0
  include("conn.php");
$studid=$_POST['studid'];
$reg=$_POST['reg'];
$sname=$_POST['sname'];
$fname=$_POST['fname'];
$dob=$_POST['dob'];
$course=$_POST['course'];
$contact=$_POST['contact'];
$address=$_POST['address'];
$img=$_POST['img'];

//Image Upload
$name=time();
$uploaddir = "../img/";
$uploadfile = $uploaddir .$name. basename($_FILES['userfile']['name']);
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);
$fpath=$_FILES['userfile']['name'];
if($fpath=="")
{
    $fpath=$img;
}
if($img=="")
{
    $img="default.gif";
}
mysql_query("update student set sname='$sname', fname='$fname', dob='$dob', contact='$contact', address='$address', simg='$fpath' where studid=$studid"); 
3
Contributors
2
Replies
16
Views
1 Year
Discussion Span
Last Post by broj1
0

You didn't ask a question. Your post has a title and a code dump but nothing else. I take it you are just sharing.

1

If this is a guide how to do something it has serious issues:

  • POST variables are not being sanitized so arbitrary code can be injected
  • An old and deprecated mysql extension is used

So sanitize (check, validate, cast, replace, blacklist, whitelist...) the post data and switch to the PDO extension for accessing the DB.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.