问题
I am trying to save images in my database from HTML form. I have written PHP code to accomplish this task. The program is not generating any error message, but also not inserting image data in MySQL database. Kindly check it. Here i am sharing a excerpt from my code.
/*-------------------
IMAGE QUERY
---------------*/
$file =$_FILES[\'image\'][\'tmp_name\'];
if(!isset($file))
{
echo \'Please select an Image\';
}
else
{
$image_check = getimagesize($_FILES[\'image\'][\'tmp_name\']);
if($image_check==false)
{
echo \'Not a Valid Image\';
}
else
{
$image = file_get_contents ($_FILES[\'image\'][\'tmp_name\']);
$image_name = $_FILES[\'image\'][\'name\'];
if ($image_query = mysql_query (\"insert into product_images values (1,\'$image_name\',$image )\"))
{
echo $current_id;
//echo \'Successfull\';
}
else
{
echo mysql_error();
}
}
}
/*-----------------
IMAGE QUERY END
---------------------*/
<form action=\'insert_product.php\' method=\'POST\' enctype=\'multipart/form-data\' ></br>
File : <input type=\'file\' name= \'image\' >
</form>
Error Message You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \'\' at line 1
回答1:
Firstly, you should check if your image column is BLOB type!
I don't know anything about your SQL table, but if I'll try to make my own as an example.
We got fields id (int), image (blob) and image_name (varchar(64)).
So the code should look like this (assume ID is always '1' and let's use this mysql_query):
$image = addslashes(file_get_contents($_FILES['image']['tmp_name'])); //SQL Injection defence!
$image_name = addslashes($_FILES['image']['name']);
$sql = "INSERT INTO `product_images` (`id`, `image`, `image_name`) VALUES ('1', '{$image}', '{$image_name}')";
if (!mysql_query($sql)) { // Error handling
echo "Something went wrong! :(";
}
You are doing it wrong in many ways. Don't use mysql functions - they are deprecated! Use PDO or MySQLi. You should also think about storing files locations on disk. Using MySQL for storing images is thought to be Bad Idea™. Handling SQL table with big data like images can be problematic.
Also your HTML form is out of standards. It should look like this:
<form action="insert_product.php" method="POST" enctype="multipart/form-data">
<label>File: </label><input type="file" name="image" />
<input type="submit" />
</form>
Sidenote:
When dealing with files and storing them as a BLOB, the data must be escaped using mysql_real_escape_string(), otherwise it will result in a syntax error.
回答2:
Just few more details:
- Add mysql field
`image` blob
- Get data from image
$image = addslashes(file_get_contents($_FILES['image']['tmp_name']));
- Insert image data into db
$sql = "INSERT INTO `product_images` (`id`, `image`) VALUES ('1', '{$image}')";
- Show image to the web
<img src="data:image/png;base64,'.base64_encode($row['image']).'">
- End
回答3:
This is the perfect code for uploading and displaying image through MySQL database.
<html>
<body>
<form method="post" enctype="multipart/form-data">
<input type="file" name="image"/>
<input type="submit" name="submit" value="Upload"/>
</form>
<?php
if(isset($_POST['submit']))
{
if(getimagesize($_FILES['image']['tmp_name'])==FALSE)
{
echo " error ";
}
else
{
$image = $_FILES['image']['tmp_name'];
$image = addslashes(file_get_contents($image));
saveimage($image);
}
}
function saveimage($image)
{
$dbcon=mysqli_connect('localhost','root','','dbname');
$qry="insert into tablename (name) values ('$image')";
$result=mysqli_query($dbcon,$qry);
if($result)
{
echo " <br/>Image uploaded.";
header('location:urlofpage.php');
}
else
{
echo " error ";
}
}
?>
</body>
</html>
来源:https://stackoverflow.com/questions/17717506/how-to-upload-images-into-mysql-database-using-php-code