Uploading image dont have an extension

Question

I created a form and am trying to upload image to directory and add the path in database. Hence, i submit the form only the image filename gets submitted without file extension name and also it wont be uploaded in the directory.

Below is my php code

if(isset($_POST['addcourse'])) {
    $uploadDirectory = "images/";

    if (!isset($_FILES['passport']) || !is_uploaded_file($_FILES['passport']['tmp_name'])) {


        $passport_data = $_FILES['passport']['tmp_name']; //file input
//    $passport_name = $_FILES['passport']['name']; //unique id for random filename
        $passport_size = $_FILES['passport']['size'];
        $unique_name = uniqid();
        $extension = pathinfo($_FILES['passport']['name'], PATHINFO_EXTENSION);
//    $target_file = $uploadDirectory.basename($_FILES['passport']['name']);
        $target_file = $uploadDirectory . basename($unique_name . "." . $extension);
        $passport_name = $unique_name . "." . $extension;

        move_uploaded_file($passport_data, $target_file);


        $name = mysqli_escape_string($myConn, $_POST["name"]);
        $code = mysqli_escape_string($myConn, $_POST["code"]);
        $course_req = mysqli_escape_string($myConn, $_POST["course_req"]);
        $course_des = mysqli_escape_string($myConn, $_POST["course_des"]);


        $sql = "INSERT INTO courses (name,code,course_req,course_des,passport)
     VALUES ('$name','$code','$course_req','$course_des','$passport_name')";
        if (mysqli_query($myConn, $sql)) { ?>
            <script type="text/javascript">
                alert("New Course Created Successfully");
                window.location = "addcourse";
            </script>
        <?php } else {
            echo "Error: " . $sql . ":-" . mysqli_error($myConn);
        }
        mysqli_close($myConn);
    }

}
?>

Below is the form i created

<form class="form-horizontal" action="insert" method="post" role="form" enctype="multipart/form-data">
                                <div class="form-group row">
                                    <label class="control-label col-sm-3 align-self-center">Course Name:</label>
                                    <div class="col-sm-9">
                                        <input type="text" name="name" class="form-control" id="course" placeholder="Enter Course Name">
                                    </div>
                                </div>
                                <div class="form-group row">
                                    <label class="control-label col-sm-3 align-self-center">Course Code:</label>
                                    <div class="col-sm-9">
                                        <input type="text" name="code" class="form-control" id="code" placeholder="Enter Course Code">
                                    </div>
                                </div>
                                <div class="form-group row">
                                    <label class="control-label col-sm-3 align-self-center">Course Requirements:</label>
                                    <div class="col-sm-9">
                                        <textarea type="text" name="course_req" class="form-control" id="course_req" rows="3"></textarea>
                                    </div>
                                </div>
                                <div class="form-group row">
                                    <label class="control-label col-sm-3 align-self-center">Course Description:</label>
                                    <div class="col-sm-9">
                                        <textarea type="text" name="course_des" class="form-control" id="course_des" rows="3"></textarea>
                                    </div>
                                </div>
                                <div class="form-group row">
                                    <label class="control-label col-sm-3 align-self-center">Featured Image:</label>
                                    <div class="col-sm-9">
                                        <input type="file" id="myfile" name="myfile">                                    </div>
                                </div>
                                <div class="form-group">
<!--                                    <input type="submit" name="addcourse" class="btn btn-primary" Value="addcourse">
-->                           <button type="submit" name="addcourse" class="btn btn-primary">Submit</button>
                                  <button type="submit" class="btn bg-danger">Cancel</button>
                                </div>
                            </form>

Attached image is how the database looks like after submission

I have checked the file naming and i expect the generated temp file name to be stored in passport field of table, then moved it the target folder.

try change name attribute myfile `` to `` .. and `if (!isset($_FILES['passport']) || !is_uploaded_file($_FILES['passport']['tmp_name'])) {` to `if (isset($_FILES['passport']) || is_uploaded_file($_FILES['passport']['tmp_name'])) {` — ferrysyahrinal, Mar 29 '22 at 03:38
but what is i have another input field to upload something let me call it "result" please how will i add the code. — cyb3rp0nd, Mar 29 '22 at 09:14
**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) — Dharman, Mar 29 '22 at 09:37

score 0 · Answer 1 · 2022-03-29T01:27:04.093

My basic example (upload and read a file) is like that :

<?php
if (isset($_FILES['the_key']['error']) && $_FILES['the_key']['error'] == UPLOAD_ERR_OK)
{
    if (is_uploaded_file($_FILES['the_key']['tmp_name']))
    {
        $extension = strrpos($_FILES['the_key']['name'], '.'); // locate the last dot
        if ($extension !== false)
        {
            $extension = substr($_FILES['the_key']['name'], 1 + $extension);
            // if needed add here a custom extension validation instead of ctype_alnum
            $extension = ctype_alnum($extension) ? '.' . strtolower($extension) : '.unknown';
        }
        else
            $extension = '.no-extension';       
        $filename = sha1(mt_rand()) . $extension ; // get a name
        move_uploaded_file($_FILES['the_key']['tmp_name'], $filename); // take the file
        readfile($filename); // read
        unlink($filename); // delete
        exit;
    }
}
 ?>
<form method=post enctype="multipart/form-data">
<input type=file name=the_key>
<input type=submit>

Uploading image dont have an extension

1 Answers1