move_uploaded_file( $_FILES["images"]["tmp_name"][$key], "img/" . $_FILES['images']['name'][$key])
the above code shows that the new location of my image is
"img/" . $_FILES['images']['name'][$key]).
How can i store this in a variable so that I can pass this location in mysql database for the purpose of retrieving the image.
Because the filename set in the name value is based on user-provided filename and because you don't do any apparent sanitizing of the content or the name, the user could upload a file that is executable by apache and give it a name like:
../../../wickedevilnaughtyfile and get it in the host system's root directory or similar nasty place it doesn't belong and it could be executed from the web browser since http server (apache or whatevs) has access to it since it created the file.
This isn't an actual answer, but as demanded in the comments, security threats need more than 600 characters to explain sometimes
BTW, if I missed anything in this somewhat terse explanation or got something just wrong, feel free to edit and sign your name right in the answer.