include("conn.php");
$studid=$_POST['studid'];
$reg=$_POST['reg'];
$sname=$_POST['sname'];
$fname=$_POST['fname'];
$dob=$_POST['dob'];
$course=$_POST['course'];
$contact=$_POST['contact'];
$address=$_POST['address'];
$img=$_POST['img'];

//Image Upload
$name=time();
$uploaddir = "../img/";
$uploadfile = $uploaddir .$name. basename($_FILES['userfile']['name']);
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);
$fpath=$_FILES['userfile']['name'];
if($fpath=="")
{
    $fpath=$img;
}
if($img=="")
{
    $img="default.gif";
}
mysql_query("update student set sname='$sname', fname='$fname', dob='$dob', contact='$contact', address='$address', simg='$fpath' where studid=$studid"); 

You didn't ask a question. Your post has a title and a code dump but nothing else. I take it you are just sharing.

If this is a guide how to do something it has serious issues:

  • POST variables are not being sanitized so arbitrary code can be injected
  • An old and deprecated mysql extension is used

So sanitize (check, validate, cast, replace, blacklist, whitelist...) the post data and switch to the PDO extension for accessing the DB.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.