include("conn.php");
$studid=$_POST['studid'];
$reg=$_POST['reg'];
$sname=$_POST['sname'];
$fname=$_POST['fname'];
$dob=$_POST['dob'];
$course=$_POST['course'];
$contact=$_POST['contact'];
$address=$_POST['address'];
$img=$_POST['img'];
//Image Upload
$name=time();
$uploaddir = "../img/";
$uploadfile = $uploaddir .$name. basename($_FILES['userfile']['name']);
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);
$fpath=$_FILES['userfile']['name'];
if($fpath=="")
{
$fpath=$img;
}
if($img=="")
{
$img="default.gif";
}
mysql_query("update student set sname='$sname', fname='$fname', dob='$dob', contact='$contact', address='$address', simg='$fpath' where studid=$studid"); 
Vikash_7
0
Newbie Poster
Recommended Answers
Jump to PostIf this is a guide how to do something it has serious issues:
- POST variables are not being sanitized so arbitrary code can be injected
- An old and deprecated mysql extension is used
So sanitize (check, validate, cast, replace, blacklist, whitelist...) the post data and switch to the …
All 2 Replies
rproffitt
2,565
"Nothing to see here."
Moderator
You didn't ask a question. Your post has a title and a code dump but nothing else. I take it you are just sharing.
broj1
356
Humble servant
Featured Poster
If this is a guide how to do something it has serious issues:
- POST variables are not being sanitized so arbitrary code can be injected
- An old and deprecated mysql extension is used
So sanitize (check, validate, cast, replace, blacklist, whitelist...) the post data and switch to the PDO extension for accessing the DB.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.