CODEWITHSUNDEEP
phpupload
Aoi
Aoi

Reputation: 1045

renaming the file before uploading in server

hey guys im wondering on how to rename a file specially image before uploading it into the servers folder to avoid same name of the file when uploaded and rewrite the file with same name with it. i tend to use the school_id as a file name for the image. here is the php code 

include_once('DBconnect.php');

session_start();
$school_id = $_SESSION['school_id'];


$name = $_FILES['file_path'] ['name'];
$size = $_FILES['file_path'] ['size'];
$type = $_FILES['file_path'] ['type'];

$extension = substr($name, strpos($name, '.')+1);

$max_size =3145728;

$temp_file = $_FILES['file_path'] ['tmp_name'];

if(isset($name)){

    if(!empty($name)){

        if(($extension == 'jpg' || $extension == 'jpeg') && ($type ==  'image/jpeg' || $type == 'image/jpg') && $size <= $max_size  ){



         if($school_id == 0){

            $location = 'uploads_images/super_admin/';





                                  move_uploaded_file($temp_file,$location.$name);

                     $insert_path = "INSERT INTO image_upload  (school_id,path_name) 
                                                     VALUES('$school_id','$name')";

                                $result2 = mysql_query($insert_path);
                                              if(@!$result2){
                                                    die('error header'.mysql_error());
                                                  }



                    echo "Success in uploading";


            }
            else{

                $location = 'uploads_images/schools/';




                                 move_uploaded_file($temp_file,$location.$name);

                     $insert_path = "INSERT INTO image_upload (school_id,path_name) 
                                        VALUES('$school_id','$name')";

                                        $result = mysql_query($insert_path);
                                          if(@!$result){
                                               die('error header'.mysql_error());
                                             }

                    echo "Success in uploading";





            }



        }
        else{

            echo "File type is too big or Incorrect file type";
        }


    }
    else{

            echo "Please Choose A JPEG File";
        }

}


?>

Upvotes: 0

Views: 3093

Answers (2)

Ruslan Polutsygan
Ruslan Polutsygan

Reputation: 4461

Do not trust client side filename.

You can pass new filename into move_uploaded_file function. I'd suggest you to do something like this:

$name=uniqid($school_id, true).$extension;
move_uploaded_file($temp_file,$location.$name);

uniqid is built in php function http://php.net/manual/en/function.uniqid.php

I hope this is helpful

Upvotes: 1

thescientist
thescientist

Reputation: 2948

You can use file_exists before the move determine if there will be a potential naming conflict. http://php.net/manual/en/function.file-exists.php

One option is to append a timestamp of some sort to the file name, to guarantee uniqueness.

Upvotes: 0

Related Questions