0

good day , here i have a page that store data with some images in it , 3 images to be exact, 

    <?php 
    $brg            = $_POST['id'];
    $nama           = $_POST['nm'];
    $img            = $_FILES['img']['name'];
    $tmp            = $_FILES['img']['tmp_name'];
    $img1           = $_FILES['img1']['name'];
    $tmp1           = $_FILES['img1']['tmp_name'];
    $img2           = $_FILES['img2']['name'];
    $tmp2           = $_FILES['img2']['tmp_name'];

    $temp           = explode(".", $img);
    $temp1          = explode(".", $img1);
    $temp2          = explode(".", $img2);
    $new            = round(microtime(true)) . '.' . end($temp);
    $new1           = round(microtime(true)) . '.' . end($temp1);
    $new2           = round(microtime(true)) . '.' . end($temp2);
    $path           = "img/photo/".$new;
    $path1          = "img/photo/".$new1;
    $path2          = "img/photo/".$new2;
    move_uploaded_file($tmp, $path);
    move_uploaded_file($tmp1, $path1);
    move_uploaded_file($tmp2, $path2);

$c  = "insert into imgstuff values('$brg','$nama','$new','$new1','$new2');";

$ins=mysqli_query($con,$c);

if($ins){
header('location: test.php?success='.base64_encode('success'));
} else {
header('location: test.php?error='.base64_encode('failed'));
}
?>

code above works perfectly but as you can see it ends up horribly ugly and it produce same file name for three picture ,

my question, is there any ways to made my code cleaner and easy to maintain and whats wrong with my naming files method ?

Improve this question
7
  • Use a loop so there is less repeated code and use prepared statements - this is vulnerable to sql injection Commented Dec 6, 2017 at 8:36
  • 1
    'same file name' means? You can set unique names before uploading the files. Commented Dec 6, 2017 at 8:37
  • Get files in an array from html and just process it in loop. Thats it. Commented Dec 6, 2017 at 8:42
  • @FakhruddinUjjainwala yes , in database the filename ends up with something like "12121.jpg" , "12121.jpg" , "12121.jpg" Commented Dec 6, 2017 at 8:43
  • @xcloox Exactly! because all files have the same name 12121.jpg Commented Dec 6, 2017 at 8:45

2 Answers 2

Reset to default
1

Maybe 

round(microtime(true)) . '.' . end($temp);

return the same things because it's done almost at the same time. Can you try something like uuid or even a simple function such as

function getUniqFileName($end) {
    $token = md5(sha1(rand()));

    return sprintf($token%s, $end);
}

and then in your code

$new = getUniqFileName(end($temp));

That will give you a bit more uniq name very quickly ?

(Edit : removed the round which is quite useless in this case)

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Why make it so complex? Simply upload it using loop.
0

I'd be tempted to use a loop so that you do not repeat code unnecessarily and definitely to use prepared statements to avoid nasty unpleasantness from sql injection attacks

As for the new image name - there are many ways in which you can achieve a new, unique name - the method here is not necessarily going to be unique but it does at least incorporate the original filename so of the three images they should be unique. None of the below is tested btw but it might give you some ideas.

<?php
    if( isset( $_POST['id'], $_POST['nm'] ){

        $files=array();

        $sql='insert into `imgstuff` values (?,?,?,?,?)';
        $stmt=$con->prepare( $sql );

        if( $stmt ){

            for( $i=0; $i < 3; $i++ ){

                $obj = $i==0 ? (object)$_FILES[ 'img' ] : (object)$_FILES[ 'img' . $i ];
                $tmp=$obj->tmp_name;
                $name=$obj->name;

                $ext = pathinfo( $name,PATHINFO_EXTENSION );
                $new = round( microtime( true ) ) . '_' . $name . '.' . $ext;

                $path = "img/photo/$new";
                $status = is_uploaded_file( $tmp ) & move_uploaded_file( $tmp, $path );
                if( $status ) $files[] = $path;
            }

            if( count( $files )==count( $imgs ) ){

                $brg  = $_POST['id'];
                $nama = $_POST['nm'];

                $stmt->bind_param( 'issss', $brg, $nama, $files[0], $files[1], $files[2] );
                $stmt->execute();

                $rows=$stmt->affected_rows;
                $message=$rows!=0 ? 'success' : 'failed';

                header('location: test.php?success=' . base64_encode( $message ) );
            }
        }
    }
?>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.