How to rename file while uploading in php?

#1
  • I want to rename my file while upoading

  • This is my php code

                       <?php
    
                      if(isset($_POST["submit"])){
    
                       $name = $_POST['name'];
                       $time = date("d-m-Y")."-".time() ;
                      $targetDir = "images/";
                      $img = basename($_FILES["upload"]["name"]);
                      $file_name = $time."-".$img;
                      $targetFilePath = $targetDir . $file_name;
                    move_uploaded_file($_FILES["upload"]["tmp_name"], $targetFilePath);
                        if($name !== ''){
                        $query = mysqli_query($conn,"INSERT INTO acount(name,upload) values ('$name','$img')");
          }
       }
    

    ?>

I wanto save my file by the name like this profile_img_(id generated while inserting this particular row in database ).png or any format .
for ex profile_img_1.png for first record on database table
profile_img_2.png for 2nd record resp and so on
How can I rename it to get this in above way ?

#2

insert first, then use mysqli_insert_id to get that ID. You may need to update the row afterwards if you store the name within the database.

#3

I tried this like this

       $id = mysqli_insert_id($conn);
    $q = mysqli_query($conn , "UPDATE account set upload = 
     profile_image_id.'"$id."'.'".$img."'where id ='".$id."'");

its giving me syntax error , where I went wrong please guiude me

#4

Strings have to be escaped. Use Prepared Statements as following to avoid these errors:

https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php

#5

Typo again. What editor do you use for coding? I use Notepad++ and the colour highlighting shows up things like missing quotes (which you had in another thread).

But use prepared statements as @chorn said above. It’s time well spent.

#6

I am not able to fix it , please help

  • I have update some code below

                 $id = mysqli_insert_id($conn);
              $q = mysqli_query($conn , "UPDATE account set upload ='.$id.'.'.$img.'where id ='.$id.'");
    

But still not getting the correct output Where I am going wrong ? or how should be the query ?

#7

You’re mixing up single and double quotes in that query. If you use double-quotes to surround the string, you don’t need the . either side of the variables you are trying to concatenate. If you var_dump() the query string, what does it show? You should see where it is wrong, but you’ll have to assign it to a string first rather than directly into the query function.

$query = "update account set upload = // ... and so on
var_dump($query);
$result = mysqli_query($conn, $query);
if ($result) { // ... and so on

But seriously, as people keep suggesting, take a few minutes to learn about prepared statements as this is another problem you wouldn’t be having if you used them. Why don’t you want to do that?

#8

I also tried it , its not showing any error image is also uploading but not in the way I want to set it

         if (!($q = $conn->prepare("UPDATE account set upload ='.$id.$img.'where id ='.$id.'"))) {
      echo "Prepare failed: (" . $conn->errno . ") " . $conn->error;

}

I am trying this code

#9

You haven’t read the article that @chorn pointed you to - one of the key features of a prepared statement is that you do not concatenate variables into the query string (which I believe is what is causing your problem). Instead you use placeholders for each parameter, and pass them in after you have called prepare(). I don’t have any sample code for mysqli as I use PDO myself.

I know it sounds like a deviation from the job at hand, but it’s worth it IMO.

And what happens?

ETA - now I’ve read it, that link isn’t all that strong on examples dealing with updating a table. The principles are there, but there’s a bit to change. As I read it you’d do something like:

$query = "upload mytable set upload = ? where id = ?";
$q = $conn->prepare($query);
$q->bind_param("ss", $uploadvalue, $idvalue); // assuming both are strings
$q->execute();

So you just need to set the appropriate values for the two variables in the bind_param() function to theoretically get it working.

#10

Its not showing any error or notice after executing but still not getting the result I want

#11

See the sample code in the edit above.

What result is it getting? Please add more detail - it’s no good just saying “didn’t work” - you need to be more specific. Does it add something in that isn’t correct, or not update anything?

1 Like
#12

data is inserted properly but its not updating anything after inserting

#13

And if you try the prepared statement code I edited into my post a couple back? Obviously make the required changed to the table name and variables.

#14

Ask for errors:

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); // before connection