How to add profile image to user php

Question

I want a logged in user to add a profile picture. No errors are shown, the picture is just not added to the folder where it should be. I know I have to use prepared statements, I will. I just want to sort this problem out first.

When the user has not changed the profile pic, the default picture displays perfectly. The file profile pic just wont upload to the folder.

This is the page where you change the picture.

  <?php
  session_start();
  include_once 'dbh.php';

  <html>

  <body>
  <?php

   $sql = "SELECT * FROM user";
   $result = mysqli_query($conn, $sql);
   if (mysqli_num_rows($result) > 0) {
     while ($row = mysqli_fetch_assoc($result)) {
      $id = $row['id'];

      $sqlImg = "SELECT * FROM profileimg WHERE userid='$id'";
      $resultImg = mysqli_query($conn, $sqlImg);
      while ($rowImg = mysqli_fetch_assoc($resultImg)) {

        echo "<div>";

          if ($rowImg['status'] == 0) {
            echo "<img src='uploads/profile".$id.".jpg'>";
          }

          else {
            echo "<img src='uploads/male.jpg'>";
          }

          echo "<p>".$row['username']."</p>";
        echo "</div>";
      }
    }
  }
  else {
    echo "There are no users!";
  }


  if (isset($_SESSION['id'])) {
    echo "You are logged in!";

    echo '<form action="includes/upload.inc.php" method="post" 
    enctype="multipart/form-data">
      <input type="file" name="file">
      <button type="submit" name="submit">UPLOAD FILE</button>
    </form>';
  }
  else {
    echo "You are not logged in!";

  }
?>

This is the php page for the upload

<?php

session_start();
include_once 'dbh.php';
$id = $_SESSION['id'];


if (isset($_POST['submit'])) {

$file = $_FILES['file'];
$fileName = $file['name'];
$fileType = $file['type'];
$fileTempName = $file['tmp_name'];
$fileError = $file['error'];
$fileSize = $file['size'];
$fileExt = explode('.', $fileName);
$fileActualExt = strtolower(end($fileExt));
$allowed = array("jpg", "jpeg", "png", "pdf");


if (in_array($fileActualExt, $allowed)) {

  if ($fileError === 0) {

    if ($fileSize < 500000) {
      //I now need to create a unique ID which we use to replace the name 
       of the uploaded file, before inserting it into our rootfolder
      //If I don't do this, we might end up overwriting the file if we 
       upload a file later with the same name
      //Here I use the user ID of the user to create the first part of the 
       image name
      $fileNameNew = "profile".$id.".".$fileActualExt;
      $fileDestination = 'uploads/'.$fileNameNew;
      move_uploaded_file($fileTmpName, $fileDestination);

      $sql = "UPDATE profileimg SET status=0 WHERE userid='$id';";
      $result = mysqli_query($conn, $sql);

      header("Location: index.php?uploadsuccess");
    }
    else {
      echo "Your file is too big!";
    }
  }
  else {
    echo "There was an error uploading your file, try again!";
  }
}
else {
  echo "You cannot upload files of this type!";
}
 }

Answer 1

First, ensure that PHP is configured to allow file uploads.

In your "php.ini" file, search for the file_uploads directive, and set it to On:

Answer 2

I suspect logical issue near your below update query:

$sql = "UPDATE profileimg SET status=0 WHERE userid='$id';";

Your logic will run fine for only those users who already having corresponding record in profileimg table. But UPDATE query will do nothing for new user.

So, you will have to first check whether there is a record in profileimg for particular user. If no record then run INSERT query, if record exists then run UPDATE query..