How can i select data stored in a database with PHP


How can i select data stored in a database with PHP



the problem i am facing is i want to read a value that is auto incemented and used, my database takes the following design:


mysql_query("INSERT INTO category (category,image) VALUES ('$name','$default_item')");



$image_name = '$id' . '.jpg'
move_uploaded_file($_FILES["image"]["tmp_name"], "../images/category/" . $image_name);





Why dont you just auto increment image as well? You dont need it to be a string
– Arex
Jun 30 at 8:39






I have been able to find the solution of what i needed on my own, Thanks anyway
– Malek Salameh
Jun 30 at 20:06




2 Answers
2



A few things to be mentioned:



You should not use mysql_query anymore. Use mysqli_query instead. mysql_* is deprecated and has been removed in the latest PHP version.


mysql_query


mysqli_query



Secondly: Never use user generated content in an SQL query directly. Use a prepared statement. Otherwise your website is vulnerable to SQL injections.



About grabbing the auto increment value - see this thread.



Instead of using auto increment id as the image name.
I will suggest generating a unique name of the image and insert that name in the database and use that name for uploading the image as well.
Use below code to create the image name


$uniquesavename = time().uniqid(rand());

mysql_query("INSERT INTO category (category,image) VALUES ('$name','$uniquesavename')");

$image_name = $uniquesavename . '.jpg'
move_uploaded_file($_FILES["image"]["tmp_name"], "../images/category/" . $image_name);



By this way user uploaded image will always have a unique name.



Try this and let me know if you face any problem





Your code is vulnerable to SQL injections and doesn't work on latest PHP version.
– Matthias Bö
Jun 30 at 8:51






$image_name = '$uniquesavename' . '.jpg' have you tried printing $image_name? What does it look like?
– kerbholz
Jun 30 at 8:54


$image_name = '$uniquesavename' . '.jpg'


$image_name





Yeah I know that I was focusing Marjory on problem that guy is facing. I think so that guy is also trying on older version of PHP And sorry my bad for not focusing on SQL injection concern
– Sourabh
Jun 30 at 8:56





@kerbholz sorry I have updated my answer
– Sourabh
Jun 30 at 9:01





I think this answer should be accepted as correct, Sourabh proposed him an standard approach to store the images with unique name everytime, (he can use current timestamp for unique combination of name) . According to me it looks good , Upvoted the answer. Ideally you should not consider auto increment field value to name images.
– Dinesh Nagar
Jun 30 at 9:14






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

-

Popular posts from this blog

Why are these constructs (using ++) undefined behavior in C?

Why are these constructs (using ++) undefined behavior in C? #include <stdio.h> int main(void) { int i = 0; i = i++ + ++i; printf("%dn", i); // 3 i = 1; i = (i++); printf("%dn", i); // 2 Should be 1, no ? volatile int u = 0; u = u++ + ++u; printf("%dn", u); // 1 u = 1; u = (u++); printf("%dn", u); // 2 Should also be one, no ? register int v = 0; v = v++ + ++v; printf("%dn", v); // 3 (Should be the same as u ?) int w = 0; printf("%d %d %dn", w++, ++w, w); // shouldn't this print 0 2 2 int x[2] = { 5, 8 }, y = 0; x[y] = y ++; printf("%d %dn", x[0], x[1]); // shouldn't this print 0 8? or 5 0? } Homework? Not trying to be a pain, but you should never write code with expressions like these. They are usually given as academic examples, sometimes showing that different compilers yield different output. ...
Read more

I'm Still Waiting (Diana Ross song)

Image
For other uses, see I'm Still Waiting (disambiguation). "I'm Still Waiting" Single by Diana Ross from the album Everything Is Everything B-side "A Simple Thing Like Cry" Released July 1971 Recorded 1970 Genre Soul Label Motown Songwriter(s) Deke Richards Producer(s) Deke Richards Diana Ross singles chronology "Surrender" (1971) " I'm Still Waiting " (1971) ""Doobedood'ndoobe, Doobedood'ndoobe, Doobedood'ndoo" (1972) "Surrender" (1971) " I'm Still Waiting " (1971) ""Doobedood'ndoobe, Doobedood'ndoobe, Doobedood'ndoo" (1972) " I'm Still Waiting " is a popular song written and produced by Deke Richards and recorded by Diana Ross, which first appeared on her 1970 album Everything Is Everything . It reached No. 1 on the UK Singles Chart in August 1971. [1] It also reached number one in Ireland. "I'm Still Waiting" continued the vein o...
Read more

Delphi Android file open failure with API 26

Image
Delphi Android file open failure with API 26 I can open files on Android with the Delphi code shown below. But when I compile it at API 26, it gives the error I added in the picture below. How can I solve this problem? ExtFile := AnsiLowerCase(StringReplace(TPath.GetExtension(yol), '.', '',)); mime := TJMimeTypeMap.JavaClass.getSingleton(); ExtToMime := mime.getMimeTypeFromExtension(StringToJString(ExtFile)); Intent := TJIntent.Create; Intent.setAction(TJIntent.JavaClass.ACTION_VIEW); Intent.setDataAndType(StrToJURI('file:' + yol), ExtToMime); SharedActivity.startActivity(Intent); Thank you so much for your help. I'm glad that I finally came across this kind of understanding person on this platform. I tried the .pas file you sent. but I see a different error window. I share my codes and the error. thank you so much. var ExtFile,yol,deger,id:string; mime: JMimeTypeMap; ExtToMime: JString; Intent: JIntent; javafile:JFile; begin yol:='/sdcard/SkyWiFiDownloa...
Read more