3

I'm Trying To Make Registration Form With Image Uploading But Getting Error (Undefine Index file )Again And Again.. I Wrote Name Of Input Box Is File,But It's Still Showing Your Undefine Index. Here Is My Code

<?php
$name = $_FILES['file']['name'];
$size = $_FILES['file']['size'];
$type = $_FILES['file']['type'];
$loc = $_FILES['file']['tmp_name'];

$fstName = $_POST['p_title'];
$lstName = $_POST['p_desc'];
$email = $_POST['p_price'];
$password = $_POST['p_cat'];

if($size > $_POST['MAX_FILE_SIZE'])
    echo "File size is bigger then allowed";


$extension = substr(basename($name),strrpos(basename($name),".")+1);

$allowedExtension = array("jpg","bmp","gif","png","jpeg");

if(!in_array($extension,$allowedExtension))
    echo "Extension not allowed";

$allowedTypes = array("image/jpeg","image/png");
if(!in_array($type,$allowedTypes))
    echo "File type not allowed";

$imageName = time().$name;

$filedir = "./upload/";
$filepath = $filedir.$imageName;

if(move_uploaded_file($loc,$filepath))
{

    $query = "insert into product(p_title,p_desc,p_price,p_cat,p_img) values('".$fstName."','".$lstName."','".$email."','".$password."','".$imageName."')";
    if($mysql_query($query))
        echo "Registered";
    else
        echo "Failed".$mysql_error();

}
else{
    echo "Some error in uploading file";
}
?>

Here Is Form Code

<label for="pwd">Product Image:</label>
<input type="hidden" name="MAX_FILE_SIZE" id="maxSize" value="102400" />
        <label class="title">Profile Photo</label>
            <input name="file" id="files" class="form-control" type="file" accept=".bmp,.jpg,.gif,.png"/>
            <output id="list"></output>
        </label>
Imran Iqbal
  • 478
  • 5
  • 15
  • Post your form code too!! – Saty May 02 '16 at 12:52
  • Plz show your HTML code – Asheesh May 02 '16 at 12:54
  • You need open and close `
    ` tags
     – Panda May 02 '16 at 13:01
  • [Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard May 02 '16 at 13:01
  • Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard May 02 '16 at 13:01
  • **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure that you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard May 02 '16 at 13:01

0 Answers0