-2

I have an update profile page where you can select an image from your folders and upload it to my MySQL database. Look at this code:

$image ="";
$image_size;
$image_name;
$uploadable = false;
if(isset($_FILES['image']['tmp_name'])){
     $image= file_get_contents($_FILES['image']['tmp_name']);
     $image_name=$_FILES['image']['name'];
     $image_size=getimagesize($_FILES['image']['tmp_name']);

     if($image_size==false){
     $_SESSION["FLAW"] = '4';
     header("Location:editprofile.php"); 
     echo "nope";  
     $uploadable = false;
     }else{
        $uploadable = true;
     }
}else{}

AND: 

if($row[6] == $id && $uploadable == true){
             if(($fetchedemail == $emailentered) || ($fetchedemail != $emailentered && ($new == true)) ){

                $query = mysql_query("UPDATE `allaccounts`  SET `realname` = '$realname' WHERE `allaccounts`.`id` = $id;");
                $query2 = mysql_query("UPDATE `allaccounts` SET `twitter` = '$twitter' WHERE `allaccounts`.`id` = $id;");
                $query1 = mysql_query("UPDATE `allaccounts` SET `email` = '$emailentered' WHERE `allaccounts`.`id` = $id;");
                $query3 = mysql_query("UPDATE `allaccounts` SET `facebook` = '$facebook' WHERE `allaccounts`.`id` = $id;");
                $query4 = mysql_query("UPDATE `allaccounts` SET `description` = '$description' WHERE `allaccounts`.`id` = $id;");
                $query5 = mysql_query("UPDATE `allaccounts` SET `image` = '$image' WHERE `allaccounts`.`id` = $id;");
                $query6 = mysql_query("UPDATE `allaccounts` SET `filename` = '$image_name' WHERE `allaccounts`.`id` = $id;");
            //  header("Location:Myprofile.php");
                $_SESSION["FLAW"] = '';
                break;
            }else{
                    //header("Location:editprofile.php");
                    $_SESSION["FLAW"] = '3';

                    break;
            }

This is the PHP code I use to get the image from the form on my HTML page and then update the image column of my MYSQL database which is a BLOB type. I went to check the database but the data is not there and I don't know why. If I open my image in notepad it looks like it has all the data with the weird symbols, which is good. But if I echo $image it looks different and has a lot of diamonds with question mark symbols. That might indicate something is wrong. Can anyone see what I am doing wrong that doesn't get the code correctly or upload it correctly

jack
  • 5
  • Stop using `MySQL_` it is deprecated and dangerous. Use instead `MySQLi_` or `PDO` and drag your code up to 2005! You can also use Prepared Statements which are the better way of handling user data in your SQL, preventing various and serious security breaches. – Martin Sep 11 '16 at 11:04
  • Possible duplicate of [How can I store and retrieve images from a MySQL database using PHP?](http://stackoverflow.com/questions/1636877/how-can-i-store-and-retrieve-images-from-a-mysql-database-using-php) – Martin Sep 11 '16 at 11:07

1 Answers1

1

Ensure that in the HTML part of the form you have the form attributes set to the below constraints.

If you are using file-upload control in the <input type="file" name="file"> in the HTML form it is compulsory that you have to use the enctype attribute.

enter image description here

<form action="#" method="post" enctype="multipart/form-data">
</form>

The enctype attribute specifies how the form-data should be encoded when submitting it to the server.

Naresh Kumar P
  • 4,127
  • 2
  • 16
  • 33