0

Im trying to make a button that allow admin to accept or reject a image. When admin accept it move the image from unimages to images folder, the database code is working but I still can't move the image to another folder.

$db = mysqli_connect("localhost", "root", "", "drawingguide");


$id=$_GET["id"];
 $accept = mysqli_query($db, "SELECT * FROM verify WHERE id=$id");
 mysqli_query($db, "INSERT INTO images SELECT NULL,un_image, un_category FROM 
 verify WHERE un_id=$id");
 rename("unimages/$accept[un_image]", "images/$accept[un_image]");
 $reject= mysqli_query($db, "SELECT * FROM verify WHERE un_id = $id");
 $delete = mysqli_fetch_array($reject);



 mysqli_query($db, "DELETE FROM verify WHERE un_id = $id");
j08691
  • 204,283
  • 31
  • 260
  • 272
user10277016
  • 13
  • 3
  • Is this query correct? "INSERT INTO images SELECT NULL,un_image, un_category FROM verify WHERE un_id=$id". You are using un_id=$id in one place and id=$id in another place – Rinsad Ahmed Sep 03 '18 at 18:58
  • Check this out [here](https://stackoverflow.com/questions/19139434/php-move-a-file-into-a-different-folder-on-the-server), I think it should help. – Donnicias Sep 03 '18 at 19:00
  • echo $accept[un_image] before rename function and check what is echoed ? is image name echoed properly, is image with this name exists in unimages folder ?? – Dr Manish Lataa-Manohar Joshi Sep 03 '18 at 19:03
  • oh,my bad... but after i change it. It gave me this error "Fatal error: Cannot use object of type mysqli_result as array in C:\xampp\htdocs\fyp\accept.php on line 8" – user10277016 Sep 03 '18 at 19:06
  • guys, I have solved my problem. I just need to add $acceptt = mysqli_fetch_array($accept); and change the $accept into $acceptt in the rename . Thank you for trying to help me btw. – user10277016 Sep 03 '18 at 19:21
  • 1
    **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or **any** user data directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Sep 03 '18 at 20:15
  • Note: The object-oriented interface to `mysqli` is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface. Before you get too invested in the procedural style it’s worth switching over. Example: `$db = new mysqli(…)` and `$db->prepare("…")` The procedural interface is an artifact from the PHP 4 era when `mysqli` API was introduced and should not be used in new code. – tadman Sep 03 '18 at 20:16

0 Answers0