0
votes

My Code :

<?php
function dbAdd($first_name , $image) {

//mysql connect database code...

mysql_query("INSERT INTO users SET first_name = '".$first_name."', image = '".$image."'");
$mysql_close($sql);
} 

if($_SERVER['REQUEST_METHOD']=='POST') {
dbAdd($_POST['first_name'], $_POST['image']);
}
?>

<form enctype="multipart/form-data" method="post" action="">
First Name : <input type="text" name="first_name" >
Image : <input type="file" name="image"> 
<input type="submit"> 
</form> 


The form "file" is to upload. I know that. But I wonder how to get the values so I can put the path of image in the database. The code is already working. The $first_name can already save to the database.

Thank you for the answers.
Jordan Pagaduan

2
SQL injections! Read up on PDO and prepared statements $pdo->prepare("WHERE first_name=?"). Or use input sanitization at least, $_POST->text('first_name');mario

2 Answers

3
votes

The file will be uploaded to a temporary place on the server when the form is submitted.

Once the form has been submitted, the $_FILES variable will contain all the files submitted. In your case, you could access the uploaded file using $_FILES['image']. Most likely you will want to move the file out of the temporary directory to a safer place.

For more info, have a look at the PHP manual on the topic, specifically the page on handling POST uploads. That second page has an example for you on how to move the uploaded file (have a look at the move_uploaded_file() method).