0

I am trying to update of an blob image using base64_encode but when I pressed button Update its successfully update the text and image however the image is not properly display

HERE'S MY EDIT CODE:

if(isset($_POST['edit'])){

    $updateitemName = $_POST['itemName'];
    $updateitemDescription = $_POST['litemDescription'];
    $updateitemPrice = $_POST['itemPrice'];

    //when user upload image to update
    if(isset($_FILES['itemIMG']['name'])){
        $updateImage = $_FILES['itemIMG']['name'];
        $updateimageTempLoc = $_FILES['itemIMG']['tmp_name'];
        $pathIMG = "image/".base64_encode($updateImage);
        move_uploaded_file($updateimageTempLoc,$pathIMG);

        $sql = "UPDATE item SET ITEM_NAME = '$updateitemName',
        ITEM_DESCRIPTION = '$updateitemDescription',
        ITEM_IMG  = '$updateImage',
        ITEM_PRICE = '$updateitemPrice'  WHERE ITEM_ID = $updateitemID";

        $results=mysqli_query($conn,$sql);

        if($results){
            $messages = "Successfully updated Item";
            echo "<script type='text/javascript'>alert('$messages');window.location.replace('item.php');</script>";
        }else{
            die(mysqli_error($conn));
        }

        //if the user update the text only not inlcude the image          
    }else{
        
        $sql = "UPDATE item SET ITEM_NAME = '$updateitemName',
        ITEM_DESCRIPTION = '$updateitemDescription',
        ITEM_PRICE = '$updateitemPrice'  WHERE ITEM_ID = $updateitemID";

        $results=mysqli_query($conn,$sql);
        if($results){
            $messages = "Successfully updated Item";
            echo "<script type='text/javascript'>alert('$messages');window.location.replace('myinventoryitem.php');</script>";
        }else{
            die(mysqli_error($conn));
        }
    }
}
M. Eriksson
  • 13,450
  • 4
  • 29
  • 40
Christian Caranoo
  • 3
  • 3
  • Please expand on what you mean by _"not properly display"_. – M. Eriksson Apr 18 '22 at 09:43
  • **Warning!** You're open to [SQL injection attacks](https://owasp.org/www-community/attacks/SQL_Injection)! Read [how to prevent SQL injection in PHP](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) by using prepared statements with bound parameters instead of injecting variables directly into your queries. It's not just about security. If your data contains, for example, a single quote `'`, your query will break. – M. Eriksson Apr 18 '22 at 09:44
  • iThe image is broken or its only display the alt in the image src – Christian Caranoo Apr 18 '22 at 09:45
  • _"I am trying to update of an blob image using base64_encode"_ - Actually, you're not. All your code is doing is to store the original filename in the database while renaming the file on the server (you're base64 encoding the filename) when you move it from the temp folder. I honestly have no idea what you're actually are trying to do here. But after this, the filename of the actual file on the server will be different from the filename in the database. – M. Eriksson Apr 18 '22 at 09:55
  • `Image` the $updateitemID is above from the isset($_POST['edit'] here's the code `$updateitemID = $_GET['itemID']; $sql = "SELECT * FROM item WHERE ITEM_ID = $updateitemID"; $result = mysqli_query($conn,$sql);` – Christian Caranoo Apr 18 '22 at 09:56

0 Answers0