-3

Images are not getting saved in the specified path. But it is showing in the table.

<?php
    include("dbconfig.php");
    $date=$_POST['date'];
    $type=$_POST['type'];
    $name=$_POST['fname'];
    $filename=md5(time()).$_FILES['photo']['name'];
    $tmpname=$_FILES['photo']['tmp_name'];
    move_uploaded_file($tmpname,"myphoto/".$filename);
    $sql="insert into eventmay2022(date,type,fname,photo)
    values('$date','$type','$name','$filename')";
    mysqli_query($conn,$sql);
    header("location:index.php");
?>



<tr><td class="user-entry">Upload your photo</td><td class="user-entry"><input type="file" name="photo" value="file"></td></tr>
            <tr><td></td><td class="user-entry"><button id="submit" type="submit">Submit</button><button onclick="event.preventDefault();" id="cancel">Cancel</button></td></tr>

enter image description here

enter image description here

Your valuable support would be greatly appreciated.

user3079987
  • 11
  • 2
  • 2
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman May 26 '22 at 09:57
  • 1
    Turn on PHP error reports and make sure warnings are enabled too. Then also check whether move_uploaded_file returns true or false. Then read the documentation: https://www.php.net/manual/en/function.move-uploaded-file.php to learn what can cause this function to fail, and what it will do in each case. Then examine your system for these potential causes. Just from the code alone we cannot tell what the exact issue will be. And yeah, fix your vulnerable SQL query too! – ADyson May 26 '22 at 10:16
  • 1
    Also your code is not actually checking whether the uploaded file is valid or not. Review https://www.php.net/manual/en/features.file-upload.post-method.php and note the bit about the error code in $_FILES. Write some code to check this value before trying to save the file. And you can look up the meaning of any error messages at https://www.php.net/manual/en/features.file-upload.errors.php. If your upload has an error then clearly move_uploaded_file will fail. P.S. Really there are so many file upload example scripts online already, you shouldn't need to start from scratch again like this! – ADyson May 26 '22 at 10:19
  • It was an issue with the permission to that particular folder in the hosted server. I have enabled certain settings and it works fine now. Thanks for your time. – user3079987 May 26 '22 at 11:00

0 Answers0