Hello guys,
i have been trying for some days now to make it possible for each user in my website to only upload a maximum of 4 images and when ever he/she wants to upload the fifth image an error massage would be echoed telling the user that The maximum image to be uploaded have reached and cannot exceed 4 image
Below is the sample of the code on form submit
if (isset($_POST['upload'])) {
// if upload button on the form is clicked
// name of the uploaded file
$filename = $_FILES['photo']['name'];
//location
$destination = '../images/business.cover/' . $filename;
// get the file extension
$extension = pathinfo($filename, PATHINFO_EXTENSION);
// the physical file on a temporary uploads directory on the server
$file = $_FILES['photo']['tmp_name'];
$size = $_FILES['photo']['size'];
// get id
$id=$_GET['id'];
//check is form is empty
if(empty($_POST['photo'])){
$cover_msg= "<div class='alert alert-danger'>Empty cover phto field</div>";
}
//check file extension and maximum file size
if (!in_array($extension, ['jpg', 'gif', 'jpeg','png'])) {
$cover_msg= "<div class='alert alert-danger'>You file extension must be .jpg .jpeg .gif .png</div>";
} elseif ($_FILES['photo']['size'] > 50000000) { // file shouldn't be larger than 1Megabyte
$cover_msg= "<div class='alert alert-danger'>File too large!</div>";
} else {
// move the uploaded (temporary) file to the specified destination
if (move_uploaded_file($file, $destination);) {
$sql = "INSERT INTO business(image) VALUES('$filename') WHERE id=$id";
$cover_msg="<div class='alert alert-success'>Information uploaded Successfully</div>";
if (mysqli_query($conn, $sql)) {
} else {
die( "Failed to upload file".$conn->error);
}
}
}
}
Top comments (5)
Thanks I really appreciate
But is it possible to use SQL to count the number of times the user have uploaded previously, then check it from the location and pass the error?
yes it is but, you allow currently SQL injections in your code. i can create a file with SQL Code in the name and can inject it into your database.
And also the ID.
First your SQL Command should look like this
this way you will produce multiple entries in your Database. now you can call following SQL before your script starts
II really thank you vary much, u are the best
You could set this in php_ini file. Here You have more info stackoverflow.com/questions/403009....