26

I am trying to save images in my database from HTML form. I have written PHP code to accomplish this task. The program is not generating any error message, but also not inserting image data in MySQL database. Kindly check it. Here i am sharing a excerpt from my code.

        /*-------------------
    IMAGE QUERY 
    ---------------*/


    $file   =$_FILES['image']['tmp_name'];
    if(!isset($file))
    {
      echo 'Please select an Image';
    }
    else 
    {
       $image_check = getimagesize($_FILES['image']['tmp_name']);
       if($image_check==false)
       {
        echo 'Not a Valid Image';
       }
       else
       {
        $image = file_get_contents ($_FILES['image']['tmp_name']);
        $image_name = $_FILES['image']['name'];
        if ($image_query = mysql_query ("insert into product_images values (1,'$image_name',$image )"))
        {
          echo $current_id;
         //echo 'Successfull';
        }
        else
        {
          echo mysql_error();
        }
       }
   }
        /*-----------------
    IMAGE QUERY END
    ---------------------*/

    <form action='insert_product.php' method='POST' enctype='multipart/form-data' ></br>
            File        : <input type='file' name= 'image' >
    </form>

Error Message You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

NoobEditor
  • 15,563
  • 19
  • 81
  • 112
Taha Kirmani
  • 1,274
  • 6
  • 26
  • 55

3 Answers3

46

Firstly, you should check if your image column is BLOB type!

I don't know anything about your SQL table, but if I'll try to make my own as an example.

We got fields id (int), image (blob) and image_name (varchar(64)).

So the code should look like this (assume ID is always '1' and let's use this mysql_query):

$image = addslashes(file_get_contents($_FILES['image']['tmp_name'])); //SQL Injection defence!
$image_name = addslashes($_FILES['image']['name']);
$sql = "INSERT INTO `product_images` (`id`, `image`, `image_name`) VALUES ('1', '{$image}', '{$image_name}')";
if (!mysql_query($sql)) { // Error handling
    echo "Something went wrong! :("; 
}

You are doing it wrong in many ways. Don't use mysql functions - they are deprecated! Use PDO or MySQLi. You should also think about storing files locations on disk. Using MySQL for storing images is thought to be Bad Idea™. Handling SQL table with big data like images can be problematic.

Also your HTML form is out of standards. It should look like this:

<form action="insert_product.php" method="POST" enctype="multipart/form-data">
    <label>File: </label><input type="file" name="image" />
    <input type="submit" />
</form>

Sidenote:

When dealing with files and storing them as a BLOB, the data must be escaped using mysql_real_escape_string(), otherwise it will result in a syntax error.

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Wiktor Mociun
  • 702
  • 6
  • 12
  • 1
    its not working.Undefined variable: _FILE and file_get_contents(): Filename cannot be empty is showing – SANDEEP May 06 '14 at 10:12
  • @SANDEEP: I fixed that. – Wiktor Mociun May 06 '14 at 10:38
  • 2
    To be safe from SQL Injection I would use mysqli_real_escape_string or equivalent instead of addslashes. Best way to do this would use PDO prepared statements. – MTJ Nov 26 '14 at 07:28
  • I came about this Q&A from another question asked today. When dealing with files and storing as `BLOB`, the data **must** be escaped using `mysql_real_escape_string()`, otherwise it **will** result in a syntax error. This not just "to be safe", it's because it must be done. – Funk Forty Niner May 17 '15 at 23:50
  • @Fred-ii- - you can edit my post to contain that fix. It worked as it is the time when I was answering this question. – Wiktor Mociun May 18 '15 at 05:31
23

Just few more details

  • Add mysql field

`image` blob

  • Get data from image

$image = addslashes(file_get_contents($_FILES['image']['tmp_name']));

  • Insert image data into db

$sql = "INSERT INTO `product_images` (`id`, `image`) VALUES ('1', '{$image}')";

  • Show image to the web

<img src="data:image/png;base64,'.base64_encode($row['image']).'">

  • End
Till
  • 1,097
  • 13
  • 13
-2

This is the perfect code for uploading and displaying image through MySQL database.

<html>
<body>
<form method="post" enctype="multipart/form-data">
<input type="file" name="image"/>
<input type="submit" name="submit" value="Upload"/>
</form>
<?php
    if(isset($_POST['submit']))
    {
     if(getimagesize($_FILES['image']['tmp_name'])==FALSE)
     {
        echo " error ";
     }
     else
     {
        $image = $_FILES['image']['tmp_name'];
        $image = addslashes(file_get_contents($image));
        saveimage($image);
     }
    }
    function saveimage($image)
    {
        $dbcon=mysqli_connect('localhost','root','','dbname');
        $qry="insert into tablename (name) values ('$image')";
        $result=mysqli_query($dbcon,$qry);
        if($result)
        {
            echo " <br/>Image uploaded.";
            header('location:urlofpage.php');
        }
        else
        {
            echo " error ";
        }
    }
?>
</body>
</html>
Pang
  • 9,564
  • 146
  • 81
  • 122
Mayur Gudi
  • 25
  • 2