How to Properly Upload Images to a MySQL Database Using PHP?

Uploading Images to a MySQL Database Using PHP

Inserting images into a MySQL database using PHP requires several steps. Let's address the issues in the code you provided:

1. Database Table Structure:

Ensure that your database table has a column defined as BLOB or MEDIUMBLOB type to store the image data.

2. Prepared Statements:

Instead of using the deprecated mysql_query() function, switch to prepared statements using PDO or MySQLi. Prepared statements prevent SQL injection vulnerabilities.

3. Proper Image Handling:

The current code retrieves the image data directly from the temporary file. This is a security risk. Instead, use file_get_contents() with the FILE_BINARY option to ensure that the binary content is properly handled.

4. Sanitization:

Sanitize the image data using addslashes() or mysqli_real_escape_string() to prevent SQL injection.

5. Correct Insert Query:

The insert query should match the table structure and sanitize the data accordingly. Here's a corrected version:

$stmt = $mysqli->prepare("INSERT INTO product_images (id, image, image_name) VALUES (?, ?, ?)");
$stmt->bind_param("sis", 1, $image, $image_name);
$image = file_get_contents($_FILES['image']['tmp_name'], FILE_BINARY);
$image_name = addslashes($_FILES['image']['name']);
if ($stmt->execute()) {
    echo "Image uploaded successfully";
} else {
    echo "Error: " . $mysqli->error;
}

6. HTML Form:

The HTML form should use the enctype="multipart/form-data" attribute, which allows binary data to be transmitted in the request. Additionally, use a proper closing tag for the

element.

<form action="insert_product.php" method="POST" enctype="multipart/form-data">
    <label>File:</label>
    <input type="file" name="image">
    <input type="submit">
</form>

The above is the detailed content of How to Properly Upload Images to a MySQL Database Using PHP?. For more information, please follow other related articles on the PHP Chinese website!