1

I want to upload an image into database using PHP. I get the following error when trying to upload: 

Error:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

dbname:img    
tablename:image   
column:img   
type:LongBLob.

I've already managed to connect to the database before and was able to insert anything except image contents. Here is my code:

<form method="post" enctype="multipart/form-data">
  <input type="file" name="file">
  <button>Go</button>
</form>

<?php
  $C = new mysqli("localhost","root","","img");

  if(!$C->error) {
    echo "Connected";
  } else {
    echo $C->error;
  }

  if(isset($_FILES['file'])) {
    $F = file_get_contents($_FILES['file']['tmp_name']);
    $Q = "insert into image (img) values('$F')";
    $R = $C->query($Q);
    if($R == true) {
      echo "ok";
    } else {
      echo $C->error;
    }
  }
?>
Improve this question
1
  • I noticed you don't check whether there's actually a connection to the database. See: php.net/manual/en/mysqli.examples-basic.php It would also be helpful if you reported the whole and exact error message. Or are you doing that already? Commented Sep 15, 2018 at 10:29

3 Answers 3

Reset to default
1

You get this error because you're essentially taking the raw contents of the file, and dumping it into the SQL statement without any form of sanitizing, or encoding.

Try: addslashes

Simply using addslashes would escape any conflicting characters that would cause the SQL query to fail.

$F = file_get_contents($_FILES['file']['tmp_name']);
$data = addslashes($F);
$Q = "insert into image (img) values('$data')";

Try: base64_encode

An alternative may be to use base64_encode instead.

Note: When using this method, your img column should be of type TEXT

$F = file_get_contents($_FILES['file']['tmp_name']);
$encoded = base64_encode($F);
$Q = "insert into image (img) values('$encoded')";

When retrieving the value from the database, you'll need to base64_decode in order to get the raw data back again.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Check first whether you are connected with the database by :

$C = new mysqli("localhost","root","","img");
if ($C->connect_errno) {
  echo "Errno: " . $mysqli->connect_errno . "\n";
  echo "Error: " . $mysqli->connect_error . "\n";
}
Improve this answer

Comments

0

Try This

<form method="post" enctype="multipart/form-data">
<input type="file" name="file">
<button type="submit">Go</button>
</form>



<?php
$db_host = "localhost"; 
$db_username = "root";  
$db_pass = "";  
$db_name = "img"; 
$conn= mysqli_connect("$db_host","$db_username","$db_pass", "$db_name") or die ("could not connect to mysql");

if(isset($_FILES['file'])) {
$target_dir = "uploads/";//folder name to mave uploaded file
$target_file = $target_dir . basename($_FILES["file"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
$check = getimagesize($_FILES["file"]["tmp_name"]);
if($check !== false) {
    echo "File is an image - " . $check["mime"] . ".";
    $uploadOk = 1;
} else {
    echo "File is not an image.";
    $uploadOk = 0;
}

// Check if file already exists
if (file_exists($target_file)) {
echo "Sorry, file already exists.";
$uploadOk = 0;
}
// Check file size
if ($_FILES["file"]["size"] > 20000000) {
echo "Sorry, your file is too large Max file size is 2.5MB.";
$uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" 
&& $imageFileType != "gif" ) {
echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["file"]["tmp_name"], $target_file)) {

    $image_name = basename( $_FILES["file"]["name"]);


 } else {
    $image_name = "default.jpg";
 }
 }
 mysqli_query($conn, "INSERT INTO image (img) VALUES('$image_name ')"")or die  (mysqli_error($conn));

 echo '<p align="center">Successful</p>';    

 }
 ?>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.