0

This is my code in insert page. While I run the code its give error of undefine indext at line no 14. I want to upload image in database and retrieve from database.

<?php
$db_handle = mysql_connect("localhost","root","");
if (!$db_handle)
{
    die('Could not connect: ' . mysql_error());
}
mysql_select_db("example");


    $first=$_POST['first'];
    $last=$_POST['last'];
    $hobbies=implode(',',$_POST['hobbies']);
    $study= implode(',', $_POST['study']);
    $image=$_FILES['image']['tmp_name'];
    //inserting data order
    $order = "INSERT INTO emp (F_name,L_name,Hobbies,Study,Image) VALUES('$first','$last','$hobbies','$study','$image')";

    //declare in the order variable
    $result = mysql_query($order);  //order executes
    if($result)
    {
        echo("<BR>Input data is succeed");
        echo "<BR>";
        echo "<a href='main.php'>Back to main page</a>";
    }
    else
    {
        echo("<BR>Input data is fail");
    }

mysql_close();
?>
Ian
  • 391
  • 1
  • 17
Mihir shah
  • 1
  • 3
  • Are you sure you're file `` has a name attribute of `image`? Sidenote: [please don't use `mysql_*` functions](http://stackoverflow.com/q/12859942/1612146) – George Jan 02 '14 at 15:02
  • What's the error? Also, `mysql_*` functions are deprectated. – Julio Jan 02 '14 at 15:02
  • You should start with the manual (check the `['error']` value): http://www.php.net/manual/en/features.file-upload.post-method.php – jeroen Jan 02 '14 at 15:03
  • yes name attribute is image – Mihir shah Jan 02 '14 at 15:04
  • As an aside - You will need to move the uploaded file to another store - the `tmp_name` is where the file is put temporarily - you should put it somewhere else with `move_uploaded_file` – Rob Baillie Jan 02 '14 at 15:07
  • What will happen when `$first = "'; DROP TABLE emp;--"` – Peon Jan 02 '14 at 15:22
  • i got thnks for your help – Mihir shah Jan 02 '14 at 16:31
  • @DainisAbols It won't drop the table that's for sure, `mysql_query` doesn't support multiple statements. Not that *SQL* injection isn't an issue - just that there's probably a better example :) – Emissary Jan 02 '14 at 17:34

0 Answers0