sql error in php code

Question

hwoarang69 11 Newbie Poster

12 Years Ago

i got a wired error below:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Ö£'}€l‘¸â:m™ëînYWñ×KDnšC=¨ŠnÂRoÕö¨ºk„Ý·ÇçÓQ' at line 1problem uploading image

$image = file_get_contents($_FILES['fileupload']['tmp_name']);
            $image_full_name = $_FILES['fileupload']['name'];
            $image_size = getimagesize($_FILES['fileupload']['tmp_name']);


if(!$insert = mysql_query("INSERT INTO image VALUES(NULL, '$user_id_db', '$image', '$image_full_name', '$image_short_name', '$image_des')"))
                {
                echo mysql_error();
                    echo "problem uploading image";
                }
            else
            {
                echo "works";
            }

not sure what this error means and in my sql database i have
image_id
user_id
image (blob)
image_full_name
image_short_name
image_des
image_views
image_favs

php

Edited 12 Years Ago by hwoarang69

3 Contributors
15 Replies
324 Views
3 Hours Discussion Span
Latest Post 12 Years Ago Latest Post by hwoarang69

|-|x 126 Junior Poster in Training

12 Years Ago

The problem is that your binary data (ie: image content) contains characters that are invalid in a mysql string.

Take a look at the LoadFile function if you have the image file available on the server, or you can escape the string in PHP prior to passing it to the mysql query.

Alternately, you could manually encode the binary data to base64, but you will need to ensure you also decode it when you read the data from the database.

|-|x 126 Junior Poster in Training

12 Years Ago

@azareth: you don't need to specify the column names in an sql insert statement so long as you include values for all columns in the table in the order specified in the table schema.

|-|x 126 Junior Poster in Training

12 Years Ago

I would probably add this, and then insert as per your original insert query.

$image = base64_encode(file_get_contents($_FILES['fileupload']['tmp_name']));

then, yes, you call the base64_decode() when you want to display the image.

not sure what you are getting at with that user/password query, do you need to check the users login? Generally it is good practice to call mysql_real_escape_string() on any text input by a user before executing it on your database, as it can help prevent injection atacks as well as sql errors.

hwoarang69 commented: aesome +2

|-|x 126 Junior Poster in Training

12 Years Ago

no, as long as image_id is an autoincrement field, this is the correct way to handle it.

According to the table schema you provided in the original post, there are 2 fields at the end you are not providing values for. Either you need to add values for these fields (null can be used if this is acceptable by the schema) OR you need to specify the columns list for which you are providing data.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

azareth 5 Posting Whiz in Training · Answer 1 · 2012-05-23T01:15:57+00:00

if(!$insert = mysql_query("INSERT INTO image VALUES(NULL, '$user_id_db', '$image', '$image_full_name', '$image_short_name', '$image_des')"))

image is the table_name right ? then where are the columns in which you want to store these

VALUES(NULL, '$user_id_db', '$image', '$image_full_name', '$image_short_name', '$image_des')"))

isn't it supposed to be "INSERT INTO table_name (column1, column2, column3) VALUES ('var1', va'r2', 'var3')"; ??

azareth 5 Posting Whiz in Training · Answer 2 · 2012-05-23T01:24:09+00:00

azareth 5 Posting Whiz in Training

12 Years Ago

i see .. thanks !

hwoarang69 11 Newbie Poster · Answer 3 · 2012-05-23T01:54:00+00:00

so i dont need

$image = file_get_contents($_FILES['fileupload']['tmp_name']);

and add this

$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",    //not sure what i have to do here. select image?
            mysql_real_escape_string($user),
            mysql_real_escape_string($password))

echo base64_encode($image);
echo base64_decode($image); //reading from db

but i was following this on tutorial. and he had just like i did and it worked

hwoarang69 11 Newbie Poster · Answer 4 · 2012-05-23T02:13:58+00:00

ah i see. now i get this error:
Column count doesn't match value count at row 1

does this mean the problem is in "image_id " which is null

if(!$insert = mysql_query("INSERT INTO image VALUES(NULL, '$user_id_db',...etc

hwoarang69 11 Newbie Poster · Answer 5 · 2012-05-23T02:35:23+00:00

so to display i here what he did on tutorial.
//get.php file

$image = mysql_query("SELECT * FROM image WHERE user_id = $user_id"); 
$image = mysql_fetch_assoc($image); //get access to image table
$image = $image['image'];
 base64_decode($image); 
header("Content-type: image/jpeg");

//to display on gallery.php file

$lastid = mysql_insert_id(); 
                    echo "Image upoaded.<p />your image:<p />
                          <img src = get.php?image_id = $lastid>
                          ";

but i get a broken link.

|-|x 126 Junior Poster in Training · Answer 6 · 2012-05-23T02:39:40+00:00

line 4 (above) of get.php should be echo base64_decode($image);

and the header needs to be set first, or it wont work.

oh, I also just noticed that you are getting the image_id via last insert id, but you are selecting based on the user_id in get.php

hwoarang69 11 Newbie Poster · Answer 7 · 2012-05-23T02:45:10+00:00

it is storing image in database but when i display it. it give me broken link.

get.php file

<?php 
include("connect.php");

$user_id = $_REQUEST['user_id']; 

$image = mysql_query("SELECT * FROM image WHERE user_id = $user_id"); 
$image = mysql_fetch_assoc($image); //get access to image table
$image = $image['image'];
header("Content-type: image/jpeg");
echo base64_decode($image); 
?>

|-|x 126 Junior Poster in Training · Answer 8 · 2012-05-23T03:03:47+00:00

try adding quotes around your image source

 <img src ="get.php?image_id = $lastid">

dont forget to escape them in the php though

echo "Image upoaded.<p />your image:<p />
                      <img src = \"get.php?image_id = $lastid\">
                      ";

also, if you are passing the image_id to the get.php page, why aren't you using it to select the image?

eg:

mysql_query("SELECT * FROM image WHERE image_id = $_GET['image_id']");

hwoarang69 11 Newbie Poster · Answer 9 · 2012-05-23T03:17:06+00:00

on

    mysql_query("SELECT * FROM image WHERE image_id = $_GET['image_id']");    where are we getting _GET[image_id]?


Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\xampp\htdocs\login_test\upload.php on line 54



and also i tried:
echo "Image upoaded.<p ></p>your image:<p ></p>
                      <img src = \"get.php?image_id = $lastid\">       
                      ";
but still broken link. do you think the problem may be in get.php file?
$user_id = $_SESSION['user_id'];  or _request?

|-|x 126 Junior Poster in Training · Answer 10 · 2012-05-23T03:37:54+00:00

Get rid of all the whitespace in the img src property - also, make sure the img tag is closed.

<img src=\"get.php?image_id=$lastid\"></img>

where are we getting _GET[image_id]?

this will pull the value from the querystring, ie: get.php?image_id=

$user_id = $_SESSION['user_id']; or _request?

I would think Session, unless you are passing the user_id to the page somehow

hwoarang69 11 Newbie Poster · Answer 11 · 2012-05-23T03:44:55+00:00

broken link. -_-

i can see database uploading and if i can diplay the image on page