-2

I am working in php I want browse and upload the image file

this is my php code

<?php
if(isset($_POST['submit']))
{
    $link= mysql_connect('localhost','root','');
    mysql_select_db('bawa'); 


    if(isset($_FILES['image']) && $_FILES['image']['size'] >0)
    {
        //Temporary file name stored on the server 
        $tmpname = $_FILES['image']['tmp_name'];
        //read a file 
        $fp = fopen($tmpname,'r');
        $data=fread($fp,filesize($tmpname));
        $data=addslashes($data);
        fclose($fp);
        $query = ("UPDATE user_summary SET image='$data' where user_id=2");
        $query .= "(image) VALUES ('$data)";
        $results = mysql_query($query,$link);
        echo "Working code";
    }
    else{
        echo mysql_error();
    }
}
?>

when i click on submit button my image should updated in my database but its not updating in database any help?

Faisal Amdani
  • 109
  • 14
  • 2
    Try commenting out the line `$query .= "(image) VALUES ('$data)";` as this isn't part of an update query. – Nigel Ren Feb 08 '18 at 09:07
  • 2
    Don't update images in database. It's not recommended. Store them on server. – Amit Merchant Feb 08 '18 at 09:07
  • 2
    You are using [an obsolete database API](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) and should use a [modern replacement.](http://php.net/manual/en/mysqlinfo.api.choosing.php) – Ravi Sachaniya Feb 08 '18 at 09:07
  • You should use mysqli or PDI and prepared statements https://www.w3schools.com/php/php_mysql_prepared_statements.asp – kiks73 Feb 08 '18 at 09:10
  • just save the name of the image to database and the image will be saved on disk or in folder which can be fetched by absolute path. So if you wants to update the image please change the name of the image in database or add a new image. – Himanshu Feb 08 '18 at 09:18
  • @NigelRen it worked thnk u ! – Faisal Amdani Feb 08 '18 at 11:31

1 Answers1

0

The main problem at the moment is the line...

$query .= "(image) VALUES ('$data)";

This looks more like something that would be part of an INSERT statement. Commenting this out should mean the UPDATE should be correct.

Although as pointed out - you should work towards updating this to use either PDO or mysqli libraries and using prepared statements and bind variables.

Nigel Ren
  • 56,122
  • 11
  • 43
  • 55