Image Upload to mysql database

[dsham]

I realize this question seems rather novice...thats because I am, however I am improving greatly.

I litterally work on this stuff every available moment.

I am creating a little practice form page to insert information into my database.

Which is fine with normal text fields, but I am trying to allow my end users to upload images to my database.

I hit a brick wall with trying to figure out how to accomplish this.

i have set up table in my db with image as a longblob which i think is all fine.

its the php code that I am getting messed up on.

Here is what I got:

Someone please let me know where i am erroring.

Thanks

 

<?php

 

$host=""; // Host name

$username=""; // Mysql username

$password=""; // Mysql password

$db_name=""; // Database name

$tbl_name="test_mysql"; // Table name

 

 

mysql_connect("$host", "$username", "$password")or die("cannot connect");

mysql_select_db("$db_name")or die("cannot select DB");

 

 

$name=$_POST['name'];

$lastname=$_POST['lastname'];

$email=$_POST['email'];

$image =$_FILES['image'];

 

 

 

$sql="INSERT INTO $tbl_name(name, lastname, email, image) VALUES('$name', '$lastname', '$email', '$image')";

$result=mysql_query($sql);

 

 

displays message "Successful".

if($result){

echo "Successful";

echo "<BR>";

echo "<a href='insert.php'>Click here to add another person</a>";

}

 

else {

echo "ERROR";

}

 

mysql_close();

?>

[printf]

You should be validating your $_POST inputs, never assume anything you have personal created in your script as being safe! Other than that...

 

change this...

 

$image =$_FILES['image'];

 

to this...

 

$image = mysql_real_escape_string ( fread ( fopen ( $_FILES['image']['tmp_name'], 'rb' ), filesize ( $_FILES['image']['tmp_name'] ) ) );

 

 

printf