1

I have a database set up and am trying to upload an image to it. The database is called 'blob' and has 3 fields. id, name and image, with image set as blob. When trying to upload the image i get an error that i am unsure of. Below is my code.

<?php
include ("dbConnect.php");
?>

<form action="imageuploadtest.php" enctype="multipart/form-data" method="post">
<input name="image" type="file"><input name="submit" type="submit" value="Upload">
</form>

<?php 

if(isset($_POST['submit']))
{

  $imageName = $_FILES["image"]["name"];
  $imageData = file_get_contents($_FILES["image"]["tmp_name"]);
  $imageType = $_FILES["image"]["type"];

  if(substr($imageType,0,5)=="image")
  {
     $dbQuery = $db->prepare("INSERT INTO blob ( name, image) VALUES ('$imageName', '$imageData')");
     $dbQuery->execute();
  }
  else
  {
   echo "only images are allowed";
  } 
}
?>

The database connection is fine, but i get the following error message that i am usure of how to fix.

 Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number: mixed named and positional parameters' in N:\ftp\compc\d12ac1\FlightsFromNI\imageuploadtest.php:23 Stack trace: #0 N:\ftp\compc\d12ac1\FlightsFromNI\imageuploadtest.php(23): PDO->prepare('INSERT INTO blo...') #1 {main} thrown in N:\ftp\compc\d12ac1\FlightsFromNI\imageuploadtest.php on line 23.

Any help would be appreciated. Thanks.

EDIT: Have now changed my table name from blob to imgupload but still get the same error message?

Improve this question
11
  • 1
    blob is a reserved word in mysql. You'll have to enclose your table name in backticks. It's better to avoid using reserved words as table or column names all together. Commented Mar 25, 2015 at 20:57
  • you are not using PDO correctly and are subject to SQL injections in the manner in which you are using it. Commented Mar 25, 2015 at 20:58
  • and if you really want to use "blob" as your table name then change it in your query to "INSERT INTO `blob`..." Commented Mar 25, 2015 at 20:59
  • To all ^ - I had my answer prepared about 4.5 mins ago prior to this comment, and wanted to make sure that was the case and researched it before I hit the "Post answer" button ;-) My answer was not pulled from comments. Commented Mar 25, 2015 at 21:01
  • 1
    Nota: It's usually best to store files in folders and make a reference to the file, rather than storing binary data in a table. This will eventually dramatically increase your database size. Commented Mar 25, 2015 at 21:23

2 Answers 2

Reset to default
4

blob is a MySQL reserved word

Either rename your table to something else, or use ticks around it:

INSERT INTO `blob` ...

Nota: It's usually best to store files in folders and make a reference to the file, rather than storing binary data in a table. This will eventually dramatically increase your database size.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

It's not about blob. It's about binary data. Try to use that line (but it may also not work):

$db->prepare("INSERT INTO blob ( name, image) VALUES ('$imageName', " . $db->quote($imageData) . ")");

Also your query is not SAFE (for hackers), you should be sanitizing all input to your database. PDO has great support for prepared statements.

Improve this answer

1 Comment

Thanks this seems to work. Will also look into making the query safer.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.