OUDK OUDK - 1 year ago 502
SQL Question

PHP Upload image to mysql database using PDO?

I have a database set up and am trying to upload an image to it. The database is called 'blob' and has 3 fields. id, name and image, with image set as blob. When trying to upload the image i get an error that i am unsure of. Below is my code.

include ("dbConnect.php");

<form action="imageuploadtest.php" enctype="multipart/form-data" method="post">
<input name="image" type="file"><input name="submit" type="submit" value="Upload">



$imageName = $_FILES["image"]["name"];
$imageData = file_get_contents($_FILES["image"]["tmp_name"]);
$imageType = $_FILES["image"]["type"];

$dbQuery = $db->prepare("INSERT INTO blob ( name, image) VALUES ('$imageName', '$imageData')");
echo "only images are allowed";

The database connection is fine, but i get the following error message that i am usure of how to fix.

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number: mixed named and positional parameters' in N:\ftp\compc\d12ac1\FlightsFromNI\imageuploadtest.php:23 Stack trace: #0 N:\ftp\compc\d12ac1\FlightsFromNI\imageuploadtest.php(23): PDO->prepare('INSERT INTO blo...') #1 {main} thrown in N:\ftp\compc\d12ac1\FlightsFromNI\imageuploadtest.php on line 23.

Any help would be appreciated. Thanks.

EDIT: Have now changed my table name from blob to imgupload but still get the same error message?

Answer Source

It's not about blob. It's about binary data. Try to use that line (but it may also not work):

$db->prepare("INSERT INTO blob ( name, image) VALUES ('$imageName', " . $db->quote($imageData) . ")");

Also your query is not SAFE (for hackers), you should be sanitizing all input to your database. PDO has great support for prepared statements.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download