I got this upload script but when I want to run it, the page returns blank. There is something wrong, but I cannot figure out where the error is and how to fix it. I would appreciate if someone helped me to make this script work ! MANY thanks !
<?php
$allowedExts = array("jpg", "jpeg", "gif", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/png")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);
include 'db.php';
mysql_query("INSERT INTO `members`(img) VALUES ('$_FILES["file"]["name"]')");
include 'succes.php';
}
}
}
else
{
echo "Invalid file";
}
?>
Please, don’t use
mysql_*functions in new code. They are no longer maintained and the deprecation process has begun on it. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi – this article will help you decide which. If you choose PDO, here is a good tutorial.However, check that
upload/folder hasread and writepermissions and use this working code:See that using that code there’s an SQL injection vulnerability, I suggest you to prepare queries via
PDO.If you have to update an existing record use:
If you have to add new image to an existing member you could try: