Image storing in Database using PHP error

Question

I want to make profile page in PHP where I should display information of Logged in user including profile photo for that purpose. I want to store uploaded image in database. I have written script but it give me some error in SQL statement.

My php script

<?php
include("configdb.php");
    function GetImageExtension($imagetype)
     {
       if(empty($imagetype)) return false;
       switch($imagetype)
       {
           case 'image/bmp': return '.bmp';
           case 'image/gif': return '.gif';
           case 'image/jpeg': return '.jpg';
           case 'image/png': return '.png';
           default: return false;
       }
     }
if (!empty($_FILES["uploadedimage"]["name"])) {
    $file_name=$_FILES["uploadedimage"]["name"];
    $temp_name=$_FILES["uploadedimage"]["tmp_name"];
    $imgtype=$_FILES["uploadedimage"]["type"];
    $ext= GetImageExtension($imgtype);
    $imagename=date("d-m-Y")."-".time().$ext;
    $target_path = "../Photos/".$imagename;
if(move_uploaded_file($temp_name, $target_path)) {
    $query_upload="INSERT into 'images_tbl' ('images_path','submission_date') VALUES
('".$target_path."','".date("Y-m-d")."')";
    mysql_query($query_upload) or die("error in $query_upload == ----> ".mysql_error()); 
}else{
   exit("Error While uploading image on the server");
}
}
?>;

I got following error

error in INSERT into 'images_tbl' ('images_path','submission_date') VALUES ('../Photos/03-10-2016-1475478958.jpg','2016-10-03') == ----> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''images_tbl' ('images_path','submission_date') VALUES ('../Photos/03-10-2016-14' at line 1**

Professor Abronsius · Answer 1 · 2016-10-03T07:35:14.397

2

You are using quotes around the tablename and columns where it should be backticks, so change:

$query_upload="INSERT into 'images_tbl' ('images_path','submission_date') VALUES
('".$target_path."','".date("Y-m-d")."')";

to

$query_upload="INSERT into `images_tbl` (`images_path`,`submission_date`) VALUES
('".$target_path."','".date("Y-m-d")."')";

That said, the code is vulnerable to sql injection and you are using the now deprecated and obsolete mysql_* functions - change to eitehr mysqli or PDO and begin using prepared statements.

As your db connection is mysqli you need to use mysqli_query and other associated functions and not mix them with the older mysql functions.

$result=mysqli_query($conn, $query_upload) or die('error');

edited Oct 03 '16 at 07:35

answered Oct 03 '16 at 07:27

Professor Abronsius

33,063
5
32
46

Sir still got error in INSERT into `images_tbl` (`images_path`,`submission_date`) VALUES ('../Photos/03-10-2016-1475479781.jpg','2016-10-03') == ----> No database selected – Masroor_Shah Oct 03 '16 at 07:30
Can you therefore share the `configdb.php` code too – Professor Abronsius Oct 03 '16 at 07:30
connect_error) { die("connection failed".$conn->connect_error); } echo "Connected Successfully"; ?> – Masroor_Shah Oct 03 '16 at 07:33
1

You are mixing `mysqli` and `mysql` functions – Professor Abronsius Oct 03 '16 at 07:33

score 2 · Accepted Answer · answered Oct 03 '16 at 07:39

You are mixing Mysqli with Mysql try like this

 $query_upload="INSERT into images_tbl (`images_path`,`submission_date`) VALUES
('".$target_path."','".date("Y-m-d")."')";    
mysqli_query($conn,$query_upload) or die("error in $query_upload == ----> ".mysqli_error($conn));

instead of

 $query_upload="INSERT into 'images_tbl' ('images_path','submission_date') VALUES
('".$target_path."','".date("Y-m-d")."')";
    mysql_query($query_upload) or die("error in $query_upload == ----> ".mysql_error());

score 1 · Answer 3 · answered Oct 03 '16 at 07:29

1

You have error in your mysql query, no need to use singlequotes for table name in query use backtick

$query_upload="INSERT into `images_tbl` (`images_path`,`submission_date`) VALUES
('".$target_path."','".date("Y-m-d")."')";

or use without any quote or backtick.

$query_upload="INSERT into images_tbl (`images_path`,`submission_date`) VALUES
('".$target_path."','".date("Y-m-d")."')";

answered Oct 03 '16 at 07:29

Owais Aslam

1,577
1
17
39

still have error INSERT into images_tbl (`images_path`,`submission_date`) VALUES ('../Photos/03-10-2016-1475479848.jpg','2016-10-03') == ----> No database selected – Masroor_Shah Oct 03 '16 at 07:31
check your configdb.php is including or not ? or you have selected the correct database or not ? – Owais Aslam Oct 03 '16 at 07:32

score 1 · Answer 4 · edited May 23 '17 at 12:00

1

Please try the following query, I am sure it will work.

$query_upload="INSERT INTO `images_tbl`(`images_path`, `submission_date`) VALUES ('".$target_path."','".date("Y-m-d")."')";

The name of table and columns should not be surrounded by quotations. Instead either use backtick or nothing.

Note:

mysql_* is deprecated as of php-5.5. So instead use mysqli_* or PDO.
Why shouldn't I use mysql_* functions in PHP?

edited May 23 '17 at 12:00

Community

1
1

answered Oct 03 '16 at 07:39

mega6382

9,211
17
48
69

i have applied that before but got Mysqli and Msql Mixing error Thanks any ways solved now – Masroor_Shah Oct 03 '16 at 07:41

Image storing in Database using PHP error

4 Answers4