0

I was doing an upload and request id to retrieve the image after it was uploaded. However, before I can retrieve I can even insert it to my MySQL database;

BTW the problem is at line 19 which is the

"$query = "INSERT INTO profilepicture (`id`,`name`,`image`) VALUES ('','".$image_name."','".$image."')";"

Here is my code that I used

<?php
 $con = mysqli_connect('127.0.0.1', 'root', '', 'test');
$files = $_FILES['uploadProfilePicture']['tmp_name'];

 if(!isset($files)){
echo("wrong file");
 }else
 {
$image = file_get_contents($_FILES['uploadProfilePicture']['tmp_name']);
$image_name = $_FILES['uploadProfilePicture']['name'];
$image_size = getimagesize($_FILES['uploadProfilePicture']['tmp_name']);

if($image_size == false) 
{
    echo("Thats is not an image");
}else
{
    $query = "INSERT INTO profilepicture (`id`,`name`,`image`) VALUES ('','".$image_name."','".$image."')";
    if(!$insert = mysqli_query($con, $query))
    {
    echo("problem uploading");  
    }else
    {

        $lastid = mysql_insert_id();
        echo "image uploaded.</p> Your Image</p> <img src=getImage.php?id=".$lastid.">";
    }
}
 }
 ?>



<div class="loginCheck">
        <div class="profilePicture">
            <form action="ProfileImages/FileUpload.php" method="POST" enctype="multipart/form-data">
                <input  type="file" name="uploadProfilePicture"/> <input type="submit" value="Upload" />
            </form>



        </div>
    </div>
Mureinik
  • 297,002
  • 52
  • 306
  • 350
rodolfo navalon
  • 183
  • 1
  • 1
  • 13

2 Answers2

0

My bet is you have an issue with this line:

$image = file_get_contents($_FILES['uploadProfilePicture']['tmp_name']);

Try this instead:

$image = mysql_real_escape_string(file_get_contents($_FILES['uploadProfilePicture']['tmp_name']));

You need to escape that string. It probably has a quote in it. You should look into using prepared statements.

Community
  • 1
  • 1
SeanWM
  • 16,789
  • 7
  • 51
  • 83
0

How is this string supposed to be constructed? 

"$query = "INSERT INTO profilepicture (`id`,`name`,`image`) VALUES ('','".$image_name."','".$image."')";"

as above? or:

$query = "INSERT INTO profilepicture (`id`,`name`,`image`) VALUES ('','".$image_name."','".$image."')";

Notice the removal of the quote before the $ and at the end ;?

Daryl Gill
  • 5,464
  • 9
  • 36
  • 69