Multiple image upload PHP

Air_Mineral · October 3, 2016, 8:14am

I have a code like below. My intent is to upload two images, but with the code uploaded image is the same image. How to keep the uploaded image can be distinguished?

<?php
session_start();
if (empty($_SESSION['username']) AND empty($_SESSION['password'])){
	echo "<script language='javascript'>alert('Login terlebih dahulu untuk melakukan konten manajemen');
					window.location = '../login.php'</script>";
}
else{
include "../../../config/koneksi.php";
include "../../../config/fungsi_thumb.php";


$module=$_GET[app];
$act=$_GET[act];

// Hapus 
if ($module=='kodam3' AND $act=='hapus'){
  $data=mysql_fetch_array(mysql_query("SELECT gambar FROM kodam3 WHERE nrp='$_GET[id]'"));
  if ($data['gambar']!=''){
     mysql_query("DELETE FROM kodam3 WHERE nrp='$_GET[id]'");
     unlink("../../../foto/$_GET[namafile]");   
     unlink("../../../foto/small_$_GET[namafile]");   
  }
  else{
     mysql_query("DELETE FROM kodam3 WHERE nrp='$_GET[id]'");
  }
  header('location:../../beranda.php?app='.$module);
  mysql_query("DELETE FROM kodam3 WHERE nrp='$_GET[id]'");
  header('location:../../beranda.php?app='.$module);
}

//cari


// Input foto personil
elseif ($module=='kodam3' AND $act=='input'){
	
  $lokasi_file    = $_FILES['fupload' ]['tmp_name'];
  $tipe_file      = $_FILES['fupload' ]['type'];
  $nama_file      = $_FILES['fupload' ]['name'];
  $acak           = rand(1,99);
  $nama_file_unik = $acak.$nama_file; 
	
  $lokasi_fileh    	= $_FILES['fuploadrh']['tmp_name'];
  $tipe_fileh     	= $_FILES['fuploadrh']['type'];
  $nama_fileh    	= $_FILES['fuploadrh']['name'];
  $acak          	= rand(1,99);
  $nama_file_unikh 	= $acak.$nama_fileh; 
	
	//uppercase
	$gede 		= strtoupper($_POST['nama']);
	$tlahirgede	= strtoupper($_POST['tlahir']);
	$ketgede	= strtoupper($_POST['ket']);
	$tglgede	= strtoupper($_POST['tgllahir']);
 
   // Apabila ada gambar yang diupload
  if (!empty($lokasi_file)){
   // UploadImage($nama_file_unik);
	UploadImage($nama_file_unik,'../../../foto/',300,120);
	UploadImage($nama_file_unikh,'../../../foto/',300,120);
	$tgl=$_POST[hari].'-'.$_POST[bulan].'-'.$_POST[tahun];
    mysql_query("INSERT INTO kodam3(nama,
									pangkat,
									korps,
									nrp,
									jabatan, 
									ahsan,
									kelamin,
									kesatuan, 
									tlahir,
									tgllahir, 
									agama, 
									tmt_tni, 
									tmt_pangkat,
									tmt_jabatan,
									sus_sandi,
									ket,
                                    gambar,
									gambarh
									) 
                            VALUES('$gede',
									'$_POST[pangkat]',
									'$_POST[korps]',
									'$_POST[nrp]',
									'$_POST[jabatan]',
									'$_POST[ahsan]',
									'$_POST[kelamin]',
									'$_POST[kesatuan]',
									'$tlahirgede',
									'$tglgede',
									'$_POST[agama]',
									'$tgl',
									'$tgl',
									'$tgl',
									'$_POST[sus_sandi]',
									'$ketgede',
									'$nama_file_unik',
									'$nama_file_unikh'
									)");
  header('location:../../beranda.php?app='.$module);
  }
  else{
  mysql_query("INSERT INTO kodam3(nama,
									pangkat,
									korps,
									nrp,
									jabatan, 
									ahsan,
									kelamin,
									kesatuan, 
									tlahir,
									tgllahir, 
									agama, 
									tmt_tni, 
									tmt_pangkat,
									tmt_jabatan,
									sus_sandi,
									ket,
                                    gambar,
									gambarh
									) 
                            VALUES('$gede',
									'$_POST[pangkat]',
									'$_POST[korps]',
									'$_POST[nrp]',
									'$_POST[jabatan]',
									'$_POST[ahsan]',
									'$_POST[kelamin]',
									'$_POST[kesatuan]',
									'$tlahirgede',
									'$tglgede',
									'$_POST[agama]',
									'$tgl',
									'$tgl',
									'$tgl',
									'$_POST[sus_sandi]',
									'$ketgede',
									'$nama_file_unik',
									'$nama_file_unikh'
									)");
  header('location:../../beranda.php?app='.$module);
  }
}



// Update 
elseif ($module=='kodam3' AND $act=='update'){
 
  $lokasi_file    = $_FILES['fupload']['tmp_name'];
  $tipe_file      = $_FILES['fupload']['type'];
  $nama_file      = $_FILES['fupload']['name'];
  $acak           = rand(1,99);
  $nama_file_unik = $acak.$nama_file; 
	
	
	//uppercase
	$gede 		= strtoupper($_POST['nama']);
	$tlahirgede	= strtoupper($_POST['tlahir']);
	$ketgede	= strtoupper($_POST['ket']);
	$tglgede	= strtoupper($_POST['tgllahir']);
	
	//input foto rh
	$lokasi_fileh    	= $_FILES['fuploadrh']['tmp_name'];
	$tipe_fileh   		= $_FILES['fuploadrh']['type'];
	$nama_fileh      	= $_FILES['fuploadrh']['name'];
	$acakh           	= rand(1,99);
	$nama_file_unikh 	= $acakh.$nama_fileh; 
  // Apabila ada gambar yang diupload
  
  if (!empty($lokasi_file)){
   // UploadImage($nama_file_unik);
	UploadImage($nama_file_unik,'../../../foto/',300,120);
	$tgl=$_POST[hari].'-'.$_POST[bulan].'-'.$_POST[tahun];
    mysql_query("INSERT INTO kodam3(nama,
									pangkat,
									korps,
									nrp,
									jabatan, 
									ahsan,
									kelamin,
									kesatuan, 
									tlahir,
									tgllahir, 
									agama, 
									tmt_tni, 
									tmt_pangkat,
									tmt_jabatan,
									sus_sandi,
									ket,
                                    gambar,
									gambarh
									) 
                            VALUES('$gede',
									'$_POST[pangkat]',
									'$_POST[korps]',
									'$_POST[nrp]',
									'$_POST[jabatan]',
									'$_POST[ahsan]',
									'$_POST[kelamin]',
									'$_POST[kesatuan]',
									'$tlahirgede',
									'$tglgede',
									'$_POST[agama]',
									'$tgl',
									'$tgl',
									'$tgl',
									'$_POST[sus_sandi]',
									'$ketgede',
									'$nama_file_unik',
									'$nama_file_unikh'
									)");
  header('location:../../beranda.php?app='.$module);
  }
  else{
  mysql_query("INSERT INTO kodam3(nama,
									pangkat,
									korps,
									nrp,
									jabatan, 
									ahsan,
									kelamin,
									kesatuan, 
									tlahir,
									tgllahir, 
									agama, 
									tmt_tni, 
									tmt_pangkat,
									tmt_jabatan,
									sus_sandi,
									ket,
                                    gambar,
									gambarh) 
                            VALUES('$gede',
									'$_POST[pangkat]',
									'$_POST[korps]',
									'$_POST[nrp]',
									'$_POST[jabatan]',
									'$_POST[ahsan]',
									'$_POST[kelamin]',
									'$_POST[kesatuan]',
									'$tlahirgede',
									'$tglgede',
									'$_POST[agama]',
									'$tgl',
									'$tgl',
									'$tgl',
									'$_POST[sus_sandi]',
									'$ketgede',
									'$nama_file_unik',
									'$nama_file_unikh'
									)");
  header('location:../../beranda.php?app='.$module);
  }
 
}}
?>

SpacePhoenix · October 3, 2016, 8:53am

You’re a sitting duck for SQL injection attacks with that code:

User submitted data us used in a query with no validation done on it
Prepared statements should always be used when dealing with user submitted data that has been validated
The mysql_* extension that you’ve used was removed from PHP as of version 7. You should now be using either the mysqli_* extension (note the i there) or PDO

system · January 2, 2017, 3:53pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Multiple upload images PHP and Mysql PHP	5	3698	May 26, 2016
How to upload two different image with two browse button and single submit button PHP html5 , mysql	4	7444	August 31, 2018
Same file being uploaded when two have been chosen for upload PHP	4	1033	May 3, 2022
How to upload multiple images using for each loop? PHP	12	19512	October 4, 2017
Multiple image upload problem PHP wordpress	34	5838	February 5, 2019

Multiple image upload PHP

Related topics