include("conn.php");
$studid=$_POST['studid'];
$reg=$_POST['reg'];
$sname=$_POST['sname'];
$fname=$_POST['fname'];
$dob=$_POST['dob'];
$course=$_POST['course'];
$contact=$_POST['contact'];
$address=$_POST['address'];
$img=$_POST['img'];
//Image Upload
$name=time();
$uploaddir = "../img/";
$uploadfile = $uploaddir .$name. basename($_FILES['userfile']['name']);
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);
$fpath=$_FILES['userfile']['name'];
if($fpath=="")
{
$fpath=$img;
}
if($img=="")
{
$img="default.gif";
}
mysql_query("update student set sname='$sname', fname='$fname', dob='$dob', contact='$contact', address='$address', simg='$fpath' where studid=$studid");
Vikash_7 0 Newbie Poster
Recommended Answers
Jump to PostIf this is a guide how to do something it has serious issues:
- POST variables are not being sanitized so arbitrary code can be injected
- An old and deprecated mysql extension is used
So sanitize (check, validate, cast, replace, blacklist, whitelist...) the post data and switch to the …
All 2 Replies
Reply to this topic Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.