SQL Syntax Error (Server version: 5.6.17 - MySQL)

Question

Could you guys please tell me what is missing on this code. because i get SQL Syntax Error.

i have created table with three colums. ID is auto incriminating and Ima

Answer 1

The problem is you are saving apparently blob into the database without escaping it.

You must realize what happens in your command: The image data - which can also contain ' because it is binary - invalidates your SQL command.

The correct way how to save it:

1)

Either with prepared statements

2)

mysqli_query($Con, "INSERT INTO `cars_tbl` (ID, Name, Image)
   VALUES ('', '$img_name', '".mysqli_escape_string($image)."')");

I would prefer Prepared Statements. The other question is why you set ID to an empty string.