0

I have the PHP file like this. If I try to put the $iD variable that I bring by POST in the path of the image $pathimg my code does not work. If I try to put a variable right there like I did with $prbID my code works. But the ID value that I bring per post does work because it inserts it into the database.

<?PHP
header('Access-Control-Allow-Origin: *');
//conecction
include "apk-conection.php";
//POST
$Id=$_POST['Id'];
$title=$_POST['tite'];
$content=$_POST['content'];
$prbID=2797;
//date
$date = date('Y-m-d H:i:s');
//name img
$nameimg=$_FILES["file"]["name"];
//upload img
$new_image_name = urldecode($nameimg).".jpg";
//path img
$pathimg="../users/img/".$Id."/files/".$new_image_name;
move_uploaded_file($_FILES["file"]["tmp_name"],$pathimg);   

if(isset($_POST['insert'])){
$sql="INSERT into publications (Id,title,content,date,img)values($Id,'$title','$content','$date','$pathimg')
";
$exec=$conexion->query($sql);
}
?>
Rock Dan
  • 1
  • 1
  • First of all your codes are wide open to sql injections! you need to use prepared statement See here : https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php Now, id should be auto increment you dont need to add id, mysql will auto create an id for your post each time, since its not an udpate, –  Feb 11 '20 at 16:29
  • if you are updating post then see this answer : https://stackoverflow.com/a/59929664/12232340 –  Feb 11 '20 at 16:36

0 Answers0