Jump to content

php two input field save in different folder in server and image save as a name of unique name(id) with Name of input text field


Recommended Posts

I'm new in programming field. I uploaded a form of html page, i have created two input field:- upload profile and signature which i 'm trying to insert these two field in different folders eg: profile in Uploads/profile/ and signature in Uploads/sign/. But its save only one field image not both.

And also i have no idea how to save these two images with name of id(unique name) and Doctor name (input text field). For eg: in database doctor name: Amit, id: 31; so  im trying to save image name is Amit31. please help me out.

here is my php code:

<?php

    require 'config.php';

    if(isset($_POST['submit'])){

       

    $file1 = $_FILES['doc_profile']['name'];

    $file_tmp1 = $_FILES['doc_profile']['tmp_name'];

    $pro = "Upload/Profile/" . $file1;

   

    $file2 = $_FILES['sign']['name'];

    $file_tmp2 = $_FILES['sign']['tmp_name'];

    $signature = "Upload/sign/" . $file2;

 

    $data= [];

    $data= [$file1,$file2];

    $images= implode(' ',$data);

 

    $Name = $_POST['Name'];

    $gender = $_POST['gender'];

    $phone = $_POST['phone'];

    $location = $_POST['location'];

    $Qualification = $_POST['Qualification'];

    $Speciality = $_POST['Speciality'];

    $Experience = $_POST['Experience'];

    $License_No = $_POST['License_No'];

    $Email = $_POST['Email'];

    $Password = $_POST['Password'];

    //$Image = $_POST['Image'];

    //$Signature = $_POST['Signature'];

    header("Location: sign.html");

   

    $sql = ("INSERT INTO doctor (Doctor_Name, gender, Phone, Location, Qualification, Speciality, Experience, License_No, Email, Password) value('$Name', '$gender', '$phone', '$location', '$Qualification', '$Speciality', '$Experience', '$License_No', '$Email', '$Password')");

    $insertquery= mysqli_query($con, $sql);

    if($insertquery){

       

        move_uploaded_file($file_tmp1, $pro);

        move_uploaded_file($file_tmp2, $signature);

        echo "success";

    }

    else{

        echo "ERROR: $sql <br> $con->error";

        }  

    $con->close();

}

?>

Screenshot 2022-07-25 131741.png

It's been a while since I've dealt with file uploads. However, you should be able to use whatever file name you want in the second argument for move_uploaded_file(). For example, $pro is currently set to use the original file name provided by the user. Instead, you could move that definition before the call to move_uploaded_file(). Then set $pro to the doctor's name and the insert ID from the query. More information about getting the insert ID can be found here:
https://www.php.net/manual/en/mysqli.insert-id.php

In case you're not aware, move_uploaded_file() will overwrite files that already exist in the destination folders. More information about the function can be found here:
https://www.php.net/manual/en/function.move-uploaded-file.php

To potentially avoid this issue, you can use the following:
https://www.php.net/manual/en/function.file-exists.php

 

 

Also, if you haven't already, you'll want to look into prepared queries. That way you don't need to worry about your query above breaking when someone with a last name like O'Brien completes the form. Prepared queries will also protect your database from SQL Injection attacks. More information can be found here:
https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php

  • Like 1

I should also mention that you'll want to exercise caution when using anything provided by the user in the name of the file (e.g. doctor's name). That information could be used for filesystem attacks.
https://www.php.net/manual/en/security.filesystem.php

  • Like 1

one of the file uploads is failing, but because you don't have error checking and validation logic, you don't know if or why it is failing.

the post method form processing code should -

  1. detect if a post method form has been submitted. do not attempt to test if the submit button is set.
  2. if the total size of the form data exceeds the post_max_size setting, both the $_POST and $_FILES arrays will be empty. you need to test for this condition and setup a message letting the user know that the form data was too large and could not be processed.
  3. if there is $_FILES data, you need to test the ['error'] element of each file to make sure it uploaded without any error before using any of the file data. there's a list of the error values at https://www.php.net/manual/en/features.file-upload.errors.php
  4. don't copy variables to other variables for nothing. this is just a waste of your time typing. just use the original variables.
  5. you need to validate all input data before using it, storing validation errors in an array using the field name as the array index. if an input is 'required' and it is an empty string or it must have a specific format, setup a unique message for each validation error telling the user what was wrong with the data value.
  6. after the end of all the validation logic, if there are no errors (the array holding the errors will be empty), use the submitted form data.
  7. using a prepared query (the PDO database extension is much simpler to use than the mysqli extension), insert the data and get the last insert id from that query. use the id as the file part of the filename. as already mentioned, user submitted data can be anything and should be carefully used or in this case not used at all as part of the filename.
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.