Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <ol> <li>You should use absolute paths for moving the file. If you want to do something in the current dir, use <code>__DIR__</code> or dirname(<code>__FILE__</code>) depending on your php version. The first one is to preferred if it's available.</li> <li>You should do error checking - read up on $_FILES array on php.net manual for what to look out for.</li> <li>Check the return value of move_uploaded_file, errors, notices - there might also be a problem with writing permissions (the target directory/file has to be writable by the webserver)</li> <li>You should consider generating a filename, otherwise if 2 ppl upload a file with the same name, the second one will override the first one. Then starts the fun about race conditions and the impossibility of php itself to do an atomic lock (using mysql get lock is the best I've come up so far, as semaphores and file locking suck in a web context with php)</li> <li>You should add some security checking, e.g. str_replace("\0", "", $filename) for avoding nul poisoning (and depending on your system and filesystem there are probably other things you should filter/check)</li> <li>This is just a tip, but really: Don't do anything with user input, especially file upload, in the open (e.g. publicly available web address) if you haven't got enough experience in regards to php/security. Otherwise you will see your server crashed, taken over, ... in a very short time. PHP is already very insecure as it is, adding in mysql and file upload doesn't really make it better. There is no guarantuee that the filename you get from $_FILES is safe - an attacker could send ANY filename (i can easily do with a few lines of script myself, and I'm not a real hacker).</li> </ol> <p>Also, basename does not filter filenames, it just gives you whatever is before the last '.'. </p> <p>Edit: + everything Palantir wrote, to make it work (sorry, there were so many things on this that I skipped some)</p>
    singulars
    1. This table or related slice is empty.
    1. POPHP image upload and write to database
      singulars
      1. PTQuestion
    1. PTAnswer
    1. This table or related slice is empty.
    1. USgriffin
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. CO@palantir thanks guys, basically this is for a cms i've made up for a blog and the file upload is basically for uploading pictures for a slideshow plugin at the top of the page. The reason why I want to write the data to the database after uploading is so that I can use the generated filename to dynamically input it into the slideshow e.g. <img src="/img/<?php echo $data['photo_1']; ?>" would you say this is the best way to go about it? Sorry if this doesn't make sense, very new to php like I said.
      singulars
      1. PO
      1. UStezzataz
    2. COIt's totally okay/standard, but as I've been building a new cms on php+mysql myself over the past 2 years, I can only emphasize how important it is in this context to: 1. read up on security (nul byte poisoning, utf8, ...) 2. read up on race conditions (e.g. so you don't have 2 files ending up as one) 3. NEVER trust ANY user input (even better: never trust ANY kind of input), and thus always validate, sanitize, filter, ...
      singulars
      1. PO
      1. USgriffin
    3. COThis thing doesn't like alt+enter it seems ;) Anyway, you should also make sure that wherever you upload the files to, there is no chance that 1. you overwrite an existing file (I could pass '../index.php' as filename for example, and you would just append that!) 2. the uploaded files aren't directly accessible or at least the server won't execute them (think about uploading some backdoor.php file, and afterwards opening /whatever-upload-dir/backdoor.php in my browser)
      singulars
      1. PO
      1. USgriffin
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload