How to upload images into MySQL database using PHP code

mysql html php database image-uploading

I am trying to save images in my database from HTML form. I have written PHP code to accomplish this task. The program is not generating any error message, but also not inserting image data in MySQL database. Kindly check it. Here i am sharing a excerpt from my code.

        /*-------------------
    IMAGE QUERY 
    ---------------*/


    $file   =$_FILES['image']['tmp_name'];
    if(!isset($file))
    {
      echo 'Please select an Image';
    }
    else 
    {
       $image_check = getimagesize($_FILES['image']['tmp_name']);
       if($image_check==false)
       {
        echo 'Not a Valid Image';
       }
       else
       {
        $image = file_get_contents ($_FILES['image']['tmp_name']);
        $image_name = $_FILES['image']['name'];
        if ($image_query = mysql_query ("insert into product_images values (1,'$image_name',$image )"))
        {
          echo $current_id;
         //echo 'Successfull';
        }
        else
        {
          echo mysql_error();
        }
       }
   }
        /*-----------------
    IMAGE QUERY END
    ---------------------*/

    <form action='insert_product.php' method='POST' enctype='multipart/form-data' ></br>
            File        : <input type='file' name= 'image' >
    </form>

Error Message You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1


Solution 1:

Firstly, you should check if your image column is BLOB type!

I don't know anything about your SQL table, but if I'll try to make my own as an example.

We got fields id (int), image (blob) and image_name (varchar(64)).

So the code should look like this (assume ID is always '1' and let's use this mysql_query):

$image = addslashes(file_get_contents($_FILES['image']['tmp_name'])); //SQL Injection defence!
$image_name = addslashes($_FILES['image']['name']);
$sql = "INSERT INTO `product_images` (`id`, `image`, `image_name`) VALUES ('1', '{$image}', '{$image_name}')";
if (!mysql_query($sql)) { // Error handling
    echo "Something went wrong! :("; 
}

You are doing it wrong in many ways. Don't use mysql functions - they are deprecated! Use PDO or MySQLi. You should also think about storing files locations on disk. Using MySQL for storing images is thought to be Bad Idea™. Handling SQL table with big data like images can be problematic.

Also your HTML form is out of standards. It should look like this:

<form action="insert_product.php" method="POST" enctype="multipart/form-data">
    <label>File: </label><input type="file" name="image" />
    <input type="submit" />
</form>

Sidenote:

When dealing with files and storing them as a BLOB, the data must be escaped using mysql_real_escape_string(), otherwise it will result in a syntax error.

Solution 2:

Just few more details

  • Add mysql field

`image` blob

  • Get data from image

$image = addslashes(file_get_contents($_FILES['image']['tmp_name']));

  • Insert image data into db

$sql = "INSERT INTO `product_images` (`id`, `image`) VALUES ('1', '{$image}')";

  • Show image to the web

<img src="data:image/png;base64,'.base64_encode($row['image']).'">

  • End

Related

Why does the JTable header not appear in the image?
Deserialize JSON to C# Classes
How to target a specific column or row in CSS Grid Layout?
I have an array of integers, how do I use each one in a mysql query (in php)? [duplicate]
How does the method overload resolution system decide which method to call when a null value is passed?
How do I get the current location of an iframe?
Find a string of text in an element and wrap some span tags round it
How create an array from the output of an array printed with print_r?
Python: make eval safe [duplicate]
Android deprecated apache module (HttpClient, HttpResponse, etc.)
Generating all distinct permutations of a list in R
How to read file from res/raw by name