WHEN I am trying to insert an image in database it's not showing any error but image is not inserting in table

Question

I am trying to insert an image in database. It's not showing any error but image is not inserting in table result is printing "not"

CODE

<?php
    if (isset($_POST['pic_upload'])) {

        if(getimagesize($_FILES['image']['tmp_name'])==False) {
            echo "select img";
        } else {
            $image = addslashes($_FILES['image']['tmp_name']);
            $name = addslashes($_FILES['image']['name']);
            $image = file_get_contents($image);
            $image = base64_encode($image);
            saveimage($name,$image);
        }
    }

    function saveimage($name,$image) {
        require 'db.php';
        $sql ="insert into blob(name,image) values('$name','$image')";
        $result=$conn->query($sql);
        if($result) {
            echo "done";
        } else {
            echo 'not';
        }
    }
 ?>

Answer 1

As mentioned, you need to use backticks if you're going to use a reserved word as a table name. Also you're escaping the file name, but not escaping any of the data, leaving yourself wide open to SQL injection attacks. Use prepared statements instead.

<?php
if (isset($_POST['pic_upload'])) {

    if(getimagesize($_FILES['image']['tmp_name'])==False) {
        echo "select img";
    } else {
        $name = $_FILES['image']['name'];
        $image = base64_encode(file_get_contents($_FILES['image']['tmp_name']));
        saveimage($name,$image);
    }
}

function saveimage($name,$image) {
    require 'db.php';
    $sql ="INSERT INTO `blob` (`name`, `image`) VALUES (?, ?)";
    $stmt = $conn->prepare($sql);
    $stmt->bind_param("sb", $name, $image);
    $result = $stmt->execute();
    if($result) {
        echo "done";
    } else {
        echo 'not';
    }
}
?>