I want to upload image file and signature file in different folder

Question

I create a html page which have two file that i want to store these 2 different file i.e., Image and Signature in two different folder i.e., profile and signature folder. but Signature file stored in profile folder and Image file cant stored any of them. Please help me out.

here is my code

 <?php
     require 'config.php';
    if(isset($_POST['submit'])){  
     
    $imagename = $_FILES["Image"]["name"];
    $imagetemp = $_FILES["Image"]["tmp_name"];
    $imagefolder = "Upload/profile/".$imagename;
    move_uploaded_file($imagetemp, $imagefolder);
    echo "<img src='$imagefolder' height='100px' width='100px'";

    $signname = $_FILES["Signature"]["name"];
    $signtemp = $_FILES["Signature"]["tmp_name"];
    $signfolder = "signature/".$signname;
    move_uploaded_file($signtemp, $signfolder);
    echo "<img src='$signfolder' height='100px' width='100px'";

    $Name = $_POST['Name'];
    $gender = $_POST['gender'];
    $phone = $_POST['phone'];
    $location = $_POST['location'];
    $Qualification = $_POST['Qualification'];
    $Speciality = $_POST['Speciality'];
    $Experience = $_POST['Experience'];
    $License_No = $_POST['License_No'];
    $Email = $_POST['Email'];
    $Password = $_POST['Password'];
    //$Image = $_POST['Image'];
    //$Signature = $_POST['Signature'];
    
    $sql = ("INSERT INTO doctor (Doctor_Name, gender, Phone, Location, Qualification, Speciality, Experience, License_No, Email, Password) value('$Name', '$gender', '$phone', '$location', '$Qualification', '$Speciality', '$Experience', '$License_No', '$Email', '$Password')");
    $insertquery= mysqli_query($con, $sql);
    if($insertquery){
        
        echo "data inserted";
    }
    else{
        echo "ERROR: $sql <br> $con->error";
    }  
    $con->close();
}

**Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. — ADyson, Jul 12 '22 at 10:23
https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use it again. — ADyson, Jul 12 '22 at 10:23
Add `mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` before your `mysqli_connect()` (or `new mysqli()`) command, and this will ensure that errors with your SQL queries are reported correctly to PHP automatically, without needing tedious boilerplate error checking code after every sql command — ADyson, Jul 12 '22 at 10:24
Also, please don't store passwords in plain text - that is another security risk. Learn about [password hashing](https://www.php.net/manual/en/faq.passwords.php) instead. See also [How to use PHP's password_hash to hash and verify passwords](https://stackoverflow.com/questions/30279321/how-to-use-phps-password-hash-to-hash-and-verify-passwords) — ADyson, Jul 12 '22 at 10:24
`Signature file stored in profile folder`...seems impossible from the code shown, unless of course in the front-end you've mixed up the field names, or you simply put the file into the wrong file input box. — ADyson, Jul 12 '22 at 10:25
`Image file cant stored any of them`...."can't" means what exactly? Do you get an error or warning? Have you done any debugging? I note also that your code doesn't bother to check whether the upload succeeded before trying to move the file. See https://www.php.net/manual/en/features.file-upload.errors.php for more details. — ADyson, Jul 12 '22 at 10:27
Overall this code you have posted is very low-quality and should never go anywhere near a live system without serious changes and improvements. You should even seriously consider throwing it away and starting again, and finding some better learning resources to work with. — ADyson, Jul 12 '22 at 10:28
You should use file_exists() to check if the desired folders exist in the first place, then if the folders doesn't exist, use mkdir() to create folders and then go for move_uploaded_file() function. And also bind your sql values before inserting it in db. — Aarony, Jul 12 '22 at 13:04

I want to upload image file and signature file in different folder

0 Answers0