I have problem with adding image into database, it's insert all fill just image get error and it's not added image. Here is code:
<?php
include '../dbc.php';
$message='';
if(isset($_POST["submit"])){
$name = $_POST["name"];
$descr = $_POST["descr"];
$price = $_POST["price"];
$quantity = $_POST["quantity"];
$item_number = $_POST["item_number"];
$cat = $_POST["cat"];
$file = $_FILES['image']['tmp_name'];
if((!$name) || (!$desc) || (!$price) || (!$quantity) || (!$item_number) ||
(!$cat) || (!$image)){
$message = "Fill all inputs!";
}
$name_query = mysql_query("SELECT name FROM products WHERE name='$name'
LIMIT 1") or die("Can't check name!");
$count_name = mysql_num_rows($name_query);
if($count_name > 0){
$message = "This product exist!";
}else{
$image = addslashes(file_get_contents($_FILES['image']['tmp_name']));
$query= mysql_query("INSERT INTO products (name, description,
price,quantity, item_number, category, image) VALUES
('$name', '$descr', '$price', '$quantity', '$item_number',
'$cat', '$image')") or die("Can't addi");
$message="Product is added!";
}
}
?>
Theres error: Warning: file_get_contents(): Filename cannot be empty
enctype="multipart/form-data"in your form??mysql_*functions are deprecated and should not be used. Alsoaddslashesis not suitable to escape data that needs to go into the database. And thirdly you should consider using the file system to save files and just store the file name in the database.