0

I'm trying to create a file upload only my current script doesn't seem to work as I believe it should.

I've managed to get the data saved in the MySQL table okay but I can't seem to get the file into the 'uploads' directory?

if(isset($_POST['new']) && $_POST['new']==1){

    $folder = "uploads/";
    $upload_image = $folder . basename($_FILES["image1"]["name"]);
    move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $upload_image);


    $trn_date = date("Y-m-d H:i:s");
    $brand =$_REQUEST['brand'];
    $user =$_SESSION["username"];
    $model = $_REQUEST['model'];
    $serial =$_REQUEST['serial'];
    $purchasedate = $_REQUEST['purchasedate'];
    $img1 =$_REQUEST['image1'];
    $ins_query="insert into table
    (`user`,`trn_date`,`brand`,`model`,`serial`,`purchasedate`,`image1`)values
    ('$user','$trn_date','$brand','$model','$serial','$purchasedate','$img1')";
    mysqli_query($con,$ins_query)
    or die(mysql_error());
    $status = "added successfully.
    </br></br><a href='home.php'>home</a>";
}
Shadow
  • 33,525
  • 10
  • 51
  • 64
Liam
  • 9,725
  • 39
  • 111
  • 209

3 Answers3

1
$upload_image = $folder . basename($_FILES["image1"]["name"]);
move_uploaded_file($_FILES["image1"]["tmp_name"], $upload_image);
Sofyan Thayf
  • 1,322
  • 2
  • 14
  • 26
  • This doesn't seem to move my files – Liam Feb 09 '18 at 11:45
  • +1 - although it still leaves the backdoor for code injection wide open. @Liam, if this is not working then either you've not understood how to paste it into your existing code or there is another error you've not told us about. – symcbean Feb 09 '18 at 12:39
  • 1
    check at your form, did you give a correct name for the file input element. And also did you set `enctype= multipart/form-data` option for your form – Sofyan Thayf Feb 09 '18 at 12:45
0

What if trying directly what the doc said ;)

$uploads_dir = '/uploads';//try over 'uploads' too or create a 'uploads' folder in you app_root
foreach ($_FILES["image1"]["error"] as $key => $error) {
    if ($error == UPLOAD_ERR_OK) {
        $tmp_name = $_FILES["image1"]["tmp_name"][$key];
        $name = $_FILES["image1"]["name"][$key];
        move_uploaded_file($tmp_name, "$uploads_dir/$name");
    }
}
4givN
  • 2,936
  • 2
  • 22
  • 51
-1

Possible Link

I have found an issue in your code.

$folder = "uploads/";
$upload_image = $folder . basename($_FILES["image1"]["name"]);
move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $upload_image);

In this case the file does not have the extension

$folder = "uploads/";
$ext = explode('.', basename( $_FILES['image1']['name']));
$upload_image = $folder . basename($_FILES["image1"]["name"].$ext);
move_uploaded_file($_FILES["image1"]["tmp_name"], $upload_image);

The uploads folder is in the same directory that is the php script?

You also can verify if the file was correctly moved doing the following test

if (file_exists($upload_image)){
echo "true";
}

Provide a file upload validation before uploading into server it will prevent server from malicious files

How to give file validation in php : Link

Vishnu Bhadoriya
  • 1,655
  • 1
  • 20
  • 28
Daniel Paiva
  • 121
  • 2
  • 10