Article
Build An Automated PHP Gallery System In Minutes
Is the Uploaded File a Real Image?
How do we check to ensure the file that’s been uploaded is actually an image? Well, every time we upload a file, PHP generates an array that contains the detail of the uploaded file, including its mime type. So, for a file to be a real image, it should match with one of the known image mime types. For example, to check if the image is a jpeg, gif, bmp or a png, we will compare the fetched mime type value with the known image types. We’ve listed some of these in the following array:
$photo_types = array(
'image/pjpeg' => 'jpg',
'image/jpeg' => 'jpg',
'image/gif' => 'gif',
'image/bmp' => 'bmp',
'image/x-png' => 'png'
);
The above array holds the list of the possible image types our gallery will accept, along with the list of extensions corresponding to these file-types. These extensions will be used while renaming the file, before they’re stored in the gallery. Renaming the files removes the possibility that we might overwrite an existing file that has the same name as the newly-uploaded file. It also allows us to add the correct extension to a file that’s a certain image type, but has an incorrect or a missing extension.
For example, if someone uploads a GIF image with an extension of jpg, we will store the image with the correct .gif extension. One might dispute the need for this validation, but then again, there’s nothing wrong with being a little cautious -- especially if you intend to allow public submissions to your gallery.
The code below performs two functions:
- It rejects an uploaded file if the uploaded file size is not more than 0 bytes; these entries usually come from fields which were left empty in the pre-upload form.
- More importantly, it validates the file’s type from the
photo_typesarray.
while($counter <= count($photos_uploaded)) {
if($photos_uploaded['size'][$counter] > 0) {
if(!array_key_exists($photos_uploaded['type'][$counter], $photo_types)) {
$result_final .= 'File ' . ($counter + 1) .
' is not a photo<br />';
} else {
// Great the file is an image, we will add this file
}
}
}
A repeated parsing of the array photos_uploaded is required for indexing all uploaded files.
Indexing in the Tables
As soon as we receive the valid information of the uploaded image, we must index it in our table. This would yield a unique ID for the image, on the basis of which we will generate a new name under which the file will be saved. Before we add a new entry to the table, we’ll have no idea what the new filename might be. Therefore, we’ll use the initial query to add a new record with a dummy filename that will later be update to the correct one.
The following code would add the new entry into the gallery_photo table and fetch a unique ID:
mysql_query("
INSERT INTO gallery_photos (
photo_filename,
photo_caption,
photo_category
) VALUES (
'0',
'" . $photo_captions[$counter]) . "',
'" . $_POST['category'] . "'
)
");
$new_id = mysql_insert_id(); // New Id generated
We can now generate the new filename:
// Get the filetype of the uploaded file
$filetype = $photos_uploaded['type'][$counter];
// Get the extension for the new name
$extension = $known_photo_types[$filetype];
// Generate a new name
$filename = "$new_id.$extension";
// let’s update the filename now
mysql_query("
UPDATE gallery_photos SET
photo_filename = '$filename'
WHERE photo_id = '$new_id'
");
The naming convention used is new_id.extension.
So far, we have checked the validity of the image, generated a unique name for the image, and added it to the database.