I am currently making an PHP script which is posting auctions for my marketplace. I use Ajax to post the $_POST variables, including: title, description, price, tags and SupportedOSes. The image as a blob in an external table called 'temp_images'.
The way I create the auction is by inserting a new auction into 'MarketDatas'. This is pretty straight forward for the most part. However; when I am trying to insert the BLOB it throws me an error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax near '?+Qi}'?m?Am............' at line 2
The PHP script for creating auctions looks following:
/*
.... connect to database, etc!! I will spare you this and skip to the important part:
*/
// Get the posted variables
$title = $_POST["title"];
$descr = $_POST["description"];
$price = $_POST["price"];
$tagsx = $_POST["tags"];
$supOS = $_POST["SupportedOS"];
// Get our session variables
$Authenticated = ($_SESSION["LoggedIn"] == "1" ? true : false);
$User = $_SESSION["User"];
$Username = $_SESSION["username"];
// If we are authenticated, continue!
if ($Authenticated) {
// Get our temporary image
$ImgResult = mysql_query("SELECT * FROM temp_images WHERE User='$Username'");
if (mysql_num_rows($ImgResult) < 1) { die("NoImage"); }
// Get image blob
$image = mysql_result($ImgResult, 0, 'Image');
// Delete image
if (!mysql_query("DELETE FROM temp_images WHERE User='$Username'")) { die("Error deleting temp image from DB"); }
// Post auction on market
if (!mysql_query("INSERT INTO MarketDatas (Description, Price, Tags, Title, SupportedOS, image)
VALUES ('$descr', '$price', '$tagsx', '$title', '$supOS', '$image')")) { echo "Error posting auction [48]: syntax[" . mysql_error() . "]"; }
}
As you can see, I try to store the BLOB as an string value. But it throws me an error.
How do I solve this?