0

I am trying to do that if the user only adds 2-3 images still it could send the image and image name to the Database. I tried and created ($sql4) for it but it shows an error that the file type is not supported, and I also checked that the file type it was the (png file). Please help me.

add_blog.php

<?php include 'header.php';
if (isset($_SESSION['user_data'])) {
    // This will fetch the author id that is stored in index['0'].
    $author_id = $_SESSION['user_data']['0'];

    $sql = "SELECT * FROM categories";
    $query = mysqli_query($config, $sql);
}
?>

<div class="container">
    <h5 class="mb-2 text-gray-800">School</h5>
    <div class="row">
        <div class="col-xl-8 col-lg-6">
            <div class="card">
                <div class="card-header">
                    <h6 class="font-weight-bold text-primary mt-2">Add School</h6>
                </div>
                <div class="card-body">
                    <form action="" method="POST" enctype="multipart/form-data">
                        <div class="mb-3">
                            <input type="text" name="blog_title" placeholder="Title" class="form-control">
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_tagline" placeholder="Tagline" class="form-control">
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_rating" placeholder="Rating" class="form-control">
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_projects" placeholder="Projects" class="form-control">
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_events" placeholder="School Events" class="form-control">
                        </div>
                        <div class="mb-3">
                            <input type="number" name="school_mobile" placeholder="School Number" class="form-control">
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_email" placeholder="School Email" class="form-control">
                        </div>
                        <div class="mb-3">
                            <?php include 'icons.php'; ?>
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_facility" placeholder="Facilities your school have" class="form-control">
                        </div>
                        <div class="mb-3">
                            <?php include 'icons_2.php'; ?>
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_facility_2" placeholder="Facilities 2" class="form-control">
                        </div>
                        <div class="mb-3">
                            <?php include 'icons_3.php'; ?>
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_facility_3" placeholder="Facilities 3" class="form-control">
                        </div>
                        <div class="mb-3">
                            <?php include 'icons_4.php'; ?>
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_facility_4" placeholder="Facilities 4" class="form-control">
                        </div>
                        <div class="mb-3">
                            <?php include 'icons_5.php'; ?>
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_facility_5" placeholder="Facilities 5" class="form-control">
                        </div>
                        <div class="mb-3">
                            <?php include 'icons_6.php'; ?>
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_facility_6" placeholder="Facilities 6" class="form-control">
                        </div>
                        <div class="mb-3">
                            <?php include 'icons_7.php'; ?>
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_facility_7" placeholder="Facilities 7" class="form-control">
                        </div>
                        <div class="mb-3">
                            <?php include 'icons_8.php'; ?>
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_facility_8" placeholder="Facilities 8" class="form-control">
                        </div>
                        <div class="mb-3">
                            <?php include 'icons_activities.php'; ?>
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_activities_heading_1" placeholder="School Activities Heading" class="form-control">
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_activities_para_1" placeholder="School activities Paragraph" class="form-control">
                        </div>
                        <div class="mb-3">
                            <?php include 'icons_activities_2.php'; ?>
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_activities_heading_2" placeholder="School activities Heading 2" class="form-control">
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_activities_para_2" placeholder="School Activities Paragraph 2" class="form-control">
                        </div>
                        <div class="mb-3">
                            <?php include 'icons_activities_3.php'; ?>
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_activities_heading_3" placeholder="School activities Heading 3" class="form-control">
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_activities_para_3" placeholder="School activities Paragraph 3" class="form-control">
                        </div>
                        <div class="mb-3">
                            <?php include 'icons_mission.php'; ?>
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_mission_heading" placeholder="School Mission Heading" class="form-control">
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_mission_para" placeholder="School Mission Paragraph" class="form-control">
                        </div>
                        <div class="mb-3">
                            <?php include 'icons_vision.php'; ?>
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_vision_heading" placeholder="School Vision Heading" class="form-control">
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_vision_para" placeholder="School Vision Paragraph" class="form-control">
                        </div>
                        <div class="mb-3">
                            <label for="">About School Infomartion</label>
                            <textarea class="form-control" name="blog_body" id="blog" rows="2"></textarea>
                        </div>
                        <div class="mb-3">
                            <label for="">School Activities Infomartion</label>
                            <textarea class="form-control" name="school_activities" id="blog_1" rows="2"></textarea>
                        </div>
                        <div class="mb-3">
                            <label for="">If you have mission or vision please describe</label>
                            <textarea class="form-control" name="school_mission_vision" id="blog_2" rows="2"></textarea>
                        </div>
                        <div class="mb-3">
                            <input type="file" name="blog_image" class="form-control">
                        </div>
                        <div class="mb-3">
                            <input type="file" name="school_image" class="form-control">
                        </div>
                        <div class="mb-3">
                            <input type="file" name="school_image_2" class="form-control">
                        </div>
                        <div class="mb-3">
                            <input type="file" name="school_image_3" class="form-control">
                        </div>
                        <div class="mb-3">
                            <input type="file" name="school_image_4" class="form-control">
                        </div>
                        <div class="mb-3">
                            <input type="file" name="school_image_5" class="form-control">
                        </div>
                        <div class="mb-3">
                            <input type="file" name="school_image_6" class="form-control">
                        </div>
                        <div class="mb-3">
                            <input type="file" name="school_image_7" class="form-control">
                        </div>
                        <div class="mb-3">
                            <input type="file" name="school_image_8" class="form-control">
                        </div>
                        <div class="mb-3">
                            <?php include 'icons_social.php'; ?>
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_instagram" placeholder="Instagram Link" class="form-control">
                        </div>
                        <div class="mb-3">
                            <?php include 'icons_social_2.php'; ?>
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_facebook" placeholder="Facebook Link" class="form-control">
                        </div>
                        <div class="mb-3">
                            <?php include 'icons_social_3.php'; ?>
                        </div>
                        <div class="mb-3">
                            <input type="text" name="school_twitter" placeholder="Twitter Link" class="form-control">
                        </div>
                        <div class="mb-3">
                            <select class="form-control" name="category">
                                <option value="" name="category">Select Category</option>
                                <!-- $cats will fetch all all the data that is store in the categories. -->
                                <?php while ($cats = mysqli_fetch_assoc($query)) { ?>
                                    <option value="<?= $cats['cat_id'] ?>">
                                        <?= $cats['cat_name'] ?>
                                    </option>

                                <?php } ?>
                                }
                            </select>
                        </div>
                        <div class="mb-3">
                            <input type="submit" name="add_blog" value="Add" class="btn btn-primary">
                            <a class="btn btn-secondary" href="index.php">Back</a>
                        </div>
                    </form>
                </div>
            </div>
        </div>
    </div>
</div>

<?php
include 'footer.php';

// If the user click on Add button then the user data should upload to the database.
if (isset($_POST['add_blog'])) {
    $title = mysqli_real_escape_string($config, $_POST['blog_title']);
    
    $tagline = mysqli_real_escape_string($config, $_POST['school_tagline']);
    
    $rating = mysqli_real_escape_string($config, $_POST['school_rating']);
    
    $projects = mysqli_real_escape_string($config, $_POST['school_projects']);
    
    $events = mysqli_real_escape_string($config, $_POST['school_events']);
    
    $mobile = mysqli_real_escape_string($config, $_POST['school_mobile']);
    
    $email = mysqli_real_escape_string($config, $_POST['school_email']);
    
    $activities = mysqli_real_escape_string($config, $_POST['school_activities']);
    
    $missionVision = mysqli_real_escape_string($config, $_POST['school_mission_vision']);
    
    $body = mysqli_real_escape_string($config, $_POST['blog_body']);
    
    $icon = mysqli_real_escape_string($config, $_POST['icon_input']);
    
    $facility_1 = mysqli_real_escape_string($config, $_POST['school_facility']);
    
    $icon2 = mysqli_real_escape_string($config, $_POST['icon_input_2']);
    
    $facility_2 = mysqli_real_escape_string($config, $_POST['school_facility_2']);
    
    $icon3 = mysqli_real_escape_string($config, $_POST['icon_input_3']);
    
    $facility_3 = mysqli_real_escape_string($config, $_POST['school_facility_3']);
    
    $icon4 = mysqli_real_escape_string($config, $_POST['icon_input_4']);
    
    $facility_4 = mysqli_real_escape_string($config, $_POST['school_facility_4']);
    
    $icon5 = mysqli_real_escape_string($config, $_POST['icon_input_5']);
    
    $facility_5 = mysqli_real_escape_string($config, $_POST['school_facility_5']);
    
    $icon6 = mysqli_real_escape_string($config, $_POST['icon_input_6']);
    
    $facility_6 = mysqli_real_escape_string($config, $_POST['school_facility_6']);
    
    $icon7 = mysqli_real_escape_string($config, $_POST['icon_input_7']);
    
    $facility_7 = mysqli_real_escape_string($config, $_POST['school_facility_7']);
    
    $icon8 = mysqli_real_escape_string($config, $_POST['icon_input_8']);
    
    $facility_8 = mysqli_real_escape_string($config, $_POST['school_facility_8']);
    
    $icon_mission = mysqli_real_escape_string($config, $_POST['icons_mission']);
    
    $mission_heading = mysqli_real_escape_string($config, $_POST['school_mission_heading']);
    
    $mission_para = mysqli_real_escape_string($config, $_POST['school_mission_para']);
    
    $icon_vision = mysqli_real_escape_string($config, $_POST['icons_vision']);
    
    $vision_heading = mysqli_real_escape_string($config, $_POST['school_vision_heading']);
    
    $vision_para = mysqli_real_escape_string($config, $_POST['school_vision_para']);
    
    $icon_activities = mysqli_real_escape_string($config, $_POST['icons_activities']);
    
    $activities_heading_1 = mysqli_real_escape_string($config, $_POST['school_activities_heading_1'])
    ;
    $activities_para_1 = mysqli_real_escape_string($config, $_POST['school_activities_para_1']);
    
    $icon_activities_2 = mysqli_real_escape_string($config, $_POST['icons_activities_2']);
    
    $activities_heading_2 = mysqli_real_escape_string($config, $_POST['school_activities_heading_2']);
    
    $activities_para_2 = mysqli_real_escape_string($config, $_POST['school_activities_para_2']);
    
    $icon_activities_3 = mysqli_real_escape_string($config, $_POST['icons_activities_3']);
    
    $activities_heading_3 = mysqli_real_escape_string($config, $_POST['school_activities_heading_3']);
    
    $activities_para_3 = mysqli_real_escape_string($config, $_POST['school_activities_para_3']);
    
    $filename = $_FILES['blog_image']['name'];
    $tmp_name = $_FILES['blog_image']['tmp_name'];
    $size = $_FILES['blog_image']['size'];

    $filename1 = $_FILES['school_image']['name'];
    $tmp_name1 = $_FILES['school_image']['tmp_name'];
    $size1 = $_FILES['school_image']['size'];

    $filename2 = $_FILES['school_image_2']['name'];
    $tmp_name2 = $_FILES['school_image_2']['tmp_name'];
    $size2 = $_FILES['school_image_2']['size'];

    $filename3 = $_FILES['school_image_3']['name'];
    $tmp_name3 = $_FILES['school_image_3']['tmp_name'];
    $size3 = $_FILES['school_image_3']['size'];

    $filename4 = $_FILES['school_image_4']['name'];
    $tmp_name4 = $_FILES['school_image_4']['tmp_name'];
    $size4 = $_FILES['school_image_4']['size'];

    $filename5 = $_FILES['school_image_5']['name'];
    $tmp_name5 = $_FILES['school_image_5']['tmp_name'];
    $size5 = $_FILES['school_image_5']['size'];

    $filename6 = $_FILES['school_image_6']['name'];
    $tmp_name6 = $_FILES['school_image_6']['tmp_name'];
    $size6 = $_FILES['school_image_6']['size'];

    $filename7 = $_FILES['school_image_7']['name'];
    $tmp_name7 = $_FILES['school_image_7']['tmp_name'];
    $size7 = $_FILES['school_image_7']['size'];

    $filename8 = $_FILES['school_image_8']['name'];
    $tmp_name8 = $_FILES['school_image_8']['tmp_name'];
    $size8 = $_FILES['school_image_8']['size'];

    $social_icon = mysqli_real_escape_string($config, $_POST['icon_social']);
    // This will make the connect to database and will post the data to the database.
    $instagram = mysqli_real_escape_string($config, $_POST['school_instagram']);
    // $filename variable will have the image and image name. $_FILES will upload the image to the database.
    $social_icon_2 = mysqli_real_escape_string($config, $_POST['icon_social_2']);
    // This will make the connect to database and will post the data to the database.
    $facebook = mysqli_real_escape_string($config, $_POST['school_facebook']);
    // $filename variable will have the image and image name. $_FILES will upload the image to the database.
    $social_icon_3 = mysqli_real_escape_string($config, $_POST['icon_social_3']);
    // This will make the connect to database and will post the data to the database.
    $twitter = mysqli_real_escape_string($config, $_POST['school_twitter']);
    // $image_ext variable will lower the extionsion letter for example if the extension is (PNG) it will be convert to lower case (png). So this variable will get the file name and the extension of the file.
    $image_ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
    $image_ext1 = strtolower(pathinfo($filename1, PATHINFO_EXTENSION));
    $image_ext2 = strtolower(pathinfo($filename2, PATHINFO_EXTENSION));
    $image_ext3 = strtolower(pathinfo($filename3, PATHINFO_EXTENSION));
    $image_ext4 = strtolower(pathinfo($filename4, PATHINFO_EXTENSION));
    $image_ext5 = strtolower(pathinfo($filename5, PATHINFO_EXTENSION));
    $image_ext6 = strtolower(pathinfo($filename6, PATHINFO_EXTENSION));
    $image_ext7 = strtolower(pathinfo($filename7, PATHINFO_EXTENSION));
    $image_ext8 = strtolower(pathinfo($filename8, PATHINFO_EXTENSION));
    // $allow_type varibale have the set the extension file type that are supported.
    $allow_type = ['jpg', 'png', 'jpeg', 'webp', 'svg'];
    // $destination varibale is set to upload the image to the given path folder "upload/". So it will send the particurlar file that is selected by the user.
    $destination = "upload/" . $filename;
    $destination1 = "upload/" . $filename1;
    $destination2 = "upload/" . $filename2;
    $destination3 = "upload/" . $filename3;
    $destination4 = "upload/" . $filename4;
    $destination5 = "upload/" . $filename5;
    $destination6 = "upload/" . $filename6;
    $destination7 = "upload/" . $filename7;
    $destination8 = "upload/" . $filename8;
    // This will make the connect to database and will post the data to the database.
    $category = mysqli_real_escape_string($config, $_POST['category']);
    if (!empty($filename)) {
    if (!empty($filename1)) {
        // In this (if statement) there is function called in_array that will ckeck the value in array that it exists or not. If the file extension matches then upload the file else show the error.
        if (in_array($image_ext, $allow_type) && in_array($image_ext1, $allow_type) && in_array($image_ext2, $allow_type) && in_array($image_ext3, $allow_type) && in_array($image_ext4, $allow_type) && in_array($image_ext5, $allow_type) && in_array($image_ext6, $allow_type) && in_array($image_ext7, $allow_type) && in_array($image_ext8, $allow_type)) {
            // If the file size is lesser then 5MB then upload the file else show error.
            if ($size <= 5000000) {
                // If the image validation checks pass then move it to this folder
                move_uploaded_file($tmp_name, $destination);
                move_uploaded_file($tmp_name1, $destination1);
                move_uploaded_file($tmp_name2, $destination2);
                move_uploaded_file($tmp_name3, $destination3);
                move_uploaded_file($tmp_name4, $destination4);
                move_uploaded_file($tmp_name5, $destination5);
                move_uploaded_file($tmp_name6, $destination6);
                move_uploaded_file($tmp_name7, $destination7);
                move_uploaded_file($tmp_name8, $destination8);
                // This wll insert all the input that is field by the user in the database blog section.
                $sql2 = "INSERT INTO blog(blog_title, school_tagline, school_rating, school_projects, school_events, school_mobile, school_email, blog_body, icon_input, school_facility, icon_input_2, school_facility_2, icon_input_3, school_facility_3, icon_input_4, school_facility_4, icon_input_5, school_facility_5, icon_input_6, school_facility_6, icon_input_7, school_facility_7, icon_input_8, school_facility_8, icons_activities, school_activities_heading_1, school_activities_para_1, icons_activities_2, school_activities_heading_2, school_activities_para_2, icons_activities_3, school_activities_heading_3, school_activities_para_3, icons_mission, school_mission_heading, school_mission_para, icons_vision, school_vision_heading, school_vision_para, school_activities, school_mission_vision, blog_image, school_images, school_images_2, school_images_3, school_images_4, school_images_5, school_images_6, school_images_7, school_images_8, icon_social, school_instagram, icon_social_2, school_facebook, icon_social_3, school_twitter, category, author_id) VALUES('$title', '$tagline', '$rating', '$projects', '$events', '$mobile', '$email', '$body', '$icon', '$facility_1', '$icon2', '$facility_2', '$icon3', '$facility_3', '$icon4', '$facility_4', '$icon5', '$facility_5', '$icon6', '$facility_6', '$icon7', '$facility_7', '$icon8', '$facility_8', '$icon_activities', '$activities_heading_1', '$activities_para_1', '$icon_activities_2', '$activities_heading_2', '$activities_para_2', '$icon_activities_3', '$activities_heading_3', '$activities_para_3', '$icon_mission', '$mission_heading', '$mission_para', '$icon_vision', '$vision_heading', '$vision_para',  '$activities', '$missionVision', '$filename', '$filename1', '$filename2', '$filename3', '$filename4', '$filename5', '$filename6', '$filename7', '$filename8', '$social_icon', '$social_icon_2', '$social_icon_3', '$instagram', '$facebook', '$twitter',  '$category', '$author_id')";
                $query2 = mysqli_query($config, $sql2);
                if ($query2) {
                    $msg = ["Post Publish Successfully", "alert-success"];
                    $_SESSION['msg'] = $msg;
                    // If the post publish successfully then redirect to same page with success message.
                    header("location:add_blog.php");
                } else {
                    $msg = ["Failed, Please try again", "alert-danger"];
                    $_SESSION['msg'] = $msg;
                    // If the post it not able to post then redirect to same page with error message.
                    header("location:add_blog.php");
                }
            } else {
                $msg = ["Image file size should not be greater then 5MB", "alert-danger"];
                $_SESSION['msg'] = $msg;
                // If the file size is bigger then 5MB then redirect to same page with error message.
                header("location:add_blog.php");
            }
        } else {
            $msg = ["Image file type is not allowed (only jpg, jpeg, png, webp, svg)", "alert-danger"];
            $_SESSION['msg'] = $msg;
            // If the file extension is not supported then redirect to same page with error message.
            header("location:add_blog.php");
        }
    } else {
        $sql3 = "INSERT INTO blog(blog_title, school_tagline, school_rating, school_projects, school_events, school_mobile, school_email, blog_body, icon_input, school_facility, icon_input_2, school_facility_2, icon_input_3, school_facility_3, icon_input_4, school_facility_4, icon_input_5, school_facility_5, icon_input_6, school_facility_6, icon_input_7, school_facility_7, icon_input_8, school_facility_8, icons_activities, school_activities_heading_1, school_activities_para_1, icons_activities_2, school_activities_heading_2, school_activities_para_2, icons_activities_3, school_activities_heading_3, school_activities_para_3, icons_mission, school_mission_heading, school_mission_para, icons_vision, school_vision_heading, school_vision_para, school_activities, school_mission_vision, icon_social, school_instagram, icon_social_2, school_facebook, icon_social_3, school_twitter, category, author_id) VALUES('$title', '$tagline', '$rating', '$projects', '$events', '$mobile', '$email', '$body', '$icon', '$facility_1', '$icon2', '$facility_2', '$icon3', '$facility_3', '$icon4', '$facility_4', '$icon5', '$facility_5', '$icon6', '$facility_6', '$icon7', '$facility_7', '$icon8', '$facility_8', '$icon_activities', '$activities_heading_1', '$activities_para_1', '$icon_activities_2', '$activities_heading_2', '$activities_para_2', '$icon_activities_3', '$activities_heading_3', '$activities_para_3', '$icon_mission', '$mission_heading', '$mission_para', '$icon_vision', '$vision_heading', '$vision_para',  '$activities', '$missionVision', '$social_icon', '$social_icon_2', '$social_icon_3', '$instagram', '$facebook', '$twitter',  '$category', '$author_id')";
            $query3 = mysqli_query($config, $sql3);
            if ($query3) {
                $msg = ["Post Publish Successfully", "alert-success"];
                $_SESSION['msg'] = $msg;
                // If the post publish successfully then redirect to same page with success message.
                header("location:add_blog.php");
            } else {
                $msg = ["Failed, Please try again", "alert-danger"];
                $_SESSION['msg'] = $msg;
                // If the post it not able to post then redirect to same page with error message.
                header("location:add_blog.php");
            }
    } 
} else{
    $sql4 = "INSERT INTO blog(blog_title, school_tagline, school_rating, school_projects, school_events, school_mobile, school_email, blog_body, icon_input, school_facility, icon_input_2, school_facility_2, icon_input_3, school_facility_3, icon_input_4, school_facility_4, icon_input_5, school_facility_5, icon_input_6, school_facility_6, icon_input_7, school_facility_7, icon_input_8, school_facility_8, icons_activities, school_activities_heading_1, school_activities_para_1, icons_activities_2, school_activities_heading_2, school_activities_para_2, icons_activities_3, school_activities_heading_3, school_activities_para_3, icons_mission, school_mission_heading, school_mission_para, icons_vision, school_vision_heading, school_vision_para, school_activities, school_mission_vision, blog_image, school_images, icon_social, school_instagram, icon_social_2, school_facebook, icon_social_3, school_twitter, category, author_id) VALUES('$title', '$tagline', '$rating', '$projects', '$events', '$mobile', '$email', '$body', '$icon', '$facility_1', '$icon2', '$facility_2', '$icon3', '$facility_3', '$icon4', '$facility_4', '$icon5', '$facility_5', '$icon6', '$facility_6', '$icon7', '$facility_7', '$icon8', '$facility_8', '$icon_activities', '$activities_heading_1', '$activities_para_1', '$icon_activities_2', '$activities_heading_2', '$activities_para_2', '$icon_activities_3', '$activities_heading_3', '$activities_para_3', '$icon_mission', '$mission_heading', '$mission_para', '$icon_vision', '$vision_heading', '$vision_para',  '$activities', '$missionVision', '$filename', '$filename1', '$social_icon', '$social_icon_2', '$social_icon_3', '$instagram', '$facebook', '$twitter',  '$category', '$author_id')";
    $query4 = mysqli_query($config, $sql4);
    // $sql3 = "INSERT INTO images(school_image) VALUES('$filename1')";
    // $query3 = mysqli_query($config, $sql3);
    if ($query4) {
        $msg = ["Post Publish Successfully", "alert-success"];
        $_SESSION['msg'] = $msg;
        // If the post publish successfully then redirect to same page with success message.
        header("location:add_blog.php");
    } else {
        $msg = ["Failed, Please try again", "alert-danger"];
        $_SESSION['msg'] = $msg;
        header("location:add_blog.php");
    }       
}

}
?>

Output Screenshot Error

Chris Haas
  • 53,986
  • 12
  • 141
  • 274
Jenil Shah
  • 5
  • 3
  • The screenshot is missing. – Barmar Nov 22 '22 at 18:18
  • Your script is vulnerable to [SQL Injection Attack](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even if [you are escaping variables, its not safe](https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string%5D)! You should always use [prepared statements and parameterized queries](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either MYSQLI or PDO instead of concatenating user provided values into the query. – Barmar Nov 22 '22 at 18:18
  • Instead of all those nested `if` statements, you should use a loop. – Barmar Nov 22 '22 at 18:20
  • @Barmar Sorry! now I have added the screenshot. Actually, I am not good with the loop yet I'll try to do that but will it solve my image issue? I am new to the PHP language and just started a month ago. – Jenil Shah Nov 22 '22 at 18:32
  • 1
    For that very specific error message, it is the result of not passing nine `in_array()` tests. If you want to know which one is failing, you'll need to test each individually. `if(!in_array($image_ext1, $allow_type)){$_SESSION['msg'] = 'Not in array 1';}`. As noted, loops would greatly improve the readability of this code. – Chris Haas Nov 22 '22 at 18:39
  • Another thing I'd recommend is looking into the "returning early" pattern which helps reduce the number of nested `if` statements. Often this takes the form of inverting your logic, so instead of testing for true, and then testing something else for true, you test for false and return/exit upon failure. (As an aside, whenever you use `header` for a redirect, follow it by an `exit` to indicate that no additional code is expected to run. Doing that you can also see that `else` expressions aren't needed.) Here's a brief demo of return early with your code: https://3v4l.org/dYpEm – Chris Haas Nov 22 '22 at 18:50
  • @ChrisHaas Thank you the problem is with $allow_type I removed those and the error was gone but without the extension, the user can put any file type into the image. can you give any suggestions or else is my if statement is wrong. ? – Jenil Shah Nov 22 '22 at 18:54
  • @ChrisHaas Really thanks for the demo code. I'll look into it and will change the if statements to loop – Jenil Shah Nov 22 '22 at 18:58
  • @ChrisHaas As you gave me the demo code. I have a question in the forloop do I have to replicate for every image 'filename' => $_FILES['school_image_3']['name'] in the forloop or it will automatically look for the $filename1, $filename2, $filename3? – Jenil Shah Nov 22 '22 at 19:13
  • Put all the images in an array. So use `name="school_image[]"` for all of them, instead of different names for each. Then you can use a loop through the array of `$_FILES['school_image']` – Barmar Nov 22 '22 at 19:28
  • @JenilShah, sorry about that, I should have included the index in the loop, that was my mistake, here's what it should look like: https://3v4l.org/6TFXs – Chris Haas Nov 22 '22 at 21:26
  • @ChrisHaas Thanks for the code that you provide. I did as you showed me, here is the code [https://3v4l.org/24E1c](https://3v4l.org/24E1c). The image still shows the error (Image file type 1 is not allowed (only jpg, jpeg, png, webp, svg)). Please if you don't mind I have can you check the code that I have updated in forloop is it ok or I'm still doing something wrong? You may see some differences in the file because I don't test in the original file. – Jenil Shah Nov 23 '22 at 07:44
  • I’ve updated the code to offer a better error message which includes the found file extension: https://3v4l.org/FmfX1 – Chris Haas Nov 23 '22 at 12:39

0 Answers0