3

I want to make profile page in PHP where I should display information of Logged in user including profile photo for that purpose. I want to store uploaded image in database. I have written script but it give me some error in SQL statement.

My php script

<?php
include("configdb.php");
    function GetImageExtension($imagetype)
     {
       if(empty($imagetype)) return false;
       switch($imagetype)
       {
           case 'image/bmp': return '.bmp';
           case 'image/gif': return '.gif';
           case 'image/jpeg': return '.jpg';
           case 'image/png': return '.png';
           default: return false;
       }
     }
if (!empty($_FILES["uploadedimage"]["name"])) {
    $file_name=$_FILES["uploadedimage"]["name"];
    $temp_name=$_FILES["uploadedimage"]["tmp_name"];
    $imgtype=$_FILES["uploadedimage"]["type"];
    $ext= GetImageExtension($imgtype);
    $imagename=date("d-m-Y")."-".time().$ext;
    $target_path = "../Photos/".$imagename;
if(move_uploaded_file($temp_name, $target_path)) {
    $query_upload="INSERT into 'images_tbl' ('images_path','submission_date') VALUES
('".$target_path."','".date("Y-m-d")."')";
    mysql_query($query_upload) or die("error in $query_upload == ----> ".mysql_error()); 
}else{
   exit("Error While uploading image on the server");
}
}
?>;

I got following error

error in INSERT into 'images_tbl' ('images_path','submission_date') VALUES ('../Photos/03-10-2016-1475478958.jpg','2016-10-03') == ----> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''images_tbl' ('images_path','submission_date') VALUES ('../Photos/03-10-2016-14' at line 1**

Improve this question

4 Answers 4

Reset to default
2

You are mixing Mysqli with Mysql try like this

 $query_upload="INSERT into images_tbl (`images_path`,`submission_date`) VALUES
('".$target_path."','".date("Y-m-d")."')";    
mysqli_query($conn,$query_upload) or die("error in $query_upload == ----> ".mysqli_error($conn));

instead of

 $query_upload="INSERT into 'images_tbl' ('images_path','submission_date') VALUES
('".$target_path."','".date("Y-m-d")."')";
    mysql_query($query_upload) or die("error in $query_upload == ----> ".mysql_error());

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

You are using quotes around the tablename and columns where it should be backticks, so change:

$query_upload="INSERT into 'images_tbl' ('images_path','submission_date') VALUES
('".$target_path."','".date("Y-m-d")."')";

to

$query_upload="INSERT into `images_tbl` (`images_path`,`submission_date`) VALUES
('".$target_path."','".date("Y-m-d")."')";

That said, the code is vulnerable to sql injection and you are using the now deprecated and obsolete mysql_* functions - change to eitehr mysqli or PDO and begin using prepared statements.

As your db connection is mysqli you need to use mysqli_query and other associated functions and not mix them with the older mysql functions.

$result=mysqli_query($conn, $query_upload) or die('error');
Improve this answer

4 Comments

Sir still got error in INSERT into images_tbl (images_path,submission_date) VALUES ('../Photos/03-10-2016-1475479781.jpg','2016-10-03') == ----> No database selected
Can you therefore share the configdb.php code too
<?php $servername="localhost"; $username="root"; $password=""; $dbname = "firstdb"; $conn=mysqli_connect($servername,$username,$password,$dbname); if($conn->connect_error) { die("connection failed".$conn->connect_error); } echo "Connected Successfully"; ?>
You are mixing mysqli and mysql functions
1

You have error in your mysql query, no need to use singlequotes for table name in query use backtick 

$query_upload="INSERT into `images_tbl` (`images_path`,`submission_date`) VALUES
('".$target_path."','".date("Y-m-d")."')";

or use without any quote or backtick.

$query_upload="INSERT into images_tbl (`images_path`,`submission_date`) VALUES
('".$target_path."','".date("Y-m-d")."')";
Improve this answer

2 Comments

still have error INSERT into images_tbl (images_path,submission_date) VALUES ('../Photos/03-10-2016-1475479848.jpg','2016-10-03') == ----> No database selected
check your configdb.php is including or not ? or you have selected the correct database or not ?
1

Please try the following query, I am sure it will work.

$query_upload="INSERT INTO `images_tbl`(`images_path`, `submission_date`) VALUES ('".$target_path."','".date("Y-m-d")."')";

The name of table and columns should not be surrounded by quotations. Instead either use backtick or nothing.

Note:

mysql_* is deprecated as of . So instead use mysqli_* or PDO.
Why shouldn't I use mysql_* functions in PHP?

Improve this answer

1 Comment

i have applied that before but got Mysqli and Msql Mixing error Thanks any ways solved now

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.