If you have just a few images that you want to display on your web site, keep them as regular files on your server. But if you've thousands, it's better to keep them in a database and server them via a script - such as a PHP script. And if you're dealing with thousands of images, you probably want to upload them via a web form or let you users do so. One of the most popular demonstrations / solutions on our site is a complete example that shows you all the stages combined - it's [here]. But although the code is not long, there's a lot happening - so earlier today (during a PHP Techniques Workshop), I [re]wrote each of the stages as a separate script.

1. To upload a file (and store it on the server as a regular file) - see [here]; source will display in separate window.

2. To place the uploaded file into a database table - see [here]; source will display in separate window.

3. To read the image data from the database and send it to the browser - see [here]; source will display in separate window.

Notes ....

Script 1, 1: The Image Upload needs to be an input box type "file", to use a hidden field giving a maximum length called "MAX_FILE_SIZE", to use the "POST" method, and to use "multipart/form-data" encoding.

Script 1, 2: I have chosen to use a hidden field called "rocket" with a data value "scientist" to check whether the page has been accessed from the completed form (and has an image uploaded) or not.

Script 1, 3: In order for this script to work, your PHP must be configured to allow uploads and have the temporary upload directory existing. That's not usually an issue if you're running a default server on Linux or Unix, but it may need setting up in php.ini and the directory may need creating if your server is running Windows.

Script 1, 4: The directory / file that you move the uploaded file to also needs to be writeable on the server.

Script 2, 1: Before you save to a MySQL database, you'll need to have the database installed, running and accessible to you.

Script 2, 2: If you use a copy of my script, you'll need to change the login user name and password and possibly the host in the mysql_connect call (the latter will probably be localhost).

Script 2, 3: My example requires the database to exist already, but it will create the table for you the first time it's run - it actually attempts to create the table every single time and fails silently if it already exists.

Script 2, 4: I have created an extra field that's unused in the database called "authorised" - this is to demonstrate how and where extra fields associated with the data would go

Script 2, 5: Rather than using mysql_connect, I could have used mysqli_connect; rather than using fread, I could have used file_get_contents ... there are plenty of alternative functions in PHP and you should use whichever is most appropriate for you.

Script 2, 6: Once a picture has been stored in my database, I have deleted the original file from the disc. That way, it avoids accidentally storing lots of copies in this simple demonstration.

Script 3, 1: The database access needs to be set up in this script just like in script (2) [use an include or require file and do it just once in a live application!]

Script 3, 2: You must not have a blank line or even a single space before the <?php - if you do, you'll get an error message rather than an image output. Similarly, no trailing blanks please!

Script 3, 3: The script will ONLY display one image - no text or anything else. If you want to display the image within a complete web page, you'll need to call it up from that page via an <img src=.....> tag.


You can run the three stages on our server - [here], [here] and [here].

Important note on security issues

By allowing uploads which are not password / login protected, you are opening your hosting to any content that anyone wants to add. And there are a lot of people who would love you to host and serve content that breaks a variety of laws - copyright, decency, incitement, discrimination, libel, etc ... or illustrates views that you don't share. You MUST consider these aspects as you provide such a script.

The most practical and common way of setting up an image upload feed which is not an "open" one is to only allow uploaded by authorized users, using a cookie based login system. In some instances, you may want each image to go through a separate authorization process before you'll serve it, even after it has been uploaded. That's what the illustrative extra field in my database might be used for.

Other General Notes

By using Apache mod_rewrite, you'll be able to access the third script - or variants of it - using a URL that ends in .jpg, and you'll even be able to pass in the part of the URL that looks like the file name to the script so that you can use it to identify the record from which you want to read back the image.

Rather than using MySQL, you could use SqLite or another database if it were more appropriate; MySQL is very good, but there are questions as to whether it's current dominance is justified, or is a good thing in the long term.

The PHP display script may be easily extended to "watermark" images, "thumbnail" them, refuse to serve them if they're being called in from a hotlinking site, select a random image, etc.

We have a further example - "putting it all in one" in our solution centre - [here].

---

You'll be seeing from even this article and the three tiny scripts that it references just how much is involved in image upload, and also the critical security considerations. The primary course we cover this subject on is our PHP Techniques workshop which is suitable for delegates with prior PHP experience; if you're new to PHP, you should attend either Learning to program in PHP or PHP Programming first.

This article is illustrated by random images from our databases, using an extended version of the third script in the series

Do you want help implementing an upload / store in database / access system such as this article illustrates? If you do - if you're having problems and you're badly stuck - you should really come on a course. It's not practical for me to teach you all about PHP and MySQL via a series of questions and answers. But if you're nearly there and you just need a final query or two sorting out, please get in touch. For folks I already know (e.g. past delegates) I can probably help via a couple of technical emails; for others, I can arrange to spend an hour or two with you one evening to help you out in person. That needs to be at our training centre in Melksham, Wiltshire - I won't charge for my time in a first instance, but you'll need to stay over if you don't live in Wiltshire so it will cost you the price of a hotel room at our training centre [details].

(written 2010-08-12, updated 2010-08-20)

 H304 - PHP - DDA, Style and image handling
  [806] Check your user is human. Have him retype a word in a graphic - (2006-07-17)
  [1506] Ongoing Image Copyright Issues, PHP and MySQL solutions - (2008-01-14)
  [2031] Choosing from an image with an image map - (2009-02-08)
  [2343] World Flags in your PHP pages - (2009-08-10)
  [2539] Changing Images - (2009-12-17)
  [2715] Uploading an image, document or pdf via a browser (php) - (2010-04-10)
  [3747] An easy way to comply with the new cookie law if your site is well designed - (2012-06-02)

Back to Testing the robustness of our hotel and training systems - holiday and sickness times

Previous and next or Horse's mouth home

Forward to Downloading a report from the web for further local analysis

Does copying a variable duplicate the contents?
Sorting - naturally, or into a different order
London to Calne, Corsham, Melksham, Bradford-on-Avon, Chippenham by public Transport
Downloading a report from the web for further local analysis
Upload Image, Store in database, redisplay in browser. PHP and MySQL
Testing the robustness of our hotel and training systems - holiday and sickness times
Looking up a value by key - associative arrays / Hashes / Dictionaries
Older picture.
Six languages in one file - an HTML++ web page
Predictions for the seagull population