-2

i've successfully uploaded my image into folder and successfully saved my path into database now as i tried to show pic into browser it's showing error:

Warning: mysql_query() expects parameter 2 to be resource, object given in C:\Users\Raj\PhpstormProjects\image\upload_file.php on line 6

Warning: mysql_num_rows() expects parameter 1 to be resource, null given in C:\Users\Raj\PhpstormProjects\image\upload_file.php on line 7 File name not found in database

here is my code for form:

<?php
// Assigning value about your server to variables for database connection
$hostname_connect= "localhost";
$database_connect= "photo";
$username_connect= "root";
$password_connect= "Bhawanku";
$connect_solning = mysql_connect($hostname_connect, $username_connect, $password_connect) or trigger_error(mysql_error(),E_USER_ERROR);
@mysql_select_db($database_connect) or die (mysql_error());

if($_POST)
{
// $_FILES["file"]["error"] is HTTP File Upload variables $_FILES["file"] "file" is the name of input field you have in form tag.

    if ($_FILES["file"]["error"] > 0)
    {
// if there is error in file uploading
        echo "Return Code: " . $_FILES["file"]["error"] . "<br />";

    }
    else
    {
// check if file already exit in "images" folder.
        if (file_exists("images/" . $_FILES["file"]["name"]))
        {
            echo $_FILES["file"]["name"] . " already exists. ";
        }
        else
        {  //move_uploaded_file function will upload your image.  if you want to resize image before uploading see this link http://b2atutorials.blogspot.com/2013/06/how-to-upload-and-resize-image-for.html
            if(move_uploaded_file($_FILES["file"]["tmp_name"],"images/" . $_FILES["file"]["name"]))
            {
// If file has uploaded successfully, store its name in data base
                $query_image = "insert into acc_images (image, status, acc_id) values ('".$_FILES['file']['name']."', 'display','')";
                if(mysql_query($query_image))
                {
                    echo "Stored in: " . "images/" . $_FILES["file"]["name"];
                }
                else
                {
                    echo 'File name not stored in database';
                }
            }
        }


    }
}
?>
<html>
<body>
<form action="upload_file.php" method="post"enctype="multipart/form-data">
    <label for="file">Filename:</label>
    <input type="file" name="file" id="file" />
    <br />
    <input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>

and here is my code for showing pics:

<?php
$con=mysqli_connect("localhost","root","Bhawanku","photo");
// Check connection
$query_image = "SELECT * FROM acc_images";
// This query will show you all images if you want to see only one image pass acc_id='$id' e.g. "SELECT * FROM acc_images acc_id='$id'".
$result = mysql_query($query_image, $con);
if(mysql_num_rows($result) > 0)
{
    while($row = mysql_fetch_array($result))
    {
        echo '<img alt="" src="images/'.$row["image"].'">';
    }
}
else
{
    echo 'File name not found in database';
}
?>
user3549182
  • 1
  • Your code is vulnerable towards SQL injection. [**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [**pink box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). – h2ooooooo Apr 18 '14 at 14:31
  • first of all solve my problem after that tell me these stupid sql injection – user3549182 Apr 18 '14 at 14:32
  • possible duplicate of [Reference - What does this error mean in PHP?](http://stackoverflow.com/questions/12769982/reference-what-does-this-error-mean-in-php) – Anonymous Apr 18 '14 at 14:34
  • `$con=mysqli_connect("localhost","root","Bhawanku","photo");`wtf is photo? – enapupe Apr 18 '14 at 14:34
  • It looks like you're swapping from mysqli_connect to mysql_query in the second snippet. Also, the order of params is different for mysql_query/mysqli_query – chandlermania Apr 18 '14 at 14:36

2 Answers2

2

In the second script, you're connecting as mysqli but then using mysql_query, mysql_num_rows and mysql_fetch_array. MySQLi and MySQL aren't interchangeable.

$result = mysqli_query($query_image, $con);
if(mysqli_num_rows($result) > 0)
{
    while($row = mysqli_fetch_array($result))
    {
        echo '<img alt="" src="images/'.$row["image"].'">';
    }
}
else
{
    echo 'File name not found in database';
}

You should consider changing the first script to MySQLi too, and use prepared statements instead of concatenating variables into the query.

MrCode
  • 63,975
  • 10
  • 90
  • 112
0

In first row you use mysqli extension, but in all other - mysql. Try to change:

<?php
$con=mysql_connect("localhost","root","Bhawanku");
mysql_select_db("photo", $con);
// Check connection
$query_image = "SELECT * FROM acc_images";
// This query will show you all images if you want to see only one image pass acc_id='$id' e.g. "SELECT * FROM acc_images acc_id='$id'".
$result = mysql_query($query_image, $con);
if(mysql_num_rows($result) > 0)
{
    while($row = mysql_fetch_array($result))
    {
        echo '<img alt="" src="images/'.$row["image"].'">';
    }
}
else
{
    echo 'File name not found in database';
}
?>
Alexey Palamar
  • 1,440
  • 1
  • 10
  • 16