0

This is my php code

 <?php
                $query = mysql_query("SELECT Name,Price FROM info",$con1);

                echo "<table border='1'>
                        <tr>
                            <th>Food Name</th>
                            <th>Price</th>
                        </tr>";

                while($row = mysql_fetch_assoc($query))
            {
             echo   "<tr>
                        <td>  $row[Name] </td>
                        <td>  $row[Price]</td>
                        <td>  '<img src=data:image/jpeg;base64,'.base64_encode( $row[image] ).' width=200 height=200/>' </td>                           
                    </tr>";
            }

            ?>

hmm i think i fix it.Nw the problem is the picture does not show in the page.Instead it show full page of alien word instead of picture why?

ron
  • 41
  • 7
  • 1
    [Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard May 18 '16 at 19:34
  • 2
    Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard May 18 '16 at 19:34
  • 2
    gawd, that's easy one. C'mon, you can do this. – Funk Forty Niner May 18 '16 at 19:35
  • @fred ii i stil cant get the right answer.. – ron May 18 '16 at 20:25

0 Answers0