umm? Im not sure what you are trying to do there exactly, but you really shouldnt put stuff into your databasequery without escaping it first with, for example mysql_real_escape_string(). http://fi2.php.net/mysql_real_escape_string
And to get that imageuploading to work, you need to put up the ' enctype="multipart/formdata" ' into your <form> tag. then you need to insert a <input type="file" name="image" /> into your form, where you have the textareas.
Then you put up to your PHP section and if-statement where it checks if the file is uploaded or not.
<?PHP
if(!empty($_FILE['image']['name'])) {
//NOT EMTPY
}
?>
and in the not empty part you will put up the checks if the file that is uploaded meets the requirements.
and then if it meets the requirements, you move it from the temp file to a some folder in your server.
<?PHP
//this is the folder where the file is uploaded
$uploaddir = 'uploads/';
//This is the actual path to the file.
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
//Check if moving of the file is successfull to the appointed folder
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
//And this states that the action was successfull, here you can insert the LINK to the image into the database.
echo "File is valid, and was successfully uploaded.\n";
/* This is an example how you can add it to your database.
*
* $url = "http://SITEURLHERE.COM/";
* $query = "UPDATE table SET imageurl = '" . $url . $uploadfile . "' WHERE id = '" . $SOMEID . "' ";
* $result = mysql_query($query) or die("ERROR!");
*
* NOTE: add the escapes and modify to your needs. This should work, though im not a master my self. I havent done this that
* many times either
*/
} else {
echo "File uploading failed.\n";
}
?>