Please help me to sanitize php data goint to mysql

A

acromiazire

New Member
Hi friends I have a form with mysqli comnnection\[code\]<label for="fullname">Fullname</label><input type="text" name="fullname" /><label for="photo">Upload photo</label><input name="photo" type="file"/>\[/code\]and on the php ends I have\[code\]$fullname = $_POST['fullname']; $uploaddir = './uploads/'; //upload file in folder $uploadfile = $uploaddir. basename($_FILES['photo']['name']); //insert filename in db $upload_filename = basename($_FILES['photo']['name']); move_uploaded_file($_FILES['photo']['tmp_name'], $uploadfile); $photo = $upload_filename;$sql = "INSERT INTO members(fullname,photo) VALUES('$fullname', '$photo')";$stmt = $link->query($sql) or die($link->error); $stmt->close;\[/code\]Please help me, I am using this on a live site
 
You must log in or register to reply here.
Back
Top