0

Data is not uploaded on database and yet the image is uploaded and the rename of the file does not occur. I am very new to PHP and any help is appreciated.

$hash is md5() hash of image
$j is hash(hash(image).date)
$newfile = $hash.".".$file_extension;
$l2 is link address.

   if (file_exists($final_dir))
    {
        $newfile =  $j.'.'.$file_ext; //This will rename file with current time stamp which will always unique.
        $l2="$l"."$newfile";
        $hash = $j;
    }

    $upload = move_uploaded_file($filetmp,$final_dir);              //uploading the file to the server

      $select_query = "INSERT   INTO image_table(i_name,i_location,i_hash,image_url) VALUES('$newfile','$final_dir','$hash','$l2')"; // Database query 
            $selected = mysqli_query($connect,$select_query);
Alcie Smith
  • 11
  • 1
  • 3
  • Data is not uploaded to database and also the calculation of hash is not synchronous. – Alcie Smith Oct 17 '17 at 16:24
  • 1
    @chris85 I apologize I will correct it – Alcie Smith Oct 17 '17 at 16:25
  • So `$select_query` fails to execute? Do you get an error? You are open to SQL injections. Parameterizing the query would help. – chris85 Oct 17 '17 at 16:25
  • $select_query does not executes and also the file does not rename if file exists – Alcie Smith Oct 17 '17 at 16:33
  • After `$upload = move_uploaded_file($filetmp,$final_dir);` does your real code have the lingering `}`? Is your error log empty? – chris85 Oct 17 '17 at 16:38
  • Nope it just goes to the end loop which says code not executed . I have no error log. I am amateur. – Alcie Smith Oct 17 '17 at 16:43
  • Where is the loop? There is not here that would display `code not executed`. – chris85 Oct 17 '17 at 16:45
  • if($selected){ echo nl2br("Operation successful\n"); echo nl2br("URL Record successfully\n"); echo nl2br("$l2 \n \n"); //ho nl2br("$host"); } else{ echo("Not executed"}; – Alcie Smith Oct 17 '17 at 16:50
  • so MYSQL query does not executes and hence it does not upload any data . am I referencing some thing wrong here ? – Alcie Smith Oct 17 '17 at 16:51
  • Note: The object-oriented interface to `mysqli` is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface. Before you get too invested in the procedural style it’s worth switching over. Example: `$db = new mysqli(…)` and `$db->prepare("…”)` The procedural interface is an artifact from the PHP 4 era when `mysqli` API was introduced and should not be used in new code. – tadman Oct 17 '17 at 16:58
  • **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or **any** user data directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Oct 17 '17 at 16:58
  • **WARNING**: MD5 is a compromised hash and shouldn't be trusted to verify data. You should be using something cryptographically secure like SHA2 if you're concerned about attacks of any kind. – tadman Oct 17 '17 at 16:59
  • 1
    Thank You Very Much @tadman I will keep that in mind change the code accordingly. but mean while can you please help me find out why isn't the code working when I try to upload it on DB ? – Alcie Smith Oct 17 '17 at 17:03
  • A lot of problems can be detected and resolved by [enabling exceptions in `mysqli`](https://stackoverflow.com/questions/14578243/turning-query-errors-to-exceptions-in-mysqli) so mistakes aren't easily ignored. Make sure you're looking for errors in all the right places. – tadman Oct 17 '17 at 17:04

0 Answers0