Facing some trouble in move_uploaded file with cookie

Question

I have trying insert form values in database. If user already login then it goes inserted fine into database. But if not login first i have stored all fields in cookie then redirected it to login first then after returning it on form page everything is going perfect inserted also but my files is not moved to given path. Please suggest my code given so far .. Error showing on move_uploaded_file($cookie17,$pat);

<?php
 if(isset($_POST['submit'])
 { 
$ad_title=$mysqli->real_escape_string($_POST['ad_title']);
$category=$mysqli->real_escape_string($_POST['category']);
$sub_category=$mysqli->real_escape_string($_POST['sub_category']);
$description=$mysqli->real_escape_string($_POST['description']);
$rent_amount=$mysqli->real_escape_string($_POST['rent_amount']);
$rent_security=$mysqli->real_escape_string($_POST['rent_security']);
$contact=$mysqli->real_escape_string($_POST['contact']);
$email=$mysqli->real_escape_string($_POST['email']);
$city=$mysqli->real_escape_string($_POST['city']);
$state=$mysqli->real_escape_string($_POST['state']);
$area=$mysqli->real_escape_string($_POST['area']);
$buy=(isset($_POST['buy'])?1:0);
$sell=(isset($_POST['sell'])?1:0);
$rent=(isset($_POST['rent'])?1:0);
$manufacture=$mysqli->real_escape_string($_POST['company_name']);
$conditions=$mysqli->real_escape_string($_POST['condition']);

$rent_option=$mysqli->real_escape_string($_POST['rent_option']);

$a=$_FILES['file']['name'];
$path="image/product/$a";

$b=$_FILES['file2']['name'];
$path2="image/product/$b";

$c=$_FILES['file3']['name'];
$path3="image/product/$c";

$d=$_FILES['file4']['name'];
$path4="image/product/$c";

$e=$_FILES['file5']['name'];
$path5="image/product/$c";


if(isset($_SESSION['user_id'])){
$query=$mysqli->query("insert into ads(product_name,category,sub_category,description,image_1,image_2,image_3,image_4,image_5,city,state,rent_amount,rent_option,security_amount,contact_no,email,area,buy,sell,rent,user_id,manufacture,conditions)values('$ad_title','$category','$sub_category','$description','$a','$b','$c','$d','$e','$city','$state','$rent_amount','$rent_option','$rent_security','$contact','$email','$area','$buy','$sell','$rent','$user_id','$manufacture','$conditions')");
move_uploaded_file($_FILES['file']['tmp_name'],$path) & move_uploaded_file($_FILES['file2']['tmp_name'],$path2) & move_uploaded_file($_FILES['file3']['tmp_name'],$path3) & move_uploaded_file($_FILES['file4']['tmp_name'],$path4) & move_uploaded_file($_FILES['file5']['tmp_name'],$path5);
if($query)
{

echo "success";
}
}else{ 


  $time = time() + 60;
  setcookie('email',$email,$time);
  setcookie('ad_title',$ad_title,$time);
  setcookie('category',$category,$time);
  setcookie('sub_category',$sub_category,$time);
  setcookie('description',$description,$time);
  setcookie('rent_amount',$rent_amount,$time);
  setcookie('rent_security',$rent_security,$time);
  setcookie('contact',$contact,$time);
  setcookie('city',$city,$time);
  setcookie('state',$state,$time);
  setcookie('area',$area,$time);
  setcookie('buy',$buy,$time);
  setcookie('sell',$sell,$time);
  setcookie('rent',$rent,$time);
  setcookie('manufacture',$manufacture,$time);
  setcookie('condition',$conditions,$time);
  
  setcookie('rent_option',$rent_option,$time);
   
   setcookie('file',$a,$time);
   setcookie('file2',$b,$time);
   setcookie('file3',$c,$time);
   setcookie('file4',$d,$time);
   setcookie('file5',$e,$time);
   
header("Location:product/login.php"); }
}
 
 if(isset($_COOKIE['email'])){
  
  $email =$_COOKIE['email'];
     $cookie2 = $_COOKIE['ad_title']; 
     $cookie3 = $_COOKIE['category'];
     $cookie4 = $_COOKIE['sub_category'];
     $cookie5 = $_COOKIE['description'];
     $cookie6 = $_COOKIE['rent_amount'];
     $cookie7 = $_COOKIE['rent_security'];
     $cookie8 = $_COOKIE['contact'];
     $cookie9 = $_COOKIE['city'];
     $cookie10 = $_COOKIE['state'];
     $cookie11 = $_COOKIE['area'];
     $cookie12 = $_COOKIE['buy'];
     $cookie13 = $_COOKIE['sell'];
     $cookie14 = $_COOKIE['rent'];
     $cookie15 = $_COOKIE['manufacture'];
     $cookie16 = $_COOKIE['condition'];
  $cookie17 = $_COOKIE['file'];
  $cookie18 = $_COOKIE['file2'];
     $cookie19 = $_COOKIE['file3'];
  $cookie20 = $_COOKIE['file4'];
  $cookie21 = $_COOKIE['file5'];
  $cookie22 = $_COOKIE['rent_option'];
  
  
  
$pat="image/product/$cookie17";
$pat2="image/product/$cookie18";
$pat3="image/product/$cookie19";
$pat4="image/product/$cookie20";
$pat5="image/product/$cookie21";
  
  
  
  
  
$query1=$mysqli->query("insert into ads(product_name,category,sub_category,description,image_1,image_2,image_3,image_4,image_5,city,state,rent_amount,rent_option,security_amount,contact_no,email,area,buy,sell,rent,user_id,manufacture,conditions)
values
('$cookie2','$cookie3','$cookie4','$cookie5','$cookie17','$cookie18','$cookie19','$cookie20','$cookie21',
'$cookie9','$cookie10','$cookie6','$cookie22','$cookie7','$cookie8',
'$email','$cookie11','$cookie12','$cookie13','$cookie14','$user_id','$cookie15','$cookie16')");
move_uploaded_file($cookie17,$pat)& 
move_uploaded_file($cookie18,$pat2)& 
move_uploaded_file($cookie19,$pat3)& 
move_uploaded_file($cookie20,$pat4)& 
move_uploaded_file($cookie21,$pat5);
  
  
  if($query1){
   
   echo "Succes";
  }
  else{
   echo "Something went wrong.";
  }
  
  
  }
  
 ?>

score 1 · Accepted Answer · edited May 23 '17 at 11:52

PHP temporary uploads are only stored until the script ends for security reasons. So you need to save the file first in some temporary place of your own, then later after user login, move it again, or delete the file after a while..

But your code has major problems regarding security, you should learn how to use PHP PDO MySQL Queries, then you need to apply it correctly. Currently you escape the $_POST, but then not the cookies. So actually you should only escape when inserting into DB, currently it gets escaped and in some cases written into cookies. And later reused. Besides that you should validate the input data, and the image. Overall some validation should be done. See Easiest Form validation library for PHP?

<?php
$savePath = 'image/product/';
$temporarayPath = 'image/tempupload/';
if (isset($_POST['submit'])) {
    $ad_title = $mysqli->real_escape_string($_POST['ad_title']);
    $category = $mysqli->real_escape_string($_POST['category']);
    $sub_category = $mysqli->real_escape_string($_POST['sub_category']);
    $description = $mysqli->real_escape_string($_POST['description']);
    $rent_amount = $mysqli->real_escape_string($_POST['rent_amount']);
    $rent_security = $mysqli->real_escape_string($_POST['rent_security']);
    $contact = $mysqli->real_escape_string($_POST['contact']);
    $email = $mysqli->real_escape_string($_POST['email']);
    $city = $mysqli->real_escape_string($_POST['city']);
    $state = $mysqli->real_escape_string($_POST['state']);
    $area = $mysqli->real_escape_string($_POST['area']);
    $buy = (isset($_POST['buy']) ? 1 : 0);
    $sell = (isset($_POST['sell']) ? 1 : 0);
    $rent = (isset($_POST['rent']) ? 1 : 0);
    $manufacture = $mysqli->real_escape_string($_POST['company_name']);
    $conditions = $mysqli->real_escape_string($_POST['condition']);

    $rent_option = $mysqli->real_escape_string($_POST['rent_option']);


    $a = $_FILES['file']['name'];
    $b = $_FILES['file2']['name'];
    $c = $_FILES['file3']['name'];
    $d = $_FILES['file4']['name'];
    $e = $_FILES['file5']['name'];

    if (isset($_SESSION['user_id'])) {
        $query = $mysqli->query("insert into ads(product_name,category,sub_category,description,image_1,image_2,image_3,image_4,image_5,city,state,rent_amount,rent_option,security_amount,contact_no,email,area,buy,sell,rent,user_id,manufacture,conditions)
values('$ad_title','$category','$sub_category','$description','$a','$b','$c','$d','$e','$city','$state','$rent_amount','$rent_option','$rent_security','$contact','$email','$area','$buy','$sell','$rent','$user_id','$manufacture','$conditions')");
        move_uploaded_file($_FILES['file']['tmp_name'], $savePath . $a);
        move_uploaded_file($_FILES['file2']['tmp_name'], $savePath . $b);
        move_uploaded_file($_FILES['file3']['tmp_name'], $savePath . $c);
        move_uploaded_file($_FILES['file4']['tmp_name'], $savePath . $d);
        move_uploaded_file($_FILES['file5']['tmp_name'], $savePath . $e);

        if ($query) {
            echo "success";
        }
    } else {
        move_uploaded_file($_FILES['file']['tmp_name'], $temporarayPath . $a);
        move_uploaded_file($_FILES['file2']['tmp_name'], $temporarayPath . $b);
        move_uploaded_file($_FILES['file3']['tmp_name'], $temporarayPath . $c);
        move_uploaded_file($_FILES['file4']['tmp_name'], $temporarayPath . $d);
        move_uploaded_file($_FILES['file5']['tmp_name'], $temporarayPath . $e);
        $time = time() + 60;
        setcookie('email', $email, $time);
        setcookie('ad_title', $ad_title, $time);
        setcookie('category', $category, $time);
        setcookie('sub_category', $sub_category, $time);
        setcookie('description', $description, $time);
        setcookie('rent_amount', $rent_amount, $time);
        setcookie('rent_security', $rent_security, $time);
        setcookie('contact', $contact, $time);
        setcookie('city', $city, $time);
        setcookie('state', $state, $time);
        setcookie('area', $area, $time);
        setcookie('buy', $buy, $time);
        setcookie('sell', $sell, $time);
        setcookie('rent', $rent, $time);
        setcookie('manufacture', $manufacture, $time);
        setcookie('condition', $conditions, $time);

        setcookie('rent_option', $rent_option, $time);

        setcookie('file', $a, $time);
        setcookie('file2', $b, $time);
        setcookie('file3', $c, $time);
        setcookie('file4', $d, $time);
        setcookie('file5', $e, $time);

        header("Location:product/login.php");
    }
}

if (isset($_COOKIE['email'])) {

    $email = $_COOKIE['email'];
    $cookie2 = $_COOKIE['ad_title'];
    $cookie3 = $_COOKIE['category'];
    $cookie4 = $_COOKIE['sub_category'];
    $cookie5 = $_COOKIE['description'];
    $cookie6 = $_COOKIE['rent_amount'];
    $cookie7 = $_COOKIE['rent_security'];
    $cookie8 = $_COOKIE['contact'];
    $cookie9 = $_COOKIE['city'];
    $cookie10 = $_COOKIE['state'];
    $cookie11 = $_COOKIE['area'];
    $cookie12 = $_COOKIE['buy'];
    $cookie13 = $_COOKIE['sell'];
    $cookie14 = $_COOKIE['rent'];
    $cookie15 = $_COOKIE['manufacture'];
    $cookie16 = $_COOKIE['condition'];
    $cookie17 = $_COOKIE['file'];
    $cookie18 = $_COOKIE['file2'];
    $cookie19 = $_COOKIE['file3'];
    $cookie20 = $_COOKIE['file4'];
    $cookie21 = $_COOKIE['file5'];
    $cookie22 = $_COOKIE['rent_option'];
    $user_id = $_SESSION['user_id'];

    $pat = $savePath . $cookie17;
    $pat2 = $savePath . $cookie18;
    $pat3 = $savePath . $cookie19;
    $pat4 = $savePath . $cookie20;
    $pat5 = $savePath . $cookie21;


    $query1 = $mysqli->query("insert into ads(product_name,category,sub_category,description,image_1,image_2,image_3,image_4,image_5,city,state,rent_amount,rent_option,security_amount,contact_no,email,area,buy,sell,rent,user_id,manufacture,conditions)
values
('$cookie2','$cookie3','$cookie4','$cookie5','$cookie17','$cookie18','$cookie19','$cookie20','$cookie21',
'$cookie9','$cookie10','$cookie6','$cookie22','$cookie7','$cookie8',
'$email','$cookie11','$cookie12','$cookie13','$cookie14','$user_id','$cookie15','$cookie16')");

    rename($temporarayPath . $cookie17, $pat);
    rename($temporarayPath . $cookie18, $pat2);
    rename($temporarayPath . $cookie19, $pat3);
    rename($temporarayPath . $cookie20, $pat4);
    rename($temporarayPath . $cookie21, $pat5);

    if ($query1) {
        echo "Succes";
    } else {
        echo "Something went wrong.";
    }
}

?>

you need to store it first somewhere, and the `rename(source, target)` http://php.net/manual/en/function.rename.php I updated the solution with code. — user5542121, Nov 21 '15 at 11:43

Facing some trouble in move_uploaded file with cookie

1 Answers1