spróbuj to zmienić:
$sql = "INSERT INTO product
(productname, image_id , image_type ,image, image_size, image_name, productdesc)VALUES
('$myusername','11', '{$size['mime']}', '{$imgData}', '{$size[3]}',
'{$_FILES['userfile']['name']}','$productdesc')";
z tym:
$size_mime = mysql_real_escape_string($size['mime']);
$size3 = mysql_real_escape_string($size[3]);
$filename = mysql_real_escape_string($_FILES['userfile']['name']);
$sql = "INSERT INTO product
(productname, image_id , image_type ,image, image_size, image_name, productdesc) VALUES
('{$myusername}','11', '{$size_mime}', '{$imgData}', '{$size3}',
'{$filename}','$productdesc')";
i edytuj to:
$myusername=$_POST['myusername'];
$mypassword=$_POST['product'];
$filename=$_FILES['uploadimage']['tmp_name'];
z tym:
$myusername = mysql_real_escape_string($_POST['myusername']);
$mypassword = mysql_real_escape_string($_POST['product']);
$filedata = mysql_real_escape_string($_FILES['uploadimage']['tmp_name']);
Powinieneś absolutnie unikać wstrzykiwania sql!
