Uploaded files are neither moving into a new location , nor storing in database.

Question

I have been tried many times to move the uploaded image or file in a location and also store the name in database.

All the functions work perfectly in LocalHost, but not on Server. Neither I can see any thing in the directory of a server not any info of the uploaded file in a database.

I have googled and tried almost every trick to solve the issue. Common solution is to edit the permission of a folder. I did it too but all in vain.

What can be the solution ? What am I doing wrong ? The following code works perfectly if using Local host .

        $destination_path ="uploads/";
        $target = $destination_path.basename( $_FILES["Upload"]["name"]);
        $filename=$_FILES['Upload']['name'];
        $filetype=$_FILES['Upload']['type'];
        $filetmp=$_FILES['Upload']['tmp_name'];
        $images=move_uploaded_file($filetmp, $target);
        $attachment = file_get_contents($_FILES["Upload"]["tmp_name"]);

       $ins_sql="INSERT INTO wp_reklamation(Vorname,Nachname,Auftragsnummer,name,Upload,Grund,Wunsch,Telefonnummer,Email) VALUES('$vorname','$nachname','$auftrag','$filename','$images','$grund','$wunsch','$telefon','$email')";

Moreover, to send the attachment is also an issue. But I believe if this problem first can get resolved, I can solve that mail problem by using the above parameters . But Ofcourse nothing is selected nor moved in the location and database, then how can mail send the item name or anything else related to it .

Thanks

Is that `uploads` folder in the root directory of the server? If so, you need to change that first line to `$destination_path ="/uploads/";` — Baher Ramzy, Jul 09 '17 at 01:44
You are open to **SQL injection**, this means your website can be compromised really easily. Protect yourself from this using *prepared statements*!. — Nytrix, Jul 09 '17 at 01:51
Actually , the above path is in my local PC. I have the php file in the folder "Website". And in the Website folder, I created the "uploads" folder. And that path is directed to this uploads folder. — Nabeel, Jul 10 '17 at 10:55
Yes : It Seems to be. there is SQL injection. But Yes we can use some SQL strings to prevent that. But how to prevent it in API ?? — Nabeel, Jul 10 '17 at 11:54
As FOR API; `$datas = array(...... ); // use key 'http' even if you send the request to https://... $options = array( 'http' => array( 'header' => "Content-type: application/x-www-form-urlencoded", 'method' => 'POST', 'content' => http_build_query($data) ) ); $context = stream_context_create($options); $result = file_get_contents($url, false, $context);` — Nabeel, Jul 10 '17 at 11:55

score 0 · Answer 1 · answered Jul 09 '17 at 03:56

If the code works fine on localhost but not on your server, the most likely cause of the issue is that PHP file uploads are not enabled on your server. To enable them, find the "file_uploads" directive in your 'php.ini' file and set it to on:
file_uploads = On

Also make sure that the user running your PHP server has permission to write to the target directory.
This question suggests creating a new group with permissions to read and write to the directory and adding the users for the PHP server and FTP as members, so the directory is still accessible through FTP and the server can write uploaded files to it.

Uploaded files are neither moving into a new location , nor storing in database.

1 Answers1