do-rami Posted July 26, 2022 Share Posted July 26, 2022 I'm new in programming field. I uploaded a form of html page, i have created two input field:- upload profile and signature which i 'm trying to insert these two field in different folders eg: profile in Uploads/profile/ and signature in Uploads/sign/. But its save only one field image not both. And also i have no idea how to save these two images with name of id(unique name) and Doctor name (input text field). For eg: in database doctor name: Amit, id: 31; so im trying to save image name is Amit31. please help me out. here is my php code: <?php require 'config.php'; if(isset($_POST['submit'])){ $file1 = $_FILES['doc_profile']['name']; $file_tmp1 = $_FILES['doc_profile']['tmp_name']; $pro = "Upload/Profile/" . $file1; $file2 = $_FILES['sign']['name']; $file_tmp2 = $_FILES['sign']['tmp_name']; $signature = "Upload/sign/" . $file2; $data= []; $data= [$file1,$file2]; $images= implode(' ',$data); $Name = $_POST['Name']; $gender = $_POST['gender']; $phone = $_POST['phone']; $location = $_POST['location']; $Qualification = $_POST['Qualification']; $Speciality = $_POST['Speciality']; $Experience = $_POST['Experience']; $License_No = $_POST['License_No']; $Email = $_POST['Email']; $Password = $_POST['Password']; //$Image = $_POST['Image']; //$Signature = $_POST['Signature']; header("Location: sign.html"); $sql = ("INSERT INTO doctor (Doctor_Name, gender, Phone, Location, Qualification, Speciality, Experience, License_No, Email, Password) value('$Name', '$gender', '$phone', '$location', '$Qualification', '$Speciality', '$Experience', '$License_No', '$Email', '$Password')"); $insertquery= mysqli_query($con, $sql); if($insertquery){ move_uploaded_file($file_tmp1, $pro); move_uploaded_file($file_tmp2, $signature); echo "success"; } else{ echo "ERROR: $sql <br> $con->error"; } $con->close(); } ?> Quote Link to comment Share on other sites More sharing options...
wongle Posted July 26, 2022 Share Posted July 26, 2022 Try using uniqid() in your path name. Mine looks like this - $path = $folder . uniqid().$image ; 1 Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted July 26, 2022 Share Posted July 26, 2022 It's been a while since I've dealt with file uploads. However, you should be able to use whatever file name you want in the second argument for move_uploaded_file(). For example, $pro is currently set to use the original file name provided by the user. Instead, you could move that definition before the call to move_uploaded_file(). Then set $pro to the doctor's name and the insert ID from the query. More information about getting the insert ID can be found here:https://www.php.net/manual/en/mysqli.insert-id.php In case you're not aware, move_uploaded_file() will overwrite files that already exist in the destination folders. More information about the function can be found here:https://www.php.net/manual/en/function.move-uploaded-file.php To potentially avoid this issue, you can use the following:https://www.php.net/manual/en/function.file-exists.php Also, if you haven't already, you'll want to look into prepared queries. That way you don't need to worry about your query above breaking when someone with a last name like O'Brien completes the form. Prepared queries will also protect your database from SQL Injection attacks. More information can be found here:https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php 1 Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted July 26, 2022 Share Posted July 26, 2022 I should also mention that you'll want to exercise caution when using anything provided by the user in the name of the file (e.g. doctor's name). That information could be used for filesystem attacks.https://www.php.net/manual/en/security.filesystem.php 1 Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted July 26, 2022 Share Posted July 26, 2022 one of the file uploads is failing, but because you don't have error checking and validation logic, you don't know if or why it is failing. the post method form processing code should - detect if a post method form has been submitted. do not attempt to test if the submit button is set. if the total size of the form data exceeds the post_max_size setting, both the $_POST and $_FILES arrays will be empty. you need to test for this condition and setup a message letting the user know that the form data was too large and could not be processed. if there is $_FILES data, you need to test the ['error'] element of each file to make sure it uploaded without any error before using any of the file data. there's a list of the error values at https://www.php.net/manual/en/features.file-upload.errors.php don't copy variables to other variables for nothing. this is just a waste of your time typing. just use the original variables. you need to validate all input data before using it, storing validation errors in an array using the field name as the array index. if an input is 'required' and it is an empty string or it must have a specific format, setup a unique message for each validation error telling the user what was wrong with the data value. after the end of all the validation logic, if there are no errors (the array holding the errors will be empty), use the submitted form data. using a prepared query (the PDO database extension is much simpler to use than the mysqli extension), insert the data and get the last insert id from that query. use the id as the file part of the filename. as already mentioned, user submitted data can be anything and should be carefully used or in this case not used at all as part of the filename. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.