0

the code gives the following error:

 Warning: mysql_select_db() expects parameter 1 to be string, object given in \imgtest.php on line 35

 Warning: mysql_query() expects parameter 1 to be string, object given in 
\imgtest.php on line 37

Heres the code: 

<!DOCTYPE html>
<html>

<body background="bla.jpg" >

<h3>Register with us</h3>

<form enctype="multipart/form-data" method="POST">
<input type="file" name="image" />

<input type="submit" name="sumit" value="upload te image" />
</form>
<?php
if(isset($_POST["sumit"]))
{
    if(getimagesize($_FILES['image']['tmp_name'])== FALSE)
    {
        echo "blablabla";
    }else{
        $image= addslashes($_FILES['image']['tmp_name']);
        $name= addslashes($_FILES['image']['name']);
        $image= file_get_contents($image);
        $image= base64_encode($image);
        saveimage($name,$image);
    }
}

function saveimage($name,$image)
{
    $con=mysqli_connect("localhost","root","","mydb");
    mysql_select_db($con,"photos");
    $qry="insert into images101 (name,image) values ('$name','$image')";
    $result=mysql_query($con,$qry);
    if($result)
    {
        echo "imahe uploaded";
    }
    else
    {
        echo "image not uploaded";
    }
}
?>
</body>
</html>
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
happyswine44
  • 33
  • 2
  • You want to execute a mysql query with mysqli connection info. You should adjust your code to only use mysqli functions, both for security reasons, and in your case ( I hope you are still learning and using an old tutorial ) to make your script work – Nikos Gkogkopoulos May 02 '18 at 13:26
  • 1
    Your script is wide open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's – RiggsFolly May 02 '18 at 13:27
  • `mysql_select_db("photos");` – RiggsFolly May 02 '18 at 13:28
  • Or `mysql_select_db("photos", $con);` Then throw away all the database access code and move to `mysqli_` or `PDO` – RiggsFolly May 02 '18 at 13:29
  • You are creating connection using Mysqli **mysqli_connect** but selecting database using **mysql_select_db** instead of **mysqli_select_db**. Use Mysqli functions will solve your poblem. – Aman jaura May 02 '18 at 13:29
  • Every time you use [the `mysql_`](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) database extension in new code **[this happens](https://media.giphy.com/media/kg9t6wEQKV7u8/giphy.gif)** it is deprecated and has been for years and is gone for ever in PHP7. If you are just learning PHP, spend your energies learning the `PDO` or `mysqli` database extensions and prepared statements. [Start here](http://php.net/manual/en/book.pdo.php) – RiggsFolly May 02 '18 at 13:29
  • Some sensible code indentation would be a good idea. It helps us read the code and more importantly it will help **you debug your code** [Take a quick look at a coding standard](http://www.php-fig.org/psr/psr-2/) for your own benefit. You may be asked to amend this code in a few weeks/months and you will thank me in the end. – RiggsFolly May 02 '18 at 13:30

0 Answers0