File upload, PHP into a SQL database blob (move_uploaded_files)

[altrock182182]

I have an upload script that I'm using in a private area of my website. I'm looking to get a jpg, gif, or bmp loaded into a blob element in my database.

I'm having trouble saving the file somewhere that it can be accessed. I'm not accustomed to unix directory listings or remote hosts..

How would I go about moving an uploaded file to a permanent directory? I have something like this so far:

 $dbpicfile='/home/---/public_html/---/images/cars/'.basename($_FILES['file']['name']);
 
/*I'm assuming the above line is terribly, terribly wrong! */
 
 move_uploaded_file($_FILES['file']['tmp_name'],$dbpicfile);
 $query = "INSERT INTO ".$mysql_db."(`CARID`,`THUMBOF`,`PICDATA`) 
         VALUES ('$carid',NULL,LOAD_FILE('$dbpicfile'))";
  $imginsert = mysql_query($query);

 

[greeney]

I think you work from your site's root directory rather than your home directory, so

$dbpicfile='/home/---/public_html/---/images/cars/'.basename($_FILES['file']['name']);

would become

$dbpicfile='/images/cars/'.basename($_FILES['file']['name']);

Your move_uploaded_file function seems ok, however I've never played around with files in databases so I can't tell you if that's right or not.

 

[altrock182182]

$fileloc = $_FILES['file']['tmp_name'];
	$query = "INSERT INTO ".$mysql_db."(`CARID`,`THUMBOF`,`PICDATA`) VALUES ('$carid',NULL,LOAD_FILE('$fileloc'))";

Would this work? I tried it and it didn't.

I believe by the time the SQL gets a chance to load the file, the PHP server has already deleted it, by my understanding.

Really I'm just trying to find any way I can to get an uploaded file into the database as a blob. It doesn't have to be secured or anything, as it's in a private area of the site..

Help would be much appreciated =]

 

[bonzo meier]

hi,

maybe your FILE permission is not set correctly? if you log in to your database as a root user (admin-features, all permissions granted), you can set permissions for your user-account like this (using mySQL command-line):
mysql> GRANT FILE ON database_name TO username@127.0.0.1 IDENTIFIED BY 'password';

127.0.0.1 of course is a placeholder for your database server. The GRANT FILE will enable the use of SELECT ... INTO OUTFILE and LOAD DATA INFILE for the user 'username'.

the only possible mistake I can figure out apart from that is the temp-path name, as LOAD_FILE requires the complete path. if this isn´t it (as it seems), maybe you can try a little workaround:

$fileloc = $_FILES['file']['tmp_name'];
    $query = "INSERT INTO ".$mysql_db."(`CARID`,`THUMBOF`,`PICDATA`) VALUES ('$carid',NULL,NULL)";

    $query_workaround ="UPDATE ".$mysql_db." SET PICDATA=LOAD_FILE('".$fileloc."') WHERE CARID = ".$carid.";";

hope this is a little help...

peace, bonzo
Edit:
oh, and your query

$query = "INSERT INTO ".$mysql_db."(`CARID`,`THUMBOF`,`PICDATA`) VALUES ('$carid',NULL,LOAD_FILE('$fileloc'))";

requires a semi-colon in the end, or you´ll get an "error in your sql syntax" or sth like that:

try

$query = "INSERT INTO ".$mysql_db."(`CARID`,`THUMBOF`,`PICDATA`) VALUES ('$carid',NULL,LOAD_FILE('$fileloc'));";