Unique file name when uploading using uniqid()

Question

I am trying to upload images from a cell phone and display them on a gallery page. I need each file name to be unique or images will overwrite themselves. I have the following code where $new_image_name is suggested from this topic but I can't seem to get it to work:

if ($_FILES["image"]["error"] > 0) {

    //Bad Output for form results red text
    echo "Error: NO CHOSEN FILE 
";
    echo"INSERT TO DATABASE FAILED";

} else {
    $new_image_name = 'image_' . date('Y-m-d-H-i-s') . '_' . uniqid() . '.jpg';
    move_uploaded_file($_FILES["image"]["tmp_name"],"images/".$new_image_name);
    $file="images/".$new_image_name);
    $image_title = addslashes($_REQUEST['image_title']);
    $sql="INSERT INTO images (name, image, description) VALUES ('','$file','$image_title')";
    if (!mysql_query($sql)) {
        die('Error: ' . mysql_error());
    }

    //Good Output for form results green text   
    echo '
     

        
            Success!
            Your file has been successfully uploaded!
             
    ';
}
mysql_close();

This was my code prior to adding uniqid() which worked fine except the images overwrote each other

    } else {

    move_uploaded_file($_FILES["image"]["tmp_name"],"images/" . $_FILES["image"]["name"]);
    $file="images/".$_FILES["image"]["name"];
    $image_title = addslashes($_REQUEST['image_title']);
    $sql="INSERT INTO images (name, image, description) VALUES ('','$file','$image_title')";
    if (!mysql_query($sql)) {
        die('Error: ' . mysql_error());
    }

    //Good Output for form results green text   
    echo '
     
        
            Success!
            Your file has been successfully uploaded!
             
    ';
}
mysql_close();

Kuya · Accepted Answer

You should really get into the habit of using error checking. As your code sits right now I can upload ANYTHING and your code will save it as a jpg image.

Start by checking to see if the user even selected a file for upload.

Then compare the file type to a predetermined list of allowed file types.

Then save it as the file type that was uploaded. Which may not always be a jpg. As your code sits right now, if I upload a gif or png file... it will save it as a jpg. Thereby rendering the image useless because it is not a jpg.

Your upload process with error checking...


ERROR: Please select an image before clicking the upload button.

Try again');
} else {

// This is the allowed list (images only)
$acceptable = array(
        'image/jpeg',
        'image/jpg',
        'image/jpe',
        'image/gif',
        'image/png'
);

// check to see if the file being uploaded is in our allowed list
if(!in_array($_FILES['image']['type'], $acceptable) && !empty($_FILES["image"]["type"])) { // Is file type in the allowed list
        die ('
Invalid file type. Only JPEG, JPG, JPE, GIF and PNG types are allowed.

Try again');

} else {

if ($_FILES["image"]["error"] > 0) {

    //Bad Output for form results red text
    echo "Error: NO CHOSEN FILE 
";
    echo"INSERT TO DATABASE FAILED";

} else {
    $new_image_name = 'image_' . date('Y-m-d-H-i-s') . '_' . uniqid() . '.'.$type;
    move_uploaded_file($_FILES["image"]["tmp_name"],"images/".$new_image_name);
    $file="images/".$new_image_name;
    $image_title = addslashes($_REQUEST['image_title']);
    $sql="INSERT INTO images (name, image, description) VALUES ('','$file','$image_title')";
    if (!mysql_query($sql)) {
        die('Error: ' . mysql_error());
    }

    //Good Output for form results green text   
    echo '
        

        Success!
        Your file has been successfully uploaded!
        
';
mysql_close();
} // end if no errors
} // end if in allowed list
} // end if no file selected
} // end if form submitted
?>

The form...

One final note... Do yourself a favor and stop using mysql. Start using pdo_mysql instead. mysql was deprecated in PHP version 5.5 and totally removed in PHP version 7. If you're using mysql code, your code will soon stop functioning completely.

Unique file name when uploading using uniqid()

Answers (2)

Related Questions