PHP upload image

Question

Alright I have way to much time invested in this. I am new to PHP programming and trying to grasp the basics, but I am a little lost as of last night I was able to get a PHP

Answer 1

You need to add two new file one is index.html, copy and paste the below code and other is imageup.php which will upload your image

 <form action="imageup.php" method="post" enctype="multipart/form-data">
 <input type="file" name="banner" >
 <input type="submit" value="submit">
 </form>

 imageup.php
 <?php
 $banner=$_FILES['banner']['name']; 
 $expbanner=explode('.',$banner);
 $bannerexptype=$expbanner[1];
 date_default_timezone_set('Australia/Melbourne');
 $date = date('m/d/Yh:i:sa', time());
 $rand=rand(10000,99999);
 $encname=$date.$rand;
 $bannername=md5($encname).'.'.$bannerexptype;
 $bannerpath="uploads/banners/".$bannername;
 move_uploaded_file($_FILES["banner"]["tmp_name"],$bannerpath);
 ?>

The above code will upload your image with encrypted name

Answer 2

The code overlooks calling the function move_uploaded_file() which would check whether the indicated file is valid for uploading.

You may wish to review a simple example at:

http://www.w3schools.com/php/php_file_upload.asp

Answer 3

I would recommend you to save the image in the server, and then save the URL in MYSQL database.

First of all, you should do more validation on your image, before non-validated files can lead to huge security risks.

1. Check the image

   if (empty($_FILES['image']))
     throw new Exception('Image file is missing');
   

2. Save the image in a variable

   $image = $_FILES['image'];
   

3. Check the upload time errors

   if ($image['error'] !== 0) {
      if ($image['error'] === 1) 
         throw new Exception('Max upload size exceeded');
   
      throw new Exception('Image uploading error: INI Error');
   }
   

4. Check whether the uploaded file exists in the server

   if (!file_exists($image['tmp_name']))
       throw new Exception('Image file is missing in the server');
   

5. Validate the file size (Change it according to your needs)

    $maxFileSize = 2 * 10e6; // = 2 000 000 bytes = 2MB
       if ($image['size'] > $maxFileSize)
           throw new Exception('Max size limit exceeded'); 
   

6. Validate the image (Check whether the file is an image)

    $imageData = getimagesize($image['tmp_name']);
        if (!$imageData) 
        throw new Exception('Invalid image');
   

7. Validate the image mime type (Do this according to your needs)

    $mimeType = $imageData['mime'];
    $allowedMimeTypes = ['image/jpeg', 'image/png', 'image/gif'];
    if (!in_array($mimeType, $allowedMimeTypes)) 
       throw new Exception('Only JPEG, PNG and GIFs are allowed');
   

This might help you to create a secure image uploading script with PHP.

Code source: https://developer.hyvor.com/php/image-upload-ajax-php-mysql

Additionally, I suggest you use MYSQLI prepared statements for queries to improve security.

Thank you.

Answer 4

<?php

$filename=$_FILES['file']['name'];
$filetype=$_FILES['file']['type'];
if($filetype=='image/jpeg' or $filetype=='image/png' or $filetype=='image/gif')
{
move_uploaded_file($_FILES['file']['tmp_name'],'dir_name/'.$filename);
$filepath="dir_name`enter code here`/".$filename;
}

?>