nelly2000 nelly2000 - 1 month ago 25
MySQL Question

<input type="file" accept="image/*;capture=camera"> save image to database using php

I have a mobile web app form where I access the mobile device camera and capture a photo along with some other details captured within other fields in the form. Using php I save the information captured in the form to a mysql database sucessfully, but the image is not stored. I have searched for a resolution but cannot find anything on using php with

<input type="file" accept="image/*;capture=camera">


to store the image in a database. The database field is currently blob but this can change if needed.

The form works perfectly for all other data, so the issue is with my lack of understanding of how to handle images or files with php. can anyone help or point me in the right direction please. The basis of my code is pasted below.

The form save is working fine as the bus_name input saves to the database, but the bus_img record is blank.

HTML

<div data-role="page" id="view_record">
<div data-role="header">
<a href="#" data-rel="back" class="ui-btn-right ui-btn ui-btn-icon-notext ui-corner-all ui-icon-back">Back</a>
<div data-role="main" class="ui-content">
<form method="post" enctype="multipart/form-data" action="saveRecord.php">
<label for="bus_name">Business Name:</label>
<input type="text" name="bus_name" id="bus_name" placeholder="Enter Business Name">

<label for="bus_type">Business Type:</label>
<input type="text" name="bus_type" id="bus_type" placeholder="Enter Business Type">

<label for="bus_tel">Business Tel:</label>
<input type="text" name="bus_tel" id="bus_tel" placeholder="Enter Business Tel No">

<label for="bus_img">Business Photo:</label>
<input type="file" name="bus_img" id="bus_img" accept="image/*;capture=camera">

<label for="comments">Comments:</label>
<textarea name="comments" id="comments" placeholder="Enter Comments"></textarea>

<input type="submit" value="Submit">
</form>
</div>
</div>
</div>


PHP

<?php
$bus_img = $bus_name = "";

$servername = "";
$username = "";
$password = "";
$dbname = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
$conn = mysqli_connect($servername, $username, $password, $dbname);

if (!$conn)
{
die("Connection failed: " . mysqli_connect_error());}

$bus_img = $_FILES["bus_img"];
$bus_img = mysqli_real_escape_string($conn, $bus_img);
$bus_name = $_POST["bus_name"];

$sql = "INSERT INTO tblLead(leadImage, occupantName)

VALUES ('$bus_img','$bus_name')";

if (mysqli_query($conn, $sql))
{
} else
{
echo "Error: " . $sql . mysqli_error($conn);
}
mysqli_close($conn);
exit();
}
?>


ANy help much appreciated. Thanks

Answer

Firstly, file handling requires $_FILES and not $_POST.

Your form tag does not contain a proper enctype to handle files.

As per the manual's example on files handling:

<form enctype="multipart/form-data" action="__URL__" method="POST">

Reference:

Then you need to escape that (file) data and there are a few ways to do this.

One of which being mysqli_real_escape_string($conn, $file)

Reference:

Something you should also be using against all your data as it is presently open to an SQL injection.

I.e. and by replacing:

$bus_img = $_POST["bus_img"];

with:

$bus_img = $_FILES["bus_img"];
$bus_img = mysqli_real_escape_string($conn, $bus_img);

And make sure that the file does not exceed the maximum uploaded size allowed/set on your server.

Use proper error checking also.