0

I have an inventory table in which i am storing information about inventory like a laptop. I am storing the image path of inventory in table like photo/laptop.jpg. Now after inserting data in database now i want to make changes like change laptop image. For making changes first am searching it via unique laptop name on search data is retrieve from database but m not able to get image details The following php code am trying 

<html>
<head>
<?php
include 'dbconfig.php';
include 'functions.php';
$fname="";
$lname="";
$age="";
$email="";
function getPosts()
{
    $posts = array();
    $posts[0] = $_POST['fname'];
    $posts[1] = $_POST['lname'];
    $posts[2] = $_POST['age'];
    $posts[3] = $_POST['email'];
    return $posts;
}

if(isset($_POST['search']))
{
    $data = getposts();

    $result = mysqli_query($conn,"SELECT * FROM info
WHERE fname='$data[0]'");

    if($result)
    {
        if(mysqli_num_rows($result))
        {
            while($row = mysqli_fetch_array($result))
            {
                $fname = $row['fname'];
                $lname = $row['lname'];
                $age = $row['age'];
                $email = $row['email'];
                //here i need image to be retrieve from database
            }
        }else{
            echo 'no data found';
        }
    }else{
        echo 'result error';
    }
}
Neha
  • 1
  • 1
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – John Conde Apr 17 '17 at 11:31
  • You don't know what's wrong because you don't check for errors in your code. Never assume the code is always going to work flawlessly. Use [`mysqli_error()`](http://php.net/manual/en/mysqli.error.php) to get a detailed error message from the database. – John Conde Apr 17 '17 at 11:32

0 Answers0