0

I have an upload function where the image is uploaded into the database then I want to echo the image but the problem is if I update the image, it won't show but if it is the first upload the image is showing here's how I upload the image

   include('phpqrcode/qrlib.php'); 
//start of register function
if (isset($_POST['student-registration'])) {

    // get image - student picture
    $check = getimagesize($_FILES["image"]["tmp_name"]);
    if($check !== false){
        $image = $_FILES['image']['tmp_name'];
        $imgContent = addslashes(file_get_contents($image));
        }
    else{
        array_push($errors, "Please select an image to upload");
    }

here's how I echo the image please note that I echo the image in a different file i'm including the file where the upload function is located

<?php   echo '<img src="data:image/jpeg;base64,'.base64_encode($image).'" style ="width:200px; height:200px;"/>'; ?>


<?php

i only have one data field for the image and it is called image from userinfo table

here's how I fetch the arrays from my database table

 $UserID = $_POST['UserID'];

// mysql search query
$query = "SELECT * FROM userinfo WHERE UserID = '$UserID' LIMIT 1";
$result = mysqli_query($db, $query);

// if code exist 
// show data in inputs

if(mysqli_num_rows( $result) > 0)
{
  while ($row = mysqli_fetch_array($result))
  {
    $UserType= $row['UserType'];
    if ($UserType != "Student")
    {
        echo '<span style="color:#FF0000;text-align:center;">Oppss... Student ID not FOUND!</span>';
        $UserID = "";
    }
    else //get data from database to retrieve and display in students registration form
    {

            $StudName = $row['LName'].","." " .$row['FName']." ".$row['MName'];
            $UserType= $row['UserType'];
            $UserID = $row['UserID'];
            $FName = $row['FName'];
            $MName = $row['MName'];
            $LName = $row['LName'];
            $EName = $row['EName'];
            $Gender = $row['Gender'];
            $Address = $row['Address'];
            $ContactNo = $row['ContactNo'];
            $EmailAddress = $row['EmailAddress'];
            $College = '<option value="' . $row['College'] . '">' ;
            $Department = $row['Department'];
            $Course = $row['Course'];
            $YearLevel = $row['YearLevel'];
            $ParentName = $row['ParentName'];
            $ParentEmail = $row['ParentEmail'];
            $ParentContact = $row['ParentContact'];
            $image = $row['image']; // image from the database 
    }
  }  
}

thanks in advance

dread
  • 51
  • 1
  • 8
  • Prevent SQL injection as per [How can I prevent SQL injection in PHP](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – danblack Feb 18 '19 at 23:07
  • If you look at [addslashes](https://secure.php.net/manual/en/function.addslashes.php) you'll note 'The addslashes() is sometimes incorrectly used to try to prevent SQL Injection.' – danblack Feb 18 '19 at 23:09

1 Answers1

0

When querying your DB you are putting in $image the image's content. When updating image, you are putting in $image the image's name. This is why your image is not displaying after update. You need to: OR put image content in $image while updating

- $image = $_FILES['image']['tmp_name'];
- $imgContent = addslashes(file_get_contents($image));
+ $img_name = $_FILES['image']['tmp_name'];
+ $image = file_get_contents($img_name);
+ $imgContent = addslashes($image);

OR execute your query part after update.

fifonik
  • 1,556
  • 1
  • 10
  • 18