PHP upload image to folder and insert record to database

Question

I made code in PHP for uploading images, but I have one problem, when I upload image, there is no record in database, but image is uploaded to path where I want it.

this is my code:

<form action="upload.php" method="post" enctype="multipart/form-data" id="upload_form">
    <input id="file" type="file" name="file[]" />
    <input type="submit" id="upload" name="submit" value="Dodaj" />
</form>

include 'init.php';

    $uploaded = [];
    $allowed = ['jpg', 'png'];

    $succeeded = [];
    $failed = [];

    if(!empty($_FILES['file'])){
        foreach($_FILES['file']['name'] as $key => $name){
            if($_FILES['file']['error'][$key] == 0){
                $temp = $_FILES['file']['tmp_name'][$key];

                $ext = explode('.', $name);
                $ext = strtolower(end($ext));

                $file = md5_file($temp) . time() . '.' . $ext;              

                if(in_array($ext, $allowed) === true && move_uploaded_file($temp, "uploads/{$file}") === true){
                    $succeeded[] = array('name' => $name, 'file' => $file);
                    $path = 'uploads';
                    $sql = "INSERT INTO users (img_path, img_name, img_type) VALUES ('$path', '$file', '$ext') WHERE id = '$session_user_id'";
                    $result = mysql_query($sql);                    
                }else{
                    $failed[] = array('name' => $name); 
                }               
            }       
        } 

init file:

session_start();

    mysql_connect('localhost','root','');
    mysql_select_db('croglas'); 
    mysql_query('SET CHARACTER SET utf8');

    include 'functions.php';

    if(logged_in() === true){
        $session_user_id = $_SESSION['id'];
        $user_data = user_data($session_user_id, 'id', 'username', 'password', 'email', 'address', 'zip', 'phone_number', 'city', 'type', 'points', 'img_path', 'img_name', 'img_type');
    }

Answer 1

This is probably returning an error which the code is ignoring:

INSERT INTO users (img_path, img_name, img_type) VALUES ('$path', '$file', '$ext') WHERE id = '$session_user_id'

INSERT statements don't have WHERE clauses. Just omit the clause entirely:

INSERT INTO users (img_path, img_name, img_type) VALUES ('$path', '$file', '$ext')

Additionally, you should check for SQL errors after executing a SQL statement.

---

Edit: Or... Does this need to be an UPDATE statement instead? It strikes me as strange that a table called users would hold image records. Are you instead updating an existing user record to include new values? That would have a WHERE clause. Something like this:

UPDATE users SET img_page='$path', img_name='$file', img_type='$ext' WHERE id = '$session_user_id'

Answer 2

Your query is wrong, you cant have where in AN INSERT statement.

It should be like this,

INSERT INTO users (img_path, img_name, img_type) VALUES ('$path', '$file', '$ext')

Also,one tip: use mysqli .