dsham Posted February 18, 2007 Share Posted February 18, 2007 I realize this question seems rather novice...thats because I am, however I am improving greatly. I litterally work on this stuff every available moment. I am creating a little practice form page to insert information into my database. Which is fine with normal text fields, but I am trying to allow my end users to upload images to my database. I hit a brick wall with trying to figure out how to accomplish this. i have set up table in my db with image as a longblob which i think is all fine. its the php code that I am getting messed up on. Here is what I got: Someone please let me know where i am erroring. Thanks <?php $host=""; // Host name $username=""; // Mysql username $password=""; // Mysql password $db_name=""; // Database name $tbl_name="test_mysql"; // Table name mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $name=$_POST['name']; $lastname=$_POST['lastname']; $email=$_POST['email']; $image =$_FILES['image']; $sql="INSERT INTO $tbl_name(name, lastname, email, image) VALUES('$name', '$lastname', '$email', '$image')"; $result=mysql_query($sql); displays message "Successful". if($result){ echo "Successful"; echo "<BR>"; echo "<a href='insert.php'>Click here to add another person</a>"; } else { echo "ERROR"; } mysql_close(); ?> Quote Link to comment Share on other sites More sharing options...
printf Posted February 19, 2007 Share Posted February 19, 2007 You should be validating your $_POST inputs, never assume anything you have personal created in your script as being safe! Other than that... change this... $image =$_FILES['image']; to this... $image = mysql_real_escape_string ( fread ( fopen ( $_FILES['image']['tmp_name'], 'rb' ), filesize ( $_FILES['image']['tmp_name'] ) ) ); printf Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.