Every tutorial I read suggested it’s best to store images in a folder and store the path into a database as opposed to storing images into a database. I want to allow users to store data and an image then retrieve and display the data and image, I know how to display the data but not the uploaded image.
Every tutorial I read suggested it’s best to store images in a folder and store the path into a database as opposed to storing images into a database.
What I was getting at is that you save no identifying information with each path – just an arbitrary id. How will you select particular paths later? And if you’re not selecting them later, why save them at all?
A user id session is created once a user logs in and only logged in users can enter data. I planned on using the the logged in users id as the image id. If it easier to store the image I’ll do that instead.
The code you posted doesn’t enforce that in any way.
I planned on using the the logged in users id as the image id.
The code you posted doesn’t do that, either (it uses the filename the user provides*). If you did do that, however, it would mean that each user could have only one image uploaded at a time.
*I would recommend against this, since it makes overwriting an image -accidentally or not- very easy. Using a checksum as the filename is a better approach, since it will be unique per file. You could store the user’s desired “filename” separately.
If it easier to store the image I’ll do that instead.
Again, it has nothing to do with how you store the image: it has to do with what information you store about the image. Right now, you’re only storing the filename (the picid is useless, because it’s arbitrary and you don’t associate it with anything).
If you want to be able to select images by which user uploaded them, then you’ll have to record which images belong to which users. That means another row in your DB that stores the user’s id/name/whatever.
On another topic, checking file extensions to determine file type is not a good idea. Just because a file has a .png extension, for example, doesn’t mean that it’s a png image (or an image at all). Same thing goes for $_FILES[...]["type"]: it’s not checked in any way and can be forged, or simply incorrect. You would be better off using the FileInfo class -which actually examines the file- to validate the mime-type.