1

I need to upload an image to database and path should be saved in table. I am using the below code to upload the image and store the path in database table. I have created a directory "images" for storing image which is uploaded by user.

if(isset($_POST['submit']))
{
  $errors= array();
  $file_name=$_FILES['photo']['name'];
  $file_size =$_FILES['photo']['size'];
  $file_tmp =$_FILES['photo']['tmp_name'];
  $file_type=$_FILES['photo']['type'];
  $file_ext=strtolower(end(explode('.',$_FILES['photo']['name'])));
  $expensions= array("jpeg","jpg","png");
  if(in_array($file_ext,$expensions)=== false){
  $errors[]="extension not allowed, please choose a JPEG or PNG file.";
  }
  if($file_size > 2097152){
  $errors[]='File size must be excately 2 MB';
  }
  if(empty($errors)==true){
  move_uploaded_file($file_tmp,"images/".$file_name);
  echo '<script language="javascript">';
  echo 'alert("Success")';
  echo '</script>';
  }
  else
  {
    echo '<script language="javascript">';
    echo 'alert("Failed")';
    echo '</script>';
    print_r($errors);
  }
  }
  $query = mysql_query("insert into e(photo) values ('$file_name')");
  echo '<script language="javascript">';
  echo 'alert("Ok")';
  echo '</script>';
 }

Then the image should be displayed from database using the stored path in table. I am using the below code to display the image from database.

$connection = mysql_connect("localhost", "root", "");
$db = mysql_select_db("s", $connection);
$sql = "SELECT * FROM e";
$result = mysql_query($sql);
while ($o = mysql_fetch_assoc($result))
{
    echo "<tbody>";
    echo "<tr>";
    echo "<td>".'<img src="$photo;"' ."</td>";
    echo "</tr>";
    echo "</tbody>";
}
?>
Developer
  • 73
  • 7
  • what is the problem?? – Rotimi Mar 30 '17 at 10:54
  • The table contains only file name i.e image name. The image is not displayed while using the select query which is showed above. – Developer Mar 30 '17 at 10:57
  • what is the value of $MyPhoto? – Rotimi Mar 30 '17 at 10:58
  • Sorry it is $photo it is the table column name. It is not displaying the image. – Developer Mar 30 '17 at 11:04
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Mar 30 '17 at 14:31
  • ***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Mar 30 '17 at 14:31

2 Answers2

2

Here you are making mistake

echo "<td>".'<img src="$photo;"' ."</td>";

Replace it with (Ensure that you are completing img tag)

echo '<td><img src="your_images_folder_path/'.$o['photo'].'"></td>';

Please stop using mysql_* it's depreciated since PHP5.6

Akshay
  • 700
  • 9
  • 23
0
$connection = mysql_connect("localhost", "root", "password", "s");
$sql = "SELECT * FROM e";
$result = mysql_query($sql);
while ($o = mysql_fetch_assoc($result))
{
    echo "<tbody>";
    echo "<tr>";
    echo "<td>".'<img src="path/'.$o['photo']."></td>";
    echo "</tr>";
    echo "</tbody>";
}
?>

Where photo is the column name from your database. Also, you can simply pass the database name in your connection declaration instead of using the mysql_select_db

Rotimi
  • 4,783
  • 4
  • 18
  • 27