I get 0 value each time I insert (int)$_GET['id']; in database

Question

I have a problem which is when I try to insert the value of the Get['id'], I always get a 0 even tho when I print the id! I can see it. Upload.php: Hello there, I have a problem which is when I try to insert the value of the Get['id'], I always get a 0 even tho when I print the id! I can see it. Upload.php:

    <?php
    include '../include/connect.php';
    $id =(int)$_GET['id'];
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>

<form action="upload.php" method="post" enctype="multipart/form-data">
<input type="file" name="file_img" />
<input type="submit" name="btn_upload" value="Upload">
</form>

<?php
if(isset($_POST['btn_upload']))
{
    $filetmp = $_FILES["file_img"]["tmp_name"];
    $filename = $_FILES["file_img"]["name"];
    $filetype = $_FILES["file_img"]["type"];
    $filepath = "photo/".$filename;

    move_uploaded_file($filetmp,$filepath);
    $sql = "INSERT INTO upload_img (img_name,img_path,img_type,im_id) VALUES ('$filename','$filepath','$filetype','.$id.')";
    mysqli_query($con, $sql);
}
?>

</body>
</html>

and my sql:

A photo of the database

I tried using this link :

upload.php?id=2

Note that your code is open to [SQL injections](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Paul Spiegel, Feb 24 '19 at 10:25

Kristiyan Gospodinov · Accepted Answer · 2019-02-24T10:02:19.320

When you post to upload.php you are loosing the GET parameters. After that you cast the $_GET['id'](empty string) to (int) and php sets it to 0.

<form action="upload.php?id=<?php echo $id ?>" method="post" enctype="multipart/form-data">

or

<form action="" method="post" enctype="multipart/form-data">

or create a hidden input field in the form and access it via $_POST['id']

<input type="hidden" name="id" value="<?php echo $id; ?>" />

score 0 · Answer 2 · answered Feb 24 '19 at 10:02

0

You are trying to insert a string instead of an int value. You have to remove the quotation marks for the $id like:

    move_uploaded_file($filetmp,$filepath);
    $sql = "INSERT INTO upload_img (img_name,img_path,img_type,im_id) VALUES ('$filename','$filepath','$filetype',$id)";
    mysqli_query($con, $sql);

answered Feb 24 '19 at 10:02

nacho

5,280
2
25
34

MySQL can cast a string to an int. – Paul Spiegel Feb 24 '19 at 10:24

score 0 · Answer 3 · answered Feb 24 '19 at 10:04

use the following code, you have to pass the id in form while submitting.

<?php
include '../include/connect.php';
$id =(int)$_GET['id'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Untitled Document</title>
    </head>
<body>
<form action="upload.php" method="post" enctype="multipart/form-data">
    <input type="file" name="file_img" />
    <input type="hidden" name="id" value="<?php echo $id;?>" />
    <input type="submit" name="btn_upload" value="Upload">
</form>    
<?php
if(isset($_POST['btn_upload']))
{
    $filetmp = $_FILES["file_img"]["tmp_name"];
    $filename = $_FILES["file_img"]["name"];
    $filetype = $_FILES["file_img"]["type"];
    $filepath = "photo/".$filename;
    $id = $_POST['id'];

    move_uploaded_file($filetmp,$filepath);
    $sql = "INSERT INTO upload_img (img_name,img_path,img_type,im_id) VALUES ('$filename','$filepath','$filetype','.$id.')";
    mysqli_query($con, $sql);
}
?>
</body>
</html>

I get 0 value each time I insert (int)$_GET['id']; in database

3 Answers3