First attempt at uploading image and storing to db

Think I know what the problem was. The image I was using was about
1200x1500px, when I resized the image (as I will do in my script
anyway) it should be ok.

Is there a maximum data size that datatype, 'text' can store in a
database or is there something else in the above script that is
limiting this? Cheers

I am trying to upload an image, create a new file based on that image
and then store the base64 encoded image data in a database.

the 33% size increase plus processing that you are incurring by base64 encoding
it.

MySQL can store binary data directly using the *BLOB types, which would avoid
the 33% size increase plus processing that you are incurring by base64 encoding
it.
I was aware that my above method gave a 33% increase but I was just
wanting to accomplish uploading, storing and outputing at this stage.

OK, fair enough.
Anyway, going on your advice above I have tried the following code when
the image is uploaded:

$tmpfiletype = $_FILES['imgfile']['type'];
switch ($tmpfiletype)
{
case "image/jpeg":
case "image/pjpeg":
$img = imagecreatefromjpeg($tmpfilename);
break;
case "image/gif":
$img = imagecreatefromgif($tmpfilename);
break;
case "image/png":
$img = imagecreatefrompng($tmpfilename);
break;
}

So $img is a resource handle here.
//write to db
$insert = "INSERT INTO imgblob (imgid, imgdata, imgtype) VALUES (null,
'" . $img . "', '" . $imgtype . "')";
You don't want to write the string representation of a resource handle into
the database - it won't mean much. Also you want some escaping here - more so
since it'll be binary data now.
$result = mysql_query($insert, $db);
if ($result) {
echo "<p>Result!</p>";
}else{
echo "<p>No, no, no ... it didnt work</p>";
The dreaded "doesn't work" message :-( Make it more helpful with
mysql_error().
Unfortetely, I am getting the 'No, no, no ... it didnt work' output
that indicates that it wasnt able to write the image to the database. I
am guessing that I need to do something with $img before I can use it
in the INSERT query. What do I need to do with $img to let me INSERT it
if this is the case?

Note: I have created a table called imgblob with a imgdata with type
'blob' instead of 'text' for use here

I tried your line for INSERT but I think you may have left out a set of
quotes ("), and added an extra comma (,) so I tried the following:

$insert = sprintf(
"INSERT INTO imgblob (imgid, imgdata, imgtype)
VALUES (null, '%s', '%s')",
mysql_real_escape_string($imgdata),
mysql_real_escape_string($imgtype)
);
Ah, yes, I did warn you I hadn't tried it :-)
Unfortuntely that gave me the following error:

- Unknown column 'imgid' in 'field list'
Well, what's the definition of your table? I just copied your insert statement
and fixed it up to escape properly.

Looking back at your original post you have:

$select = "SELECT imgdata, imgtype FROM imglib WHERE imgid = ...

But then "imglib" changes to "imgblob" in the next post.
Without really knowing too much about your code I cant really determine
what it is supposed to be doing here.
It's putting the properly escaped values in the statement - and that's all.
Not doing much more than your previous insert statement, but yours won't work
as we can see in a moment...
Anyway, I have went back to trying my old INSERT with the Output Buffer
code you provided but still didnt work:

//write to db
$insert = "INSERT INTO imgblob (imgid, imgdata, imgtype) VALUES (null,
'" . $imgdata . "', '" . $imgtype . "')";
$result = mysql_query($insert, $db);
if ($result) {
echo "<p>Result!</p>";
}else{
echo "<p>No, no, no ... it didnt work</p>";
echo "<p>" . mysql_error() . "</p>";
}

Gave me the following error:

You have an error in your SQL syntax. Check the manual that corresponds
to your MySQL server version for the right syntax to use near
'*)-0-(0%()(ÿÛ' at line 1

Any ideas?
You MUST use mysql_escape_string or mysql_real_escape_string on the data
before you put it in the INSERT statement. Since it's binary data, odds are it
contains a quote or a NUL character, in which case it breaks out of the quotes
around it and produces syntax errors from the binary data that it's trying to
parse as SQL.
$insert = sprintf(
"INSERT INTO imgblob (imgid, imgdata, imgtype)
VALUES (null, '%s', '%s')",
mysql_real_escape_string($imgdata),
mysql_real_escape_string($imgtype)
);

My mistake, sorry. For some reason I had accidentally name the imgid
field on imgblob as imglib. All is well now.

Just one more question. The intended database where this concept will
work is PostgreSQL as this is what I work with when Im at work. At home
I practise on MySQL. I know the alternatives for stuff like mysql_query
and the connection stuff. What is the PG alternative to
mysql_real_escape_string()? Is it required? Can I simply use
mysql_real_escape_string() with PG?

Btw, why would you loose time with that if you can use prepared
statements/parameter binding?

Have you even bothered to have a look at the manual?
Its a bit difficult when you dont know the command. How am I supposed
to check what pgsql_escape_string does when I dont even know that is
what I am looking for.

Well, it's pretty easy to type http://www.php.net/whatever_im_searching

In your case, i would probably type http://www.php.net/pgsql and look at
the available functions.
I did, however, check for pg_real_escape_string. Sometimes the PG
equivelant is easy to find (mysql_fetch_array -> pg_fetch_array and so
on)

Btw, why would you loose time with that if you can use prepared
statements/parameter binding?

Hmm, dont know that one. Explain please.