Upload both photo and text to database using php

Hello guys,
I have been trying to submit data that contains both photos and text to a phpmyadmin database using php
The photos work actually, as they are being stored in a folder but the text do not get to the database. i would also like to save a path for the photos at the database as well. here are my codes. any help would be appreciated. thanks

The database is called upgrade
the table is called testimonials

i have columns in the table called: id, name, email client type, comments and image
The image column is meant to store the path of the folder where the photos are being saved
The folder where the photos are being stored is called upload
I have two files. One php and the other html
The php file is called file_upload.php while the html file is called start.html
Below are the codes:

for file_upload.php page:

<?php
if(isset($_POST['add']))
{
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$db_name = 'upgrade';
$tbl_name = 'testimonials';


$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
  die('Could not connect: ' . mysql_error());
}
mysql_select_db("$db_name")or die("cannot select DB");


$Fname = $_POST['fname'];
$Email = $_POST['email'];
$Content = $_POST['content'];
$Type = $_POST['type'];
$uploadDir = 'upload/'; 
$fileName = $_FILES['image']['name'];
$filePath = $uploadDir . $fileName;

if(move_uploaded_file($_FILES["image"]["tmp_name"],"upload/".$_FILES["image"]["name"]))
{
// If file has uploaded successfully, store its name in data base
$query_image = "INSERT INTO $tbl_name(fname,email,content,image,type) VALUES ('$Fname','$Email','$Content','$filePath','$Type',";
if(mysql_query($query_image))
{
echo "Stored in: " . "upload/" . $_FILES["image"]["name"];
}
else
{
echo 'Record not stored in database';
}
}
else{echo 'File not uploaded';}

}

For start.html page:

<html>
<head>
</head>

<body>
<br><br><br>


<form method="post"  enctype="multipart/form-data" action="/testimonials/file_upload.php">
<table>
<tr>
<td width="250">Name</td>
<td>
<input name="fname" type="text" id="fname" /><br />
</td>
</tr>
<tr>
<td width="250">Email: (will not be publicized)</td>
<td>
<input name="email" type="text" id="email" /><br />
</td>
</tr>
<tr>
<td width="250">Client Type</td>
<td id="mainselection">
<select name="type" id="type">
    <option></option>
    <option value="Residential">Residential</option>
    <option value="Business">Business</option>

</select>
</td>
</tr>
<tr>
<td width="250">Comments</td>
<td>
<textarea id="content" name="content" rows="10" cols="50" style="border-style:groove;box-shadow: 4px 4px 4px 4px #888888;"placeholder="Please describe your experience"></textarea>
</td>
</tr>
<tr>
<td width="250">Image</td>
<td>
<input name="image" type="file" id="file">
</td>
</tr>

<tr>
<td width="250"> </td>
<td>
<input name="add" type="submit" id="add" value="Add Testimonial">
</td>
</tr>
</table>
</form>

thanks all

Welcome to the forums, @mralagbe1. In order for your code to be easily readable, and your html code to actually show up, you need to format your code. Either hightlight the code and select the </> icon at the top of the edit area, or place three backticks (`) on the line before the code, and three backticks on the line after the code. I formatted your code in the opening post, but please remember to do this in the future.

ok thanks

First of all the mysql API is no longer a part of PHP, it’s removed, dead, gone, don’t use it. You need to use either mysqli or PDO, I recommend PDO, it’s much nicer to use.
While you are learning about that you should hopefully pick up on something called “Prepared Statements”, this will help to guard your databases from SQL injection which your current script (if it worked) is highly vulnerable to.

As for the problem you noticed, the query string seems to be incomplete anding as it does with a comma.
Fixing that should allow the query to work (on out-dated versions of PHP only) and open up the possibility to you of being hacked via SQL injection.
So the advice is: don’t just fix the faulty query, learn PDO (or mysqli if you insist) and fix the whole script.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.