How to rename file while uploading in php?

xcfx2888 · March 28, 2019, 5:56am

I want to rename my file while upoading

This is my php code

                   <?php

                  if(isset($_POST["submit"])){

                   $name = $_POST['name'];
                   $time = date("d-m-Y")."-".time() ;
                  $targetDir = "images/";
                  $img = basename($_FILES["upload"]["name"]);
                  $file_name = $time."-".$img;
                  $targetFilePath = $targetDir . $file_name;
                move_uploaded_file($_FILES["upload"]["tmp_name"], $targetFilePath);
                    if($name !== ''){
                    $query = mysqli_query($conn,"INSERT INTO acount(name,upload) values ('$name','$img')");
      }
   }

?>

I wanto save my file by the name like this profile_img_(id generated while inserting this particular row in database ).png or any format .
for ex profile_img_1.png for first record on database table
profile_img_2.png for 2nd record resp and so on
How can I rename it to get this in above way ?

chorn · March 28, 2019, 7:02am

insert first, then use mysqli_insert_id to get that ID. You may need to update the row afterwards if you store the name within the database.

xcfx2888 · March 28, 2019, 7:40am

I tried this like this

       $id = mysqli_insert_id($conn);
    $q = mysqli_query($conn , "UPDATE account set upload = 
     profile_image_id.'"$id."'.'".$img."'where id ='".$id."'");

its giving me syntax error , where I went wrong please guiude me

chorn · March 28, 2019, 7:55am

Strings have to be escaped. Use Prepared Statements as following to avoid these errors:

https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php

droopsnoot · March 28, 2019, 9:45am

Typo again. What editor do you use for coding? I use Notepad++ and the colour highlighting shows up things like missing quotes (which you had in another thread).

But use prepared statements as @chorn said above. It’s time well spent.

xcfx2888 · March 28, 2019, 12:14pm

I am not able to fix it , please help

I have update some code below

             $id = mysqli_insert_id($conn);
          $q = mysqli_query($conn , "UPDATE account set upload ='.$id.'.'.$img.'where id ='.$id.'");

But still not getting the correct output Where I am going wrong ? or how should be the query ?

droopsnoot · March 28, 2019, 12:23pm

You’re mixing up single and double quotes in that query. If you use double-quotes to surround the string, you don’t need the . either side of the variables you are trying to concatenate. If you var_dump() the query string, what does it show? You should see where it is wrong, but you’ll have to assign it to a string first rather than directly into the query function.

$query = "update account set upload = // ... and so on
var_dump($query);
$result = mysqli_query($conn, $query);
if ($result) { // ... and so on

But seriously, as people keep suggesting, take a few minutes to learn about prepared statements as this is another problem you wouldn’t be having if you used them. Why don’t you want to do that?

xcfx2888 · March 28, 2019, 12:37pm

I also tried it , its not showing any error image is also uploading but not in the way I want to set it

         if (!($q = $conn->prepare("UPDATE account set upload ='.$id.$img.'where id ='.$id.'"))) {
      echo "Prepare failed: (" . $conn->errno . ") " . $conn->error;

}

I am trying this code

droopsnoot · March 28, 2019, 12:39pm

You haven’t read the article that @chorn pointed you to - one of the key features of a prepared statement is that you do not concatenate variables into the query string (which I believe is what is causing your problem). Instead you use placeholders for each parameter, and pass them in after you have called prepare(). I don’t have any sample code for mysqli as I use PDO myself.

I know it sounds like a deviation from the job at hand, but it’s worth it IMO.

And what happens?

ETA - now I’ve read it, that link isn’t all that strong on examples dealing with updating a table. The principles are there, but there’s a bit to change. As I read it you’d do something like:

$query = "upload mytable set upload = ? where id = ?";
$q = $conn->prepare($query);
$q->bind_param("ss", $uploadvalue, $idvalue); // assuming both are strings
$q->execute();

So you just need to set the appropriate values for the two variables in the bind_param() function to theoretically get it working.

xcfx2888 · March 28, 2019, 12:52pm

Its not showing any error or notice after executing but still not getting the result I want

droopsnoot · March 28, 2019, 12:53pm

See the sample code in the edit above.

What result is it getting? Please add more detail - it’s no good just saying “didn’t work” - you need to be more specific. Does it add something in that isn’t correct, or not update anything?

xcfx2888 · March 28, 2019, 1:00pm

data is inserted properly but its not updating anything after inserting

droopsnoot · March 28, 2019, 1:02pm

And if you try the prepared statement code I edited into my post a couple back? Obviously make the required changed to the table name and variables.

chorn · March 28, 2019, 2:26pm

Ask for errors:

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); // before connection

system · August 20, 2019, 7:21pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.