Empty field still sending information

Question

I have a field that is not required its for a image upload.. the issue is that if the user don't add a image it still adds the the renamed image with no ext.

so basically it puts a name in the database

     if (isset($_POST['submit'])) {

         $Name = $_POST['name'];
         $Description = $_POST['description']; 

         $file = $_FILES['photo']['name'];
         $ext = pathinfo($file, PATHINFO_EXTENSION);
         $rename_image = generate_random(12);
         $file_loc = $_FILES['photo']['tmp_name'];
         $file_type = $_FILES['photo']['type'];
         $file_size = $_FILES['photo']['size'];
         $newFilename = $rename_image . '.' . $ext;
         $folder = "../uploads/"; 

         if (empty($Name)) {
             $errors[] = "Name Required.";
         }

         if (!empty($_FILES['photo']['name'])) { 
         }

         if (($file_size > 2097152)) {

             echo validation_errors("Your avatar exceeds file size");
         } elseif (($file_type != "image/jpeg") && ($file_type != "image/jpg") && ($file_type != "image/gif") && ($file_type != "image/png")) {

             echo validation_errors("Invalid image format.");     


         if (!empty($errors)) {
             echo validation_errors($errors[0]);

         } else {

        move_uploaded_file($file_loc, $folder.$newFilename);

        $db = dbconnect();
        $stmt = $db->prepare("INSERT INTO discussion_categories(Name, Description, Photo) VALUES (?,?,?)");
        $stmt->bind_param('sss', $Name, $Description, $newFilename);
        $stmt->execute();        
        $stmt->close(); 

        header("Location: managecategories.php");

    }
  }
}

Answer 1

Check if the parameter variable is set before using it.

if (!empty($_FILES['photo']['name'])) {
     $file = $_FILES['photo']['name'];
     $ext = pathinfo($file, PATHINFO_EXTENSION);
     $rename_image = generate_random(12);
     $file_loc = $_FILES['photo']['tmp_name'];
     $file_type = $_FILES['photo']['type'];
     $file_size = $_FILES['photo']['size'];
     $newFilename = $rename_image . '.' . $ext;
     $folder = "../uploads/"; 

     if (empty($Name)) {
         $errors[] = "Name Required.";
     }

     if (($file_size > 2097152)) {

         echo validation_errors("Your avatar exceeds file size");
     } elseif (($file_type != "image/jpeg") && ($file_type != "image/jpg") && ($file_type != "image/gif") && ($file_type != "image/png")) {

         echo validation_errors("Invalid image format.");     


     if (!empty($errors)) {
         echo validation_errors($errors[0]);

     } else {

    move_uploaded_file($file_loc, $folder.$newFilename);

    $db = dbconnect();
    $stmt = $db->prepare("INSERT INTO discussion_categories(Name, Description, Photo) VALUES (?,?,?)");
    $stmt->bind_param('sss', $Name, $Description, $newFilename);
    $stmt->execute();        
    $stmt->close(); 

    header("Location: managecategories.php");
}

Answer 2

Check if file exists or is uploaded using file_exists or/and is_uploaded_file functions.

if(file_exists($_FILES['photo']['tmp_name']) || is_uploaded_file($_FILES['photo']['tmp_name']) {
    $file = $_FILES['photo']['name'];
    $ext = pathinfo($file, PATHINFO_EXTENSION);
    $rename_image = generate_random(12);
    $file_loc = $_FILES['photo']['tmp_name'];
    $file_type = $_FILES['photo']['type'];
    $file_size = $_FILES['photo']['size'];
    $newFilename = $rename_image.
    '.'.$ext;
    $folder = "../uploads/";

    if (($file_size > 2097152)) {
        echo validation_errors("Your avatar exceeds file size");
    }
    else if(($file_type != "image/jpeg") && ($file_type != "image/jpg") && ($file_type != "image/gif") && ($file_type != "image/png")) {
        echo validation_errors("Invalid image format.");
    }
    else {
        move_uploaded_file($file_loc, $folder.$newFilename);
    }
}