
    When your visitor POST an image, it does only include that image. What is HTML content? I can't see any reason, you should use GET, instead POST, to upload a file to server. Commented May 26, 2017 at 16:50
  • Thanks @AlexHowansky and i am trying to send it in the URL without the html content which is the upload button etc Commented May 26, 2017 at 16:58

1 Answer 1

Reset to default
1

$_POST['']; Parameters come from the usually the form that has the method set to POST, like yours has, that input type you have (file, named image) will be returned has $_POST['image'], $_REQUEST on the other hand is the "GET" method, it works in the same way, the only difference is it's not secure and it comes in the url. I would recommend using POST to be honest. Also use PDO because your code is vulnerable to SQL injection. (mentioned by Alex Howansky)

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

How would i send the parameters in the URL using POST?
You don't, thats the thing, POST sends it to the $_POST['name'] superglobal, which then you can access from anywhere in the website. GET sends it to the url and is accesed trough $_REQUEST['name']
It's not possible to send an image file trough the url like you want, you really need some type of file upload, you can't just simply, inject an image from the url UNLESS its an image that comes from another url, which the you would have something like page.com/upload.php?file=www.imgur.com/image.png
Oh so what i want to do is kinda impossible unless you have the image URL already in hand? So there is no way to send an uploaded image maybe with $_GET to the database etc etc? Like how snap and facebook store all the images in the server, thats what i want to do.
Naah mate you need to do some type of way to receive the file and then send it to the database. Generally with a form and a post method.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.