tahakirmani Posted December 19, 2012 Share Posted December 19, 2012 I am creating a PHP program in which a user upload his image and the image code stores in Mysql Database. I have written the following code,but its giving me an error message. <form action="image_test02.php" METHOD="POST" enctype="multipart/form-data" > FILE: <input type="file" name="image"> <input type="submit" value="Upload" > </form> <?php mysql_connect('localhost','root',''); mysql_select_db('a_database') ; $file= $_FILES['image']['tmp_name']; if (!isset($file)) { echo "Please Upload a File "; } else { $image = file_get_contents( $_FILES['image']['tmp_name'] ); $image_name= $_FILES['image']['name']; $image_destination =$_FILES['image']['tmp_name']; $image_size= getimagesize($_FILES['image']['tmp_name']); if ($image_size==FALSE) { echo 'Thats not an image'; } else { $query= "INSERT INTO email_images VALUES ('10', '$image', '$image_destination')"; if (!$result= mysql_query($query)) { echo "Problem Uploading Image ". mysql_error(); } else { echo "Image Uploaded"; } } } ?> ERROR message . Problem Uploading Image You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[°°Ó¤/p!JÒÆ8©K—ç œlÜXØä¹û˜ÙöPãE+@)PÊ}FbÜOAÃ&z·>Ì' at line 1 Problem Uploading Image You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 Thanks, Taha Quote Link to comment Share on other sites More sharing options...
Christian F. Posted December 19, 2012 Share Posted December 19, 2012 This is reason #2 why you should always escape your data, with reason #1 being to protect yourself against SQL injections. Well, both reasons really stem from the same problem: The input containing characters that are considered special by MySQL, and thus creates an invalid/unwanted query. Add mysql_real_escape_string () around your variables, when you add them to the SQL query, and the problem should be resolved. Quote Link to comment Share on other sites More sharing options...
tahakirmani Posted December 19, 2012 Author Share Posted December 19, 2012 This is reason #2 why you should always escape your data, with reason #1 being to protect yourself against SQL injections. Well, both reasons really stem from the same problem: The input containing characters that are considered special by MySQL, and thus creates an invalid/unwanted query. Add mysql_real_escape_string () around your variables, when you add them to the SQL query, and the problem should be resolved. Thank You so much, It solved my problem Quote Link to comment Share on other sites More sharing options...
Christian F. Posted December 19, 2012 Share Posted December 19, 2012 You're welcome. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.