input file Update images inside database

Question

So im trying to change the image thats already inside the database but i cant seem to make it work i kept looking at tutorials and other related questions but couldnt find the exact solution.

this is what i have in php

// Als de knop van de formulier is ingedrukt update de data dat van de database afkomt

if (isset($_POST['update'])) {


if (isset($_GET['id'])) {
          $chauffeurs_id = $_GET['id'];
        }


if (isset($_POST['Chauffeurs_foto'])) {
            $Chauffeurs_foto = $_POST['Chauffeurs_foto'];
        }


$sql = "SELECT * FROM chauffeurs ORDER BY 'chauffeurs_geboortedatum ASC";
        $sql = "UPDATE `chauffeurs`
        SET `Chauffeurs_foto`=$Chauffeurs_foto
        WHERE `id`='$chauffeurs_id'";


$result = $conn->query($sql);

        if ($result == TRUE){
            echo "Aanpassingen zijn voltooid.";
        }else{
            echo "Error:" . $sql . "<br>" . $conn->error;
        }
    }




if (isset($_GET['id'])) {
      $id = $_GET['id'];


$sql = "SELECT * FROM `chauffeurs` WHERE `id`='$id'";



$result = $conn->query($sql);



if ($result->num_rows > 0) {
        while ($row = $result->fetch_assoc()) {
            $id = $row['id'];
            $chauffeurs_foto = $row['chauffeurs_foto'];
}
$backId = $_SESSION['krijgid'];

Here is my html code:

<!-- Formulier waar alles in komt om te veranderen -->  
<form action="" method="post" enctype='multipart/form-data' >
          <fieldset>
           <legend>Gegevens chauffeur:</legend>
             <div class="form-group col-md-4">


//I did it like this so i could style the input file

<input type="file" name="file" id="file"  class="inputfile" value="data:image/jpeg;base64, <?php.base64_encode($row['chauffeurs_foto']).?>" />
<label class="btn btn primary"for="file">Choose a file</label>

<input type="submit" value="Chauffeur Aanpassen" name="update">
</fieldset>
</form>
</div>

If anyone of you has a solution i would greatly appreciate it cause i need to finish it for my internship if not i'm just going to keep searching.

Answer 1

File uploads can be tricky. May I suggest you start by reading the documentation on file uploading first?

You will see that your upload can best be reached using the $_FILES array. You will need to store the uploaded data in a variable, using the file_get_contents() method. And it's the file data you'll be uploading to your mySQL server.

Your code should look something like this:

$foto = file_get_contents($_FILES['file']['tmp_name']);
$sql = "UPDATE `chauffeurs` SET `Chauffeurs_foto`='{$foto}' WHERE `id`='$chauffeurs_id'";

Finally, it's generally not good practise to store file data in your database, as the database size can get out of hand if the number of files you're storing in it grows. You're better off storing files (and images) separately and only storing a file reference in the database.

Answer 2

Assuming this is for a real application, you should properly escape SQL values for security reasons. Never trust user input! I'm going to assume you're using mysqli, so I'm using mysql::real_escape_string().

Also, you should properly embed your variables in the query, like so:

if (isset($_GET['id'])) {
  $chauffeurs_id = $conn->real_escape_string($_GET['id']);
}

if (isset($_POST['Chauffeurs_foto'])) {
  $Chauffeurs_foto = $conn->real_escape_string($_POST['Chauffeurs_foto']);
}

$sql = "SELECT * FROM chauffeurs ORDER BY `chauffeurs_geboortedatum` ASC"; // This statement can you remove, it will never be used in this way
$sql = "UPDATE `chauffeurs` SET `Chauffeurs_foto` = '{$Chauffeurs_foto}' WHERE `id`='{$chauffeurs_id}'";

Succes ermee.

Answer 3

You have mistakes in your '. Try this code:

session_start();

include "config.php";

if (isset($_POST['update'])) {

  if (isset($_GET['id'])) {
    $chauffeurs_id = $_GET['id'];
  }

  if (isset($_POST['Chauffeurs_foto'])) {
    $Chauffeurs_foto = $_POST['Chauffeurs_foto'];
  }

  $sql = "UPDATE chauffeurs SET Chauffeurs_foto = '$Chauffeurs_foto' WHERE id = '$chauffeurs_id'";
  $result = $conn->query($sql);

  if ($result == TRUE){
    echo "Aanpassingen zijn voltooid.";
  }else{
    echo "Error:" . $sql . "<br>" . $conn->error;
  }
}


if (isset($_GET['id'])) {

    $id = $_GET['id'];
    $sql = "SELECT * FROM `chauffeurs` WHERE `id`='$id'";
    $result = $conn->query($sql);

    if ($result->num_rows > 0) {
      while ($row = $result->fetch_assoc()) {
        $id = $row['id'];
        $chauffeurs_foto = $row['chauffeurs_foto'];
      }
    $backId = $_SESSION['krijgid'];
    }
}