0

I recently wrote code in php to upload image/file via move_upload_file() like this:

if (isset($_POST["title"]) && isset($_POST["content"]) && isset($_POST["category"])) {

        //if (!isset($_POST[]))
        $title = $_POST['title'];
        $desc = $_POST['content'];
        $lat = $_POST['latitude'];
        $long = $_POST['longitude'];
        $category = $_POST['category'];
        $image = $_POST['userfile'];

        if(isset($_FILES['userfile'])) {

            $fileName = $_FILES['Filename']['name'];
            $target = "uploads/"; 
            $fileTarget = $target.$fileName; 
            $tempFileName = $_FILES["Filename"]["tmp_name"];

            $result = move_uploaded_file($_FILES["Filename"]["tmp_name"],$fileTarget);

            /*
            *   If file was successfully uploaded in the destination folder
            */
            if($result) { 
                header('Location: post.php?success'); 
                $query = "INSERT INTO public_info (title, content, category, imagePath) VALUES ('$title','$desc','$category', '$fileTarget')";
                $link->query($query) or die("Error : ".mysqli_error($link)); 
                }
            else { 
                header('Location: post.php?errimg'); 
                }
            mysqli_close($link);
        }
        else {
            $query = "INSERT INTO public_info (title, content, category) VALUES ('$title','$desc','$category')"; 

            $result = mysqli_query($link, $query);

            if ($result) {
                header('Location: post.php?success');
            }

            else {
                header('Location: post.php?error');
            }
        }
        // $query = "INSERT INTO public_info (title, content, category) VALUES ('$title','$desc','$category')";   
    }

and the form like this in html

<form enctype="multipart/form-data" action="getPublicInfo.php" method="post" class="form">
				<?php if($result) {echo $hasil;} ?>            
                <div class="form-group">
					<label> Judul </label>
						<input type="text" name="title" class="form-control" placeholder="title" required/>
				</div>
				<div class="form-group">
					<label> Description </label>
						<textarea type="text" name="content" class="form-control" required rows="3"> </textarea>
				</div>
                <div class="form-group">
					<label> Pick a category </label><br>
						<label class="radio-inline">
                            <input type="radio" name="category" value="1"/> Headlines
                        </label>
                        <label class="radio-inline">
                            <input type="radio" name="category" value="2"/> Event
                        </label>
                        <label class="radio-inline">
                            <input type="radio" name="category" value="3" checked/> Info lain
                        </label>
				</div>
				<!--store image-->
				<input name="MAX_FILE_SIZE" value="10000000" type="hidden">
				<div class="form-group">
					<label> Upload an image </label>
						<input name="userfile" type="file">
				</div>
				<input value="Submit" type="submit" class="btn btn-default">
			</form>

but this code shows the Location: post.php?errimg that actually is going to pop up an error. Anyone can help? Thanks.

Improve this question
2
  • The first line can be optimized by using only 1 isset(), and the SQL is vulnerable to SQL Injection. Commented Jul 27, 2016 at 9:18
  • @Raptor yes it is vulnerable to SQL Injection, later i will try to prevent it Commented Jul 27, 2016 at 9:22

1 Answer 1

Reset to default
2

you have used the wrong variable HERE:

$fileName = $_FILES['Filename']['name'];
$target = "uploads/"; 
$fileTarget = $target.$fileName; 
$tempFileName = $_FILES["Filename"]["tmp_name"];
$result = move_uploaded_file($_FILES["Filename"]["tmp_name"],$fileTarget);

USE: 

$fileName = $_FILES['userfile']['name'];
$target = "uploads/"; 
$fileTarget = $target.$fileName; 
$tempFileName = $_FILES["userfile"]["tmp_name"];

$result = move_uploaded_file($_FILES["userfile"]["tmp_name"],$fileTarget);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.