Store Image path in MYSQL with PHP

Question

My PHP file need to save the image in a server and store the image path in a MYSQL database.

My database imageid contains table image_table as below :

create table image_table
(
ID     INT not null AUTO_INCREMENT,
path   varchar(256),
primary key (ID)
)

My PHP Code is as below. Image saving in the server is working fine, but throws few errors storing the image path in DB. Error running the below PHP code :

Parse error: syntax error, unexpected '$conn' (T_VARIABLE) in   C:\xampp\htdocs\appinventor\postfile.php on line 7

The PHP Code with above error:

   <?PHP
$servername = "localhost";
$username = "root";
$password = "basis123";
$database = "imageid"
// Create connection
$conn = new mysqli($servername, $username, $password);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
} 
echo "Connected successfully";  


@mysqli_select_db($database) or die( "Unable to select database");

 $query = "INSERT INTO image_table (path) VALUES('$_GET['filename']')");
//mysql_query($query);

//File Transfer Logic
$data = file_get_contents('php://input');

if (!(file_put_contents($_GET['filename'],$data) === FALSE)) echo "File xfer completed."; // file    could be empty, though
 else echo "File xfer failed.";

 // $_GET['filename'] has the file name . and C:\xampp\htdocs\myapp is the file path
 echo $_GET['filename']
 //mysql_close();   
 ?>

When i remove the database connection and SQLQuery in php code the connection is successful. Removed lines of code for successful connection and log as "Connected successful"

 @mysqli_select_db($database) or die( "Unable to select database");

 $query = "INSERT INTO image_table (path) VALUES('$_GET['filename']')");
 //mysql_query($query);

Where did i go wrong ?Any suggestions ?

Answer 1

You need a semi colon after

 $database = "imageid"

so it should be

$database = "imageid";

You also don't want to be putting user input directly into your SQL. http://en.wikipedia.org/wiki/SQL_injection

Answer 2

You forgot semicolon after $database = "imageid"

$database = "imageid";

And you have extraneous parenthesis here:

$query = "INSERT INTO image_table (path) VALUES('$_GET['filename']')");

Try this:

<?php


    $servername = "localhost";
    $username = "root";
    $password = "basis123";
    $database = "imageid";
    // Create connection
    $conn = new mysqli($servername, $username, $password,$database);

    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    }
    echo "Connected successfully";


    mysqli_select_db($conn,$database);

    $query = "INSERT INTO image_table (path) VALUES('".$_GET['filename']."')";//also this is unsafe
    //mysql_query($query);

    //File Transfer Logic
    $data = file_get_contents('php://input');

    if (!(file_put_contents($_GET['filename'],$data) === FALSE)) echo "File xfer completed."; // file    could be empty, though
    else echo "File xfer failed.";

    // $_GET['filename'] has the file name . and C:\xampp\htdocs\myapp is the file path
    echo $_GET['filename']
    //mysql_close();   
    ?>

Answer 3

Main problem:

$database = "imageid" 
                     ^----missing ;
$conn = new m

PHP strings+arrays 101: You cannot use quoted array keys within a double-quoted string, unless you use the {}-extended syntax:

$foo = "$arr['key']"; // bad
$foo = "$arr[key]"; // ok
$foo = "{$arr['key']}"; // ok

So:

 $query = "INSERT INTO image_table (path) VALUES('$_GET['filename']')");
                                                        ^--------^

is wrong, as well as being vulnerable to SQL injection attacks.