My image is not uploading after click "upload" button into database

Question

i'm uploading my image into database but after clicking uploading button, it's not uploaded into database, it's just refresh and when i add pic manually into database it's into my website, here is my pic

Click here

here is source code to upload image:

    <?php
include('lock.php');

mysqli_connect("localhost", "root", "Bhawanku", "members");

if(isset($_POST['emp_name'])){

    $content=file_get_contents($_FILES['pic']['tmp_name']);

    @list(, , $imtype, ) = getimagesize($_FILES['pic']['tmp_name']);

    if ($imtype == 3){
        $ext="png";
    }elseif ($imtype == 2){
        $ext="jpeg";
    }elseif ($imtype == 1){
        $ext="gif";
    }

    $q="insert into employees set empname='".$_POST['emp_name']."',profile_pic='".$content."',ext='".$ext."'";
    mysql_query($q);
    header("location: getting_started.php");
}
?>

<html>
<head>
    <title>Getting started..</title>
</head>
<style>
    body{
        background-color: #993333;
    }

    #box{
        -webkit-box-shadow: 0px 0px 10px 0px rgba(110, 48, 50, 0.75);
        -moz-box-shadow: 0px 0px 10px 0px rgba(110, 48, 50, 0.75);
        box-shadow: 0px 0px 10px 0px rgba(110, 48, 50, 0.75);
        background-color: #F0F0F0;
        position: fixed;
        width: 70%;
        left: 18%;
        top: 8%;
        height: 70%;
    }

    #user_pic{
        position: absolute;
        top: 18%;
        left: 12%;
    }

    h1{
        position: fixed;
        left: 19%;
        font-family: Throw My Hands Up in the Air;
    }

    #btn_pos{
        position: absolute;
        left: 45%;
        top: 38%;
    }

    #next_btn{
        border:1px solid #2a2c2f; -webkit-border-radius: 3px; -moz-border-radius: 3px;border-radius: 3px;font-size:12px;font-family:arial, helvetica, sans-serif; padding: 7px 30px 8px 30px; text-decoration:none; display:inline-block;text-shadow: -1px -1px 0 rgba(0,0,0,0.3);font-weight:bold; color: #FFFFFF;
        background-color: #45484d; background-image: -webkit-gradient(linear, left top, left bottom, from(#45484d), to(#000000));
        background-image: -webkit-linear-gradient(top, #45484d, #000000);
        background-image: -moz-linear-gradient(top, #45484d, #000000);
        background-image: -ms-linear-gradient(top, #45484d, #000000);
        background-image: -o-linear-gradient(top, #45484d, #000000);
        background-image: linear-gradient(to bottom, #45484d, #000000);filter:progid:DXImageTransform.Microsoft.gradient(GradientType=0,startColorstr=#45484d, endColorstr=#000000);
        margin: 140px 0px 0px 220px;
        cursor: pointer;
    }

    #btn_upload{
        border:1px solid #2a2c2f; -webkit-border-radius: 3px; -moz-border-radius: 3px;border-radius: 3px;font-size:12px;font-family:arial, helvetica, sans-serif; padding: 7px 30px 10px 30px; text-decoration:none; display:inline-block;text-shadow: -1px -1px 0 rgba(0,0,0,0.3);font-weight:bold; color: #FFFFFF;
        background-color: #45484d; background-image: -webkit-gradient(linear, left top, left bottom, from(#45484d), to(#000000));
        background-image: -webkit-linear-gradient(top, #45484d, #000000);
        background-image: -moz-linear-gradient(top, #45484d, #000000);
        background-image: -ms-linear-gradient(top, #45484d, #000000);
        background-image: -o-linear-gradient(top, #45484d, #000000);
        background-image: linear-gradient(to bottom, #45484d, #000000);filter:progid:DXImageTransform.Microsoft.gradient(GradientType=0,startColorstr=#45484d, endColorstr=#000000);
        margin: 10px 0px 0px 0px;
        cursor: pointer;
    }

    #img_pos{
        position: fixed;
        top: 20%;
        left: 22%;
        width: 25%;
        height: 30%;
    }


</style>
<body>
<div id="box">
    <h1>Add your profile pic to look better ;)</h1>
<?php
$q="select * from employees";
$resultset=mysql_query($q);
if(mysql_num_rows($resultset)==0){
    ?>
    <div id="user_pic">
        <img id="img_pos" src="Images/default_user.png" >
    </div>
<?php
}
while($rec=mysql_fetch_array($resultset)){
    ?>
        <img id="img_pos" src="load_image.php?pic_id=<?php echo $rec['id'];?>" >
<?php
}
?>

    <div id="btn_pos">
    <form method="post" action="" enctype="multipart/form-data">
        <input type="file" name="pic"><br>
        <button id="btn_upload" type="submit">Upload now..</button>
    </form>
        <form>
            <button id="next_btn" type="submit" name="next">Next</button>
        </form>
    </div>
</div>
</body>
</html>

and here is source code for database:

<?php
mysql_connect("localhost","root", "Bhawanku");
mysql_select_db("members");
$q="select * from employees where id=".$_GET['pic_id'];
$rec=mysql_fetch_array(mysql_query($q));
$data=$rec['profile_pic'];
header('Content-Length: '.strlen($data));
header("Content-type: image/".$rec['ext']);
echo $data;

EDITED:-

Hello, i found my problem is causing because i was not using this

 <input type="text" name="emp_name" />

as i delete this into my code, it will simply not save my pic into database because of this code, if i use this, it will update my pic, so can you tell me the way that has not to be used into my code and pic would be able to upload into database pls help :( because all my problem is causing due to this..

Mixed usage of *mysqli* and *mysql* extensions. Pick one (hint, it's **not** *mysql*) — Phil, Apr 07 '14 at 03:08
In your first code example, you use `mysqli_connect` to connect to your database (yet you don't set the return value to anything) and then you go on to use `mysql_query`. The two are incompatible. — Phil, Apr 07 '14 at 03:13

score 0 · Answer 1 · answered Apr 07 '14 at 03:12

0

You're uploading binary image data which you're then incorporating in a text query to be sent to the database server. I imagine the query is failing with a syntax error but you'd never know because you're not checking for any errors.

As an initial step change your query line to this:

mysql_query($q) or die(mysql_error());

That will at least report any SQL errors.

You shouldn't really be storing images in the database - the filesystem is much better at it - but if you must, use base64_encode() on the file contents first.

Side notes:

mysql_*() is deprecated - use mysqli_() or PDO instead.
you aren't escaping your $_POST variables before using them in your query - this is an SQL Injection susceptibility. Look at mysql_real_escape_string() for this as a minimum, but consider prepared statements.

Edit - you're mixing mysql() and mysqli() functions. they're different and can't be mixed like this. Use 'mysqli()' only. (Thanks to @Phile for that catch).

answered Apr 07 '14 at 03:12

There's no need to use base64 encoding. You can easily store binary data directly in the database. See http://stackoverflow.com/questions/17/binary-data-in-mysql – Phil Apr 07 '14 at 03:14
@user3309991 you need to reflect any changes in your question's code – Phil Apr 07 '14 at 03:18
@Phil - you can store binary data in a MySQL database, yes, but you can't get it there by dumping it in the middle of a text query. It's not really important anyway - there's so much wrong here that I doubt our friend will ever get it working effectively. – Apr 07 '14 at 03:53
@MikeW *"you can't get it there by dumping it in the middle of a text query"* ~ actually, you can :) – Phil Apr 07 '14 at 03:54

My image is not uploading after click "upload" button into database

1 Answers1