Image is not uploading to database

Question

php

      if(isset($_POST['save_albums']))
                {
                    $name = $_POST['album_name'];
                    $designation = $_POST['album_designation'];
                    $images = $_FILES["album_image"]["name"];

                    if(file_exists("uploads/" .$_FILES["album_image"]["name"]))

                    {
                        $store = $_FILES["album_image"]["name"];
                        $_SESSION['status'] = "Image already exists.'.$store.' ";
                        header('Location: albums.php');
                    }

                    else
                    {

                        $query = "INSERT INTO albums ('name','designation','images') VALUES ('$name','$designation','$images')";
                        $query_run = mysqli_query($connection,$query);

                        if($query_run)
                        {
                            move_uploaded_file($_FILES["album_image"]["tmp_name"], "uploads/".$_FILES["album_image"]["name"]);
                            $_SESSION['success'] = "Image Added";
                            header('Location: albums.php');
                        }
                        else
                        {
                            $_SESSION['status'] = "Image Not Added";
                            header('Location: albums.php'); 
                        }
                    } 
                }

            i am watching a video of funda Web It on YouTube and he did this code i do the same thing and the image it is not uploading can someone help me

                <?php
                    include('security.php');
                    include('includes/header.php');
                    include('includes/navbar.php');
                ?>



                <!-- modal medium -->
                <div class="modal fade" id="albumsModal" tabindex="-1" role="dialog" aria-labelledby="mediumModalLabel"
                    aria-hidden="true">
                    <div class="modal-dialog modal-lg" role="document">
                        <div class="modal-content">
                            <div class="modal-header">
                                <h5 class="modal-title" id="mediumModalLabel">Albums</h5>
                                <button type="button" class="close" data-dismiss="modal" aria-label="Close">
                                    <span aria-hidden="true">&times;</span>
                                </button>
                            </div>
                            <div class="modal-body">
                                <div class="login-logo">
                                    <a href="#">
                                        <img src="images/icon/logo.png" alt="CoolAdmin">
                                    </a>
                                </div>
                                <div class="login-form">
                                    <form action="albums_code.php" method="post" enctype="multipart/form-data">
                                        <div class="form-group">
                                            <label>Name</label>
                                            <input class="au-input au-input--full" type="text" name="album_name" placeholder="Enter Name" required>
                                        </div>
                                        <div class="form-group">
                                            <label>Designation</label>
                                            <input class="au-input au-input--full" type="text" name="album_designation"
                                                placeholder="Enter Designation" height="38px" required>
                                        </div>
                                        <div class="form-group">
                                            <label>Upload Image</label>
                                            <input class="au-input au-input--full" type="file" name="album_image" id="album_images"
                                             height="38px" required>
                                        </div>
                                        <button class="au-btn au-btn--block au-btn--green m-b-20" name="save_albums"
                                            type="submit">Save</button>
                                        <button type="button" class="au-btn au-btn--block au-btn--red m-b-20"
                                            data-dismiss="modal">Cancel</button>
                                    </form>
                                </div>
                            </div>
                        </div>
                    </div>
                </div>




                <!-- MAIN CONTENT-->
                <div class="main-content">
                    <div class="section__content section__content--p30">
                        <div class="container-fluid">
                            <div class="row">
                                <div class="col-md-12">
                                    <div class="card">
                                        <div class="card-header">
                                            <i class="mr-2 fa fa-align-justify"></i>
                                            <strong class="card-title" v-if="headerText">Albums</strong>
                                        </div>
                                        <div class="card-body">
                                            <button type="button" class="btn btn-secondary mb-1" data-toggle="modal"
                                                data-target="#albumsModal">
                                                ADD
                                            </button>
                                            <?php
                                                if(isset($_SESSION['success']) && $_SESSION['success'] != "")
                                                {
                                                    echo '<h4 class = "alert alert-success text-center">' .$_SESSION['success'] .'</h4>';
                                                    unset($_SESSION['success']);
                                                }

                                                if(isset($_SESSION['status']) && $_SESSION['status'] != "")
                                                {
                                                    echo '<h4 class = "alert alert-danger text-center ">' .$_SESSION['status'] .'</h4>';
                                                    unset($_SESSION['status']);
                                                }
                                            ?>
                                        </div>
                                    </div>
                                </div>
                            </div>
                            <!-- end modal medium -->
                            <div class="row">
                                <div class="col-lg-12">
                                    <div class="table-responsive table--no-card m-b-30">

                                        <!-- Retreive Data From Database And Display In Table -->
                                        <table class="table table-borderless table-striped table-earning">
                                            <thead>
                                                <tr>
                                                    <th>ID</th>
                                                    <th>Name</th>
                                                    <th>Designation</th>
                                                    <th>Image</th>
                                                    <th>Edit</th>
                                                    <th>Delete</th>
                                                </tr>
                                            </thead>
                                            <tbody>
                                                <tr>
                                                    <td></td>
                                                    <td></td>
                                                    <td></td>
                                                    <td></td>
                                                    <td>
                                                        <button type="submit" class="btn btn-success"><i
                                                                class="fas fa-edit pr-2"></i>Edit</button>
                                                    </td>
                                                    <td>
                                                        <button type="submit" class="btn btn-danger"><i
                                                                class="fas fa-trash-alt pr-2"></i>Delete</button>
                                                    </td>
                                                </tr>
                                            </tbody>
                                        </table>
                                    </div>
                                </div>
                            </div>
                        </div>
                    </div>
                </div>

                <?php
                    include('includes/scripts.php');
                    include('includes/footer.php');
                ?>

Answer 1

First of all, there is no need to repeat this code multiple times:

$_FILES["album_image"]["name"];

Just set it to a variable once, then use the variable throughout the rest of the code. But the file name has to be sanitized first, that's why it must not be used like it is.

Next, you are not providing enough details, just the topic title that says 'Image is not uploading to database'. Does that mean that file is at least uploaded to your directory or not ? Does PHP report an error ? Are you handling PHP errors at all, or ignoring them ? is the record saved to the database or not ?

Maybe your PHP configuration does not accept file uploads by default. Check your configuration file php.ini and look for the file_uploads directive.

You have to make sure that a file was actually updated. See for example: How to check whether the user uploaded a file in PHP?.

One thing you could is dump all the POST and FILE request variables and see the values sent by the browser. Verify that the data is there and what it looks like.

My advice would be to stop what you are doing and read up a bit. This code is highly insecure for many reasons:

• SQL injections are trivial to exploit because you are not using parameterized queries (try adding some single quotes in your textbox fields and your code will quickly crash)
• lack of sanitization of user input
• file uploads are very dangerous, you are not even checking properly that a file is indeed uploaded, the file extension etc so an attacker could easily upload a PHP shell and take control of your server
• what happens if an attacker tampers with the file name and injects '../../../', slashes, or null bytes ? You are wrongly assuming that the files will always go the uploads folder and that someone cannot circumvent your code.

Here is some useful reading:

• Wordfence: 2.5: How to Prevent File Upload Vulnerabilities
• How to securely upload files with PHP?

But those resources do not cover all possible scenarios. This is just a start.

Rather than reinvent the wheel I would suggest that you use existing third-party libraries. There is plenty of open-source code that is proven and free.

Or better yet, use a real development framework. This kind of coding is how PHP applications were done 10 or 15 years ago. Nowadays developers use frameworks, to speed up development, reuse code and also avoid the common pitfalls and security vulnerabilities.

If you put this code on a server exposed to the Internet, you will get hacked in no time.

Also, one should normally not be allowed to overwrite an existing image. What I would do is save the record first, retrieve the unique ID and then rename the image with that unique ID in the file name. For example, if the record is saved with ID 135244, simply save the image as 135244.jpg.