//Image Upload
$uploaddir = "../img/";
$uploadfile = $uploaddir .$name. basename($_FILES['userfile']['name']);
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);
mysql_query("update student set sname='$sname', fname='$fname', dob='$dob', contact='$contact', address='$address', simg='$fpath' where studid=$studid"); 

Recommended Answers

All 2 Replies

You didn't ask a question. Your post has a title and a code dump but nothing else. I take it you are just sharing.

If this is a guide how to do something it has serious issues:

  • POST variables are not being sanitized so arbitrary code can be injected
  • An old and deprecated mysql extension is used

So sanitize (check, validate, cast, replace, blacklist, whitelist...) the post data and switch to the PDO extension for accessing the DB.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.