How can I store and retrieve images from a mysql database using php

Please find below code for store and retrieve images from a mysql database using php.

https://app.box.com/s/l5r7w8nqd6e6wpxy7w4ol84a7x0k2ch3

Advertisements

PHP MySQL connect, insert, select data from advanced version…

<?php
$dbHost = ‘localhost’;
$dbUsername = ‘root’;
$dbPassword = ”;
$dbName = ‘db_name’;
//Connect with the database
$db = new mysqli($dbHost, $dbUsername, $dbPassword, $dbName);

if ($db->connect_errno) {
printf(“Connect failed: %s\n”, $db->connect_error);
exit();
}
/*Get data from table*/
$accounts = $db->query(“SELECT * FROM table_name”);

while($row = $accounts->fetch_assoc()){
echo $row[‘sub_id’];
}

/*Store data in table*/

$query = “INSERT INTO table_name VALUES (‘$str’)”;
$sql = $db->query($query);
?>

MySQL connect with old version of PHP

Please find below code for MySQL database connection within PHP old version.

$host = “localhost”;
$user = “dbuser”;
$password = “dbpass”;
$dbname = “dbname”;

$link = mysql_connect($host, $user, $password);
if (!$link) {
die(‘Could not connect: ‘ . mysql_error());
}
mysql_select_db($dbname, $link);

$query = “SELECT * FROM table_name”;

$r = mysql_query($query) or die(mysql_error());

Store string with quotes in MySQL using PHP new version

<?php

/* Database connect using mysqli */

$dbHost = ‘localhost’;
$dbUsername = ‘root’;
$dbPassword = ”;
$dbName = ‘test’;
$db = new mysqli($dbHost, $dbUsername, $dbPassword, $dbName);
if ($db->connect_errno) {
printf(“Connect failed: %s\n”, $db->connect_error);
exit();
}

/* Solve quotes issue using “addslashes” function in PHP. */ 

$str = “Is your name O’Reilly?”;

// Outputs: Is your name O\’Reilly?

$str = addslashes($str);

$query = “INSERT INTO table VALUES (‘$str’)”;
$sql = $db->query($query);
?>

What is the Difference Between mysql and mysqli?

“mysqli” extension is an improvement over the old “mysql” extension. In fact, the “i” in mysqli stands for “improved”.

mysqli was developed to take advantage of the new features available in MySQL since version 4.1.3. Also, you can use it since PHP 5. So, if you code with PHP5 with a newer version of MySQL, it’s strongly recommended for you to use the extension “mysqli” over “mysql”.

Key benefits of mysqli over mysql extension

  • Object-oriented interface. You can still use the “old procedural” way of calling the mysql extension but the OO version groups the functions by their purpose.
  • Prepared Statements. Those are useful to prevent SQL injections and are executed faster.
  • Multiple Statements. With this “feature”, you can execute multiple SQL queries inside only one “mysqli” call. This reduces the round trips between the database server and the PHP server.
  • Support for Transactions. This is really useful to write robust applications. It gives you the ability to write a group of SQL statements that will either be executed or all rolled back (usually if there is an error somewhere in the process).
  • Enhanced debugging capabilities. As an example, you can use “mysqli_debug(…)” to save debugging information into a file.
  • Embedded server support. Since MySQL 4.0, there is a library available that can be used to run a complete MySQL server embedded inside a program, usually a desktop application.

sql injection

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

More serious sql injection attacks

$name_evil = "'; DELETE FROM customers WHERE 1 or username = '"; 

// our MySQL query builder really should check for injection
$query_evil = "SELECT * FROM customers WHERE username = '$name_evil'";

// the new evil injection query would include a DELETE statement
echo "Injection: " . $query_evil;

injection prevention - mysql_real_escape_string()

//NOTE: you must be connected to the database to use this function!
// connect to MySQL

$name_bad = "' OR 1'"; 

$name_bad = mysql_real_escape_string($name_bad);

$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";
echo "Escaped Bad Injection: <br />" . $query_bad . "<br />";


$name_evil = "'; DELETE FROM customers WHERE 1 or username = '"; 

$name_evil = mysql_real_escape_string($name_evil);

$query_evil = "SELECT * FROM customers WHERE usernam