0
votes

I am unable to see any image uploaded in the target folder. I also tried if (move_uploaded_file($HTTP_POST_FILES['memphoto']['tmp_name'], $target.$HTTP_POST_FILES['memphoto']['name'])) instead of if(copy($_FILES['photo']['tmp_name'], $uploadimages)) but didn't get any result. Can anybody help me.

<?php
  if ((isset($_FILES['photo']) && ($_FILES['photo']['size'] > 0)) 
  {
   $typ = $_FILES['photo']['type'];
   if($typ == "image/gif" || $typ == "image/png" || $typ == "image/jpeg" || $typ ==  "image/pgif" || $typ == "image/ppng" || $typ =="image/pjpeg" || $typ =="image/jpg")
   {
        $uploaddir = "images/";
        $uploadimages = $uploaddir.basename($_FILES['photo']['name']);
        if(copy($_FILES['photo']['tmp_name'], $uploadimages))
        {
           echo "File successfully copied";
           $query = "UPDATE $tbl_name SET photo='$uploadimages WHERE ID='$ID' ";
           if (!mysql_query($query))
           {
              die('Error: ' . mysql_error());
              mysql_close();
           }
        }
        else{echo "Copy unsuccessful";}
    }
    else{
                echo "Incorrect file type";
    }             

  }
  else {
  echo "No Photo/Signature file selected/uploaded.";
   }
?>
2
Did you check your error log?Maerlyn
You should really check $_FILES['photo']['error'] before doing anything with the uploaded file. And it is highly recommended to use move_uploaded_file() instead of copy().Till Helge
is your target directory writable?Andreas
Your script seems to be vulnerable to SQL injection and to arbitrary file upload, including PHP files.Gumbo

2 Answers

0
votes

I always use move_uploaded_file() to move the uploaded image to the target directory.

$uploadimages = $uploaddir.$_FILES['photo']['name'];
if(move_uploaded_file($_FILES['photo']['tmp_name'], $uploadimages)){
    echo 'uploaded';
}else{
    echo 'upload failed';
}

Make sure you have enctype="multipart/form-data" in your form tag.

<form method="post" enctype="multipart/form-data">
0
votes

index.php

    <form action="<?php echo $_SERVER["PHP_SELF"];?>" method="POST" enctype="multipart/form-data">
      Select image to upload:
      <input type="file"   name="photo" />
      <input type="submit" name="submit" value="Upload Image" />
    </form>

<?php
  $file_dir  = "uploads";

  /* Check if folder not exists, then create it */
  if (!file_exists($file_dir)) {
    mkdir($file_dir, 0777, true);
  }

  if (isset($_POST["submit"])) {    

    $file_name   = $_FILES['photo']['name'];
    $file_size   = $_FILES['photo']['size'];
    $file_tmp    = $_FILES['photo']['tmp_name'];
    $file_error  = $_FILES['photo']['error'];
    $file_type   = $_FILES['photo']['type'];

    /* check if files error = 0 [there are file uploaded] */
    if ($file_error === UPLOAD_ERR_OK) {

      /* location file save */
      $file_target = $file_dir .  DIRECTORY_SEPARATOR .  $file_name; /* DIRECTORY_SEPARATOR = / or \ */

      $file_secure = array('image/gif', 'image/pgif', 'image/png', 'image/ppng', 'image/jpeg', 'image/pjpeg', 'image/jpg');

      $errors = [];

      /* Check if file already exists */
      if (file_exists($file_target)) {
        $errors[] = "Sorry, <strong>{$file_name}</strong> already exists.";
      }

      /* Check file size */
      if ($file_size == 0) {
        $errors[] = "Sorry, <strong>{$file_name}</strong> = {$file_size}";
      }

      /* Check current file formats with file secure */
      if (in_array($file_type, $file_secure) === false) {
        $errors[] = "Sorry, <strong>{$file_current}</strong> type not allowed";         
      }

      /* Check if image file is a actual image or fake image ['mime'] */            
      if (getimagesize($file_tmp) == false) {
        $errors[] = "Sorry, <strong>{$file_name}</strong> is not an image.";
      }

      /* Check for Error */
      if (!empty($errors)) {                            

        /* Check errors and display them */                 
        foreach ($errors as $key => $value) {
          echo "$key = $value <br />";
        }

        echo "<br />";
        echo "<strong>{$file_name}</strong> could not uploaded. <hr />";                            

      /* if everything is ok, try to upload file */
      } else {

        if (move_uploaded_file($file_tmp, $file_target)) {

          echo "<strong>{$file_name}</strong> successfully copied.";

          /* update file_target into database */                                    
          $query = "UPDATE {$tbl_name} SET photo={$file_target} WHERE ID={$ID} ";
          if (!mysql_query($query)) {
            die('Error: ' . mysql_error());
            mysql_close();
          } else {
            echo "<strong>{$file_name}</strong> has been save into database.";                                          
          }                                 

        } else {

          echo "Sorry, <strong>{$file_name}</strong> UNsuccessfully copied.";

        }

      }                 

    /* check if files error = 4 [there are NOT file uploaded] */                    
    } else { /* UPLOAD_ERR_NO_FILE */

      echo "No file was uploaded";

    }

  }    
?>