-4

I have create a PHP file which is run using AJAX for uploading user's file to the server and update it's link to the database table. While running the file, I found that my PHP links file address with the database table successfully but the file is not moved in the destination folder that is 'uploads' folder. Unfortunately I'm unable to find the error. Could you help me in finding the error! MY PHP code is -

    <?php
session_start();
//error_reporting(0);
    $error = 0;
if($_FILES["image"]["name"] !='')
{
    $lastid = $_SESSION['lastid'];
    $img_name = $_FILES["image"]["name"];
    $tempname = $_FILES["image"]["tmp_name"];
    $img_size = $_FILES["image"]["size"];
    
    $img_ext = explode('.',$img_name);
    $ext_check = strtolower(end($img_ext));
    $ext_allwd = array('png','jpg','jpeg');
    $new_name = $lastid ."newname".".".$ext_check;
    $area = "uploads/".$new_name;

    if($ext_check !='jpg' || $ext_check!='jpeg' || $ext_check!='png'){
        $error = 1;
        echo "Only JPG, PNG or JPEG files are allowed.";
    }

    if($img_size > 512000 || $img_size < 51200){
        echo "File size must be 50kb to 500kb";
        $error = 1;
    }
    else{
        $error = 0;
    }

    if($error==0){

        // Create Connection 
        include 'connect.php';
        $conn = mysqli_connect ($host, $dbusername, $dbpassword, $dbname);
        $sql = "UPDATE `admndata` SET `imagename` = '$area' WHERE id = '$lastid'";

        //link with Database
        if (mysqli_query($conn, $sql)) {

        //move uploaded file
        move_uploaded_file($tempname,$area);

        // close connection after finishing the job
        mysqli_close($conn);
        }
        else {
        echo "Error updating record: " . mysqli_error($conn);

        // close connection after an error!
        mysqli_close($conn);
        }
    }
}
?>

Edit : Code edited after accepting suggestions via comments.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
sheetal singh
  • 119
  • 1
  • 2
  • 10
  • 2
    Your script is open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) You should consider using [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's instead of concatenated values – RiggsFolly Aug 17 '20 at 18:19
  • can you add a couple echo statements to make it easier to debug? basically add echo "on line x. still working" every couple lines, and add `error_reporting(E_ALL);` at very start of your script. Also, if you are on 'test server' with root access, type `sudo setenforce 0` to see if it is just unhappy about your permissions. – Dimi Aug 17 '20 at 18:19
  • 1
    Probably this has nothing to do with your problem. But you should put `mysqli_close($conn);` in the scope of `if($error==0){`. Otherwise `$conn` might be undefined – jrswgtr Aug 17 '20 at 18:19
  • Also your logic for determining if there is an error is wrong. According to your code: "IF the file is NOT a JPEG or PNG AND the size is less than 500kb THEN the file is allowed." So any files below 500kb are allowed – jrswgtr Aug 17 '20 at 18:29
  • @jrswgtr thanks for telling these two errors . I have removed this error. Please also help me in finding the aforesaid error. My all web php and html files are in httpdocs folder and uploads folder is also in httpdocs folder. still uploaded files is not moved in the uploads folder. – sheetal singh Aug 17 '20 at 18:43
  • " I have removed this error" Please update your question with the fixed code – jrswgtr Aug 17 '20 at 18:45
  • Is the uploads folder in the same folder as this file? – RGriffiths Aug 17 '20 at 19:10
  • You should be checking the return value of `move_uploaded_file()`. https://stackoverflow.com/questions/18929178/move-uploaded-file-function-is-not-working – kmoser Aug 17 '20 at 19:45

1 Answers1

-1

Hey kindly check this coding this coding is working correctly it will upload image and save it to "uploads/uploaddc/" in my programing and its working absolutly correct. it will check if the same named image is in the "uploads/uploaddc/" folder then it will tell the user that this image is being in the folder and if the image name is different then it will upload it to folder without any error. I have shared it with you so that you can check you coding and find the missing query for you function

 <?php
    if (isset($_POST['uploaddc'])) {
//adjust as per your folder
        $target_dir = "uploads/uploaddc/";

//check this line with your coding and adjust as per you requirement
        $target_file = $target_dir . basename($_FILES["imageUpload"]["name"]);

//check this line with your coding and adjust as per you requirement
        $imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);

        $jobid = $_POST['jobid'];
        
        if (move_uploaded_file($_FILES["imageUpload"]["tmp_name"], $target_file)) {
            
        } else {
            echo "Sorry, there was an error uploading your file.";}
        
    
        $checkifsame = "SELECT * FROM images WHERE jobid = '$jobid'";
        $ruencheckquery = mysqli_query($cons, $checkifsame);
        while ($row_category = mysqli_fetch_array($ruencheckquery)) {
            $imagename = $row_category['dcfile_name'];
            global $imagename;
            
        }
    
    
    // this function will tell if the same image is in the database
    
        if($imagename == $target_file){
            echo "Same Image in database . this image cannot be uploaded try other images";
        }else{  
    // adjust as per your database
        $insert_product = "INSERT INTO images(jobid, dcfile_name)  VALUES ('$jobid','$target_file')";
        $run_query = mysqli_query($cons, $insert_product);
    }
    
    }
    ?>

in the end specially check you <form action="" method="POST" enctype="multipart/form-data"> because recently i had add put . or other wrong word which send query to database but didn't move the picture to the specific folder. so kindly also check in this section as well.

I will be very happy if it work other wise i will try to help you further

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Saadii7788 Developer
  • 7
  • 2