Skip to content Skip to sidebar Skip to footer
Home / Css / Html / Mysql / Php

Mysql Error During Inserting A Image In Mysql Database

Post a Comment
I am working on a website and my task is to take product image from user and store that image in the database..i am using mysql database. My code for html form is as:-

Solution 1:

try to change this:

$sql = "INSERT INTO product
(productname, image_id , image_type ,image, image_size, image_name, productdesc)VALUES
('$myusername','11', '{$size['mime']}', '{$imgData}', '{$size[3]}', 
'{$_FILES['userfile']['name']}','$productdesc')";

with this:

$size_mime = mysql_real_escape_string($size['mime']);
$size3 = mysql_real_escape_string($size[3]);
$filename = mysql_real_escape_string($_FILES['userfile']['name']);
$sql = "INSERT INTO product
(productname, image_id , image_type ,image, image_size, image_name, productdesc) VALUES
('{$myusername}','11', '{$size_mime}', '{$imgData}', '{$size3}', 
'{$filename}','$productdesc')";

and edit this:

$myusername=$_POST['myusername']; 
$mypassword=$_POST['product'];
$filename=$_FILES['uploadimage']['tmp_name'];

with this:

$myusername = mysql_real_escape_string($_POST['myusername']); 
$mypassword = mysql_real_escape_string($_POST['product']);
$filedata = mysql_real_escape_string($_FILES['uploadimage']['tmp_name']);

you should absolutely avoid sql injection!

Solution 2:

You need to escape $imgData and everything else with mysql_real_escape_string before putting it into a query.

Solution 3:

You need to use bound variables. First off you are wide open to SQL injection attacks.

Suppose someone crafted a filename of \';DROP product; and uploaded it...

That being said, inlining binary data into a query just isn't going to work 99% of the time.

For bound parameters your query becomes something like this and you call bind_parm to attach the data to each ?.

$sql = "INSERT INTO product (productname, image_id , image_type ,image, image_size, image_name, productdesc) VALUES (?,?,?,?,?,?,?)";

Solution 4:

First I think you should not upload images directly to Mysql. Instead use a directory and put everything there. So with that said try something like this:

//target to the path of my files
$target_path = "uploads/product_images/";
if(!is_dir($target_path)) mkdir($target_path);
$uploadfile = $target_path . basename($_FILES['userfile']['name']);

//Move the uploaded file to $taget_path
(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile));

Then you can get to the uploaded file by using the following:

echo"<a href=" . $target_path . basename($row['userfile']) . ">
     {$row['userfile']}</a>";

Post a Comment for "Mysql Error During Inserting A Image In Mysql Database"