I’m uploading files (images) to my file structure using Uploadify, then catching each file, giving it a random number as a file name, resizing it using the excellent SimpleImage script into Large, Medium, and Small sizes, saving those to the directory, discarding the original image, and writing the file details (the random number, the original name, the album ID, etc) to the database for access later.
All of this is working without a hitch escept the writing to the DB part. I find only the first file’s information is passed to the DB, and with an incorrect number as the filename.
In short, how can I write EACH file’s information to the Database (correctly), when using Uploadify on multiple images?
My current script:
*note: AlbumID is set dynamically by the user and posted as filedata to uploadify.
require_once '../../functions.php';
require_once '../../conn.php';
//defaults
$uploadify_path = '/contents/uploads/gallery/';
$albumID = $_POST['AlbumID'];
//Define a destination
$targetPath = $_SERVER['DOCUMENT_ROOT'] . $_POST['path']; // Relative to the root
if (!empty($_FILES)) {
$tempFile = $_FILES['Filedata']['tmp_name'];
$targetFile = $targetPath . $_FILES['Filedata']['name'];
include($_SERVER['DOCUMENT_ROOT'].'/includes/SimpleImage.php');
// Validate the file type
$fileTypes = array('jpg','jpeg','gif','png'); // File extensions
$fileParts = pathinfo($_FILES['Filedata']['name']);
if (in_array($fileParts['extension'],$fileTypes)) {
$ran = $albumID.RandNumber(10);
$location=$targetPath.$ran;
$LegacyName = $fileParts['filename'];
$FileExt = $fileParts['extension'];
if(is_numeric($albumID)) {
$q = "INSERT INTO gallery_meta (AlbumID, FileName, LegacyName, FileExt, IsDefault, Public)
VALUES ('$albumID','$ran','$LegacyName','$FileExt','0','1')";
$r= mysql_query($q);
mysql_free_result($r);
}
move_uploaded_file($tempFile,$targetFile);
list($width, $height, $type, $attr) = getimagesize($targetFile);
$image = new SimpleImage();
$image->load($targetFile);
if( $height >= 901 ) {
$image->resizeToHeight(900);
$image->save($location.'-lrg.'.$FileExt);
$image->resizeToHeight(550);
$image->save($location.'-med.'.$FileExt);
$image->resizeToHeight(200);
$image->save($location.'-sm.'.$FileExt);
unlink($targetFile);
}
elseif(( $height >= 551 )&&( $height <= 900 )) {
$image->save($location.'-lrg.'.$FileExt);
$image->resizeToHeight(550);
$image->save($location.'-med.'.$FileExt);
$image->resizeToHeight(200);
$image->save($location.'-sm.'.$FileExt);
unlink($targetFile);
}
elseif(( $height >= 201 )&&( $height <= 550 )) {
$image->save($location.'-lrg.'.$FileExt);
$image->save($location.'-med.'.$FileExt);
$image->resizeToHeight(200);
$image->save($location.'-sm.'.$FileExt);
unlink($targetFile);
}
if( $height <= 200 ) {
$image->save($location.'-lrg.'.$FileExt);
$image->save($location.'-med.'.$FileExt);
$image->save($location.'-sm.'.$FileExt);
unlink($targetFile);
}
echo '1';
} else {
echo 'Invalid file type.';
}
}
add an auto incrementing key to the table, and change albumID into a
BIGINTif you’re sure your values aren’t going to overflow the size ofBIGINT, but if they are I recommend you save the “AlbumId” as aVARCHAR(30)instead, since it’s more of a name than an actual number key, especially since it looks like it can be an arbitrary length.I also think that instead of a random number at the end, you should be appending the current timestamp using
time()so that you don’t create the potential of collisions like a system with random numbers & user input will.Also incidentally,
$_POST['albumId'], by being direct user input.. is leaving your database open to a MySQL Injection attack.