0
if(isset($_POST['submit'])){ 
    // File upload configuration 
    mkdir("public/$order_id", 0770, true);
    $targetDir = "public/$order_id/"; 
    $allowTypes = array('jpg','png','jpeg','gif'); 
     
    $statusMsg = $errorMsg = $insertValuesSQL = $errorUpload = $errorUploadType = ''; 
    $fileNames = array_filter($_FILES['files']['name']); 
    if(!empty($fileNames)){ 
        foreach($_FILES['files']['name'] as $key=>$val){ 
            // File upload path 
            $fileName = basename($_FILES['files']['name'][$key]); 
            $targetFilePath = $targetDir . $fileName; 
             
            // Check whether file type is valid 
            $fileType = pathinfo($targetFilePath, PATHINFO_EXTENSION); 
            if(in_array($fileType, $allowTypes)){ 
                // Upload file to server 
                if(move_uploaded_file($_FILES["files"]["tmp_name"][$key], $targetFilePath)){ 
                    // Image db insert sql 
                    $insertValuesSQL .= "('".$order_id."','".$fileName."', NOW()),"; 
                }else{ 
                    $errorUpload .= $_FILES['files']['name'][$key].' | '; 
                } 
            }else{ 
                $errorUploadType .= $_FILES['files']['name'][$key].' | '; 
            } 
        } 
         
        // Error message 
        $errorUpload = !empty($errorUpload)?'Upload Error: '.trim($errorUpload, ' | '):''; 
        $errorUploadType = !empty($errorUploadType)?'File Type Error: '.trim($errorUploadType, ' | '):''; 
        $errorMsg = !empty($errorUpload)?'<br/>'.$errorUpload.'<br/>'.$errorUploadType:'<br/>'.$errorUploadType; 
         
        if(!empty($insertValuesSQL)){ 
            $insertValuesSQL = trim($insertValuesSQL, ','); 
            // Insert image file name into database 
            $insert = $db->query("INSERT INTO idcardprint (orderid,img1, date) VALUES $insertValuesSQL"); 
            if($insert){ 
                $statusMsg = "Files are uploaded successfully.".$errorMsg; 
            }else{ 
                $statusMsg = "Sorry, there was an error uploading your file."; 
            } 
        }else{ 
            $statusMsg = "Upload failed! ".$errorMsg; 
        } 
    }else{ 
        $statusMsg = 'Please select a file to upload.'; 
    } 
} 
?>

I Have try and get like this

img A img B
img 1
img 2

I want to get below table

img A img B
img 1 img 2
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Shah Tech
  • 3
  • 1
  • https://meta.stackoverflow.com/questions/388759/why-should-i-tag-my-rdbms – Reporter Nov 16 '22 at 10:48
  • The table you are using in the code contains a column `img1`, while the table below the code does not. What have you tried to resolve your problem? Where are you stuck? – Nico Haase Nov 16 '22 at 10:51
  • 1
    Also, be warned that the `INSERT` query you use is highly vulnerable for SQL injection. Have a look at prepared statements to avoid getting hacked – Nico Haase Nov 16 '22 at 10:51
  • 2
    I think the whole idea of storing multiple images in one row is flawed. You should use multiple rows for multiple images. The order id will tell you which images belong together. See: [database normalization](https://www.studytonight.com/dbms/database-normalization.php). This might seem a bit theoretical, but applying these rules can help you prevent a lot of problems in the future. – KIKO Software Nov 16 '22 at 11:01
  • 1
    You need two tables: Orders, and OrderImages. OrderImages would have a foreign key back to Orders, and store all the images relating to that order, each in a separate row. That would be a correctly normalised design. What you're proposing now is denormalised and a poor design...it would cause you problems in future - it's inflexible, hard to get data about all images, really difficult to sort/filter image data, etc. etc. Normalisation techniques exist for a reason, so please use them. If you don't know about this stuff, take a course on database design before trying to design a database! – ADyson Nov 16 '22 at 11:53
  • P.S. **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli / PDO. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson Nov 16 '22 at 11:54
  • https://phpdelusions.net/mysqli (or https://phpdelusions.net/pdo if you use PDO) also contains good examples of writing safe SQL queries in PHP. See also : [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values (e.g a filename can legitimately contain a `'`...). If you learnt your current technique from a tutorial or book, please don't use it again. – ADyson Nov 16 '22 at 11:54

0 Answers0