How to upload images into MySQL database using PHP code

Question

I am trying to save images in my database from HTML form. I have written PHP code to accomplish this task. The program is not generating any error message, but also not inserting image data in MySQL database. Kindly check it. Here i am sharing a excerpt from my code.

        /*-------------------     IMAGE QUERY      ---------------*/       $file   =$_FILES['image']['tmp_name'];     if(!isset($file))     {       echo 'Please select an Image';     }     else      {        $image_check = getimagesize($_FILES['image']['tmp_name']);        if($image_check==false)        {         echo 'Not a Valid Image';        }        else        {         $image = file_get_contents ($_FILES['image']['tmp_name']);         $image_name = $_FILES['image']['name'];         if ($image_query = mysql_query ("insert into product_images values (1,'$image_name',$image )"))         {           echo $current_id;          //echo 'Successfull';         }         else         {           echo mysql_error();         }        }    }         /*-----------------     IMAGE QUERY END     ---------------------*/      <form action='insert_product.php' method='POST' enctype='multipart/form-data' ></br>             File        : <input type='file' name= 'image' >     </form> 

Error Message You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Answer 1

Firstly, you should check if your image column is BLOB type!

I don't know anything about your SQL table, but if I'll try to make my own as an example.

We got fields id (int), image (blob) and image_name (varchar(64)).

So the code should look like this (assume ID is always '1' and let's use this mysql_query):

$image = addslashes(file_get_contents($_FILES['image']['tmp_name'])); //SQL Injection defence! $image_name = addslashes($_FILES['image']['name']); $sql = "INSERT INTO `product_images` (`id`, `image`, `image_name`) VALUES ('1', '{$image}', '{$image_name}')"; if (!mysql_query($sql)) { // Error handling     echo "Something went wrong! :(";  } 

You are doing it wrong in many ways. Don't use mysql functions - they are deprecated! Use PDO or MySQLi. You should also think about storing files locations on disk. Using MySQL for storing images is thought to be Bad Idea™. Handling SQL table with big data like images can be problematic.

Also your HTML form is out of standards. It should look like this:

<form action="insert_product.php" method="POST" enctype="multipart/form-data">     <label>File: </label><input type="file" name="image" />     <input type="submit" /> </form> 

---

Sidenote:

When dealing with files and storing them as a BLOB, the data must be escaped using mysql_real_escape_string(), otherwise it will result in a syntax error.

Answer 2

Just few more details：

• Add mysql field

`image` blob

• Get data from image

$image = addslashes(file_get_contents($_FILES['image']['tmp_name']));

• Insert image data into db

$sql = "INSERT INTO `product_images` (`id`, `image`) VALUES ('1', '{$image}')";

• Show image to the web

<img src="data:image/png;base64,'.base64_encode($row['image']).'">

• End