0) { $file = $_FILES['image']; $fileName = $file['name']; $fileSize = $file['size']; $fileTmp = $file['tmp_name']; $fileType = $file['type']; $fileExt = strtolower(pathinfo($fileName, PATHINFO_EXTENSION)); if (is_uploaded_file($fileTmp)) { $imgData = file_get_contents($fileTmp); //remove addslashes as it is not needed $imgData = mysqli_real_escape_string($conn, $imgData); // escape special characters in the image data $imageProperties = getimagesize($fileTmp); $photoQuery = "INSERT INTO injury_image SET `image`='$imgData', `image_type`='" . $imageProperties['mime'] . "', `image_name` = '" . $fileName . "', `injury_id` = '" . $_REQUEST['injuryId'] . "'"; $QueryphotoQuery = mysqli_query($conn, $photoQuery); if ($QueryphotoQuery) { echo 1; } error_log("PHOTO QUERY::" . $photoQuery); } }