good day , here i have a page that store data with some images in it , 3 images to be exact,
<?php
$brg = $_POST['id'];
$nama = $_POST['nm'];
$img = $_FILES['img']['name'];
$tmp = $_FILES['img']['tmp_name'];
$img1 = $_FILES['img1']['name'];
$tmp1 = $_FILES['img1']['tmp_name'];
$img2 = $_FILES['img2']['name'];
$tmp2 = $_FILES['img2']['tmp_name'];
$temp = explode(".", $img);
$temp1 = explode(".", $img1);
$temp2 = explode(".", $img2);
$new = round(microtime(true)) . '.' . end($temp);
$new1 = round(microtime(true)) . '.' . end($temp1);
$new2 = round(microtime(true)) . '.' . end($temp2);
$path = "img/photo/".$new;
$path1 = "img/photo/".$new1;
$path2 = "img/photo/".$new2;
move_uploaded_file($tmp, $path);
move_uploaded_file($tmp1, $path1);
move_uploaded_file($tmp2, $path2);
$c = "insert into imgstuff values('$brg','$nama','$new','$new1','$new2');";
$ins=mysqli_query($con,$c);
if($ins){
header('location: test.php?success='.base64_encode('success'));
} else {
header('location: test.php?error='.base64_encode('failed'));
}
?>
code above works perfectly but as you can see it ends up horribly ugly and it produce same file name for three picture ,
my question, is there any ways to made my code cleaner and easy to maintain and whats wrong with my naming files method ?
I'd be tempted to use a loop so that you do not repeat code unnecessarily and definitely to use prepared statements to avoid nasty unpleasantness from sql injection attacks
As for the new image name - there are many ways in which you can achieve a new, unique name - the method here is not necessarily going to be unique but it does at least incorporate the original filename so of the three images they should be unique. None of the below is tested btw but it might give you some ideas.
<?php
if( isset( $_POST['id'], $_POST['nm'] ){
$files=array();
$sql='insert into `imgstuff` values (?,?,?,?,?)';
$stmt=$con->prepare( $sql );
if( $stmt ){
for( $i=0; $i < 3; $i++ ){
$obj = $i==0 ? (object)$_FILES[ 'img' ] : (object)$_FILES[ 'img' . $i ];
$tmp=$obj->tmp_name;
$name=$obj->name;
$ext = pathinfo( $name,PATHINFO_EXTENSION );
$new = round( microtime( true ) ) . '_' . $name . '.' . $ext;
$path = "img/photo/$new";
$status = is_uploaded_file( $tmp ) & move_uploaded_file( $tmp, $path );
if( $status ) $files[] = $path;
}
if( count( $files )==count( $imgs ) ){
$brg = $_POST['id'];
$nama = $_POST['nm'];
$stmt->bind_param( 'issss', $brg, $nama, $files[0], $files[1], $files[2] );
$stmt->execute();
$rows=$stmt->affected_rows;
$message=$rows!=0 ? 'success' : 'failed';
header('location: test.php?success=' . base64_encode( $message ) );
}
}
}
?>
Maybe
round(microtime(true)) . '.' . end($temp);
return the same things because it's done almost at the same time. Can you try something like uuid or even a simple function such as
function getUniqFileName($end) {
$token = md5(sha1(rand()));
return sprintf($token%s, $end);
}
and then in your code
$new = getUniqFileName(end($temp));
That will give you a bit more uniq name very quickly ?
(Edit : removed the round which is quite useless in this case)