0

the problem i am facing is i want to read a value that is auto incemented and used, my database takes the following design:

|   id   |   category   |   image   |
|   13   |    paper     |    0      |
id is auto_incremented, what i want to do is generate the id and use it as the value in image and then upload a file which has his name as the number stored in image, in this example image will be changed to 13 and the file will have the name of 13.jpg. I started my code by doing this mysql_query("INSERT INTO category (category,image) VALUES ('$name','$default_item')"); $name is written by the user and $default_item is always zero, what i want to do is change the image to equal id using update and upload an image like this $image_name = '$id' . '.jpg' move_uploaded_file($_FILES["image"]["tmp_name"], "../images/category/" . $image_name); Where $id is the id in the database
Malek Salameh
  • 23
  • 8

2 Answers2

0

A few things to be mentioned:

You should not use mysql_query anymore. Use mysqli_query instead. mysql_* is deprecated and has been removed in the latest PHP version.

Secondly: Never use user generated content in an SQL query directly. Use a prepared statement. Otherwise your website is vulnerable to SQL injections.

About grabbing the auto increment value - see this thread.

Matthias Bö
  • 449
  • 3
  • 12
0

Instead of using auto increment id as the image name. I will suggest generating a unique name of the image and insert that name in the database and use that name for uploading the image as well. Use below code to create the image name

$uniquesavename = time().uniqid(rand());

mysql_query("INSERT INTO category (category,image) VALUES ('$name','$uniquesavename')");

$image_name = $uniquesavename . '.jpg'
move_uploaded_file($_FILES["image"]["tmp_name"], "../images/category/" . $image_name);

By this way user uploaded image will always have a unique name.

Try this and let me know if you face any problem

Sourabh
  • 157
  • 2
  • 12
  • 1
    Your code is vulnerable to SQL injections and doesn't work on latest PHP version. – Matthias Bö Jun 30 '18 at 08:51
  • `$image_name = '$uniquesavename' . '.jpg'` have you tried printing `$image_name`? What does it look like? – brombeer Jun 30 '18 at 08:54
  • Yeah I know that I was focusing Marjory on problem that guy is facing. I think so that guy is also trying on older version of PHP And sorry my bad for not focusing on SQL injection concern – Sourabh Jun 30 '18 at 08:56
  • 1
    I think this answer should be accepted as correct, Sourabh proposed him an standard approach to store the images with unique name everytime, (he can use current timestamp for unique combination of name) . According to me it looks good , Upvoted the answer. Ideally you should not consider auto increment field value to name images. – Dinesh Nagar Jun 30 '18 at 09:14
  • @DineshNagar Thanks for supporting the answer – Sourabh Jun 30 '18 at 09:23
  • @MalekSalameh Great to learn that you enjoy the answer. StackOverflow Community Rules encourage members to click an UpVote in such situation, so do not hesitate to reward the value you have found here. This is how this eco-system works – Sourabh Jul 14 '18 at 09:58