cannot upload images to mysql using php

Question

I want to upload images to mysql server using php. I have created html and sql connectivity but the image upload shows error. I cant upload the image, it shows error of valid image ie you must upload jpeg,bmp,gif; and read/write in directory.

Can any1 help me solving this problem the php file is

    <?php
//Start session
session_start();

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

// Check to see if the type of file uploaded is a valid image type
function valid($file)
{
    // This is an array that holds all the valid image MIME types
    $valid_types = array("image/jpg", "image/jpeg", "image/bmp", "image/gif");

    //echo $file['type'];
    if (in_array($file['type'], $valid_types))
        return 1;
    return 0;
}

// Build our target path full string.  This is where the file will be moved do
// i.e.  images/picture.jpg
$TARGET_PATH = "image/";
$TARGET_PATH = $TARGET_PATH . basename( $_FILES['image']['name']);

$pimage = $_FILES['image']['name'];

// Check to make sure that our file is actually an image
    // You check the file type instead of the extension because the extension can easily   be faked
    if (!valid($pimage))
    {
   $_SESSION['ERRMSG_ARR'] = array('You must upload a jpeg, gif, or bmp');
   header("Location: admin.php");
   exit;
     }

// Here we check to see if a file with that name already exists
   // You could get past filename problems by appending a timestamp to the filename and then      continuing
   if (file_exists($TARGET_PATH))
   {
 $_SESSION['ERRMSG_ARR'] = array('A file with that name already exists');
 header("Location: admin.php");
     exit;
   }

 // Lets attempt to move the file from its temporary directory to its new home
   if (move_uploaded_file($_FILES['image']['tmp_name'], $TARGET_PATH))
   {
  // NOTE: This is where a lot of people make mistakes.
  // We are *not* putting the image into the database; we are putting a reference to the     file's location on the server
   $sql = "insert into people (p_category, p_name, p_quantity, p_desc, p_image) values        ('$pcategory', '$pname','$pquantity','pdesc', '" . $pimage['name'] . "')";
   $result = mysql_query($sql);
    //Check whether the query was successful or not
      if($result) {
    $_SESSION['ERRMSG_ARR'] = array('Product added');;
    $_SESSION['MSG_FLAG'] = 0;
    session_write_close();
    header("location: admin.php");
    exit();
     }else {
    die("Query failed: ".mysql_error());
        }
       }
       else
       {
     // A common cause of file moving failures is because of bad permissions on the     directory attempting to be written to
     // Make sure you chmod the directory to be writeable
     $_SESSION['ERRMSG_ARR'] = array('Could not upload file.  Check read/write persmissions on the directory');
      header("Location: admin.php");
      exit;
       }
?>

Answer 1

I think

$pimage = $_FILES['image']['name'];

should be

$pimage = $_FILES['image'];

You probably missed this because your code is quite inconsistent - sometimes you use $pimage , while elsewhere you reference the $_FILES array directly. This makes it harder to maintain should the file field's name change. You could also type hint the valid() function to make PHP complain if $file isn't an array:

function valid(array $file) { ... }

What level of error reporting do you have set? It would highlight errors like trying to access undefined array keys.

Answer 2

See you are passing the image type in the line if (!valid($pimage)) But in the valid() function you are again trying to get the type of image $file['type'] .

What George said should also work, but since you are making variables for the image type $ptype and name $pimage , you can use them itself.

So the changes should be $file['type'] becomes $file and $file['type'] & in the insert query $pimage['name'] becomes $pimage

I'm sure this solves it, Bahua ;)