Uploading profile image using php and mysql

Hi, my self Sushanth, i have problem uploading the image to the designated folder. Here is the code. The error says undefined file in upload.php on line 9.
here is the code for upload.php,

<?php
session_start();
include_once 'dbh.php';
$id = $_SESSION['id'];

if(isset($_POST['upload_submit'])){
    $file= $_FILES['file'];
    $fileName = $_FILES['file']['name'];
    $fileTmp = $_FILES['file']['tmp_name'];
    $fileSize = $_FILES['file']['size'];
    $filesError = $_FILES['file']['error'];
    $fileType = $_FILES['file']['type'];
    
    $fileExt = explode('.',$_FILES['file']['name']);
    $fileActualExt = strtolower(end($fileExt));
    $allowed = array('jpg','jpeg','png','pdf');
    if(in_array($fileActualExt,$allowed)){
        if($_FILES['file']['error'] ===  0){
            if($_FILES['file']['size'] < 1000000){            
                $fileNameNew = "profile".$id.".".$fileActualExt;
                $fileDestination = 'uploads/'.$fileNameNew;
                move_uploaded_file($_FILES['file']['tmp_name'],$fileDestination);
                $sql = "UPDATE profileimg SET status = 0 WHERE userid ='$id';";
                $result = mysqli_query($conn, $sql);
                header("Location: index.php?uploadsucess");
            }else{
                echo "Your file is too big!";
            }
        }else{
            echo "You have an error uploading your file!";
        }
    }else{
        echo "You cannot upload files of this type!";
    }

}

here is the code for index.php,
<?php
    session_start();
    include_once 'dbh.php';
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title>Document</title>
    <style>
        .container{
            margin:20px;
            padding:10px;
            background:#ccc;
           
        }
        .container img{
            width:50px;
            height:50px
        }
        .container p{
            font-family: 'Franklin Gothic Medium', 'Arial Narrow', Arial, sans-serif;
            font-size:20px;
            position:inherit;
            float:right;
            
        }
    </style>
</head>
<body>
    <?php
        $sql = "SELECT * from user";
        $result = mysqli_query($conn, $sql);
        if(mysqli_num_rows($result)> 0){
            while ($row = mysqli_fetch_assoc($result)){
                $id= $row['id'];
                $sqlimg = "SELECT * FROM profileimg WHERE userid='$id'";
                $resultimg=mysqli_query($conn,$sqlimg);
                while($rowimg = mysqli_fetch_assoc($resultimg)){
                    echo "<div class=container>";
                        if($rowimg['status'] == 0){
                            echo "<img src= 'uploads/profile".$id.".jpg'>";
                        }else{

                            echo "<img src='uploads/pd.jpg'>";
                        }
                        echo "<p>".$row['username']."</p>";
                    echo "</div>";
                }
            }
        }else{
            echo "There are no users yet!";
        }

        if(isset($_SESSION['id'])){
            if ($_SESSION['id'] == 1){
                echo "You are logged in as user #1";
            }
            echo "<form action='upload.php' method='POST'enctype='mutlipart/form-data'>
            <input type='file' name='file'>
            <button type='submit' name='upload_submit'>Upload</button></form>";
        }else {
            echo "You are not logged in!";
        }
    ?>
    <p>Login as user!</p>
    <form action="login.php" method="POST">
      <button type="submit" name="submitlogin">Login</button>
    </form>
    <p>Logout as user!</p>
    <form action="logout.php" method="POST">
      <button type="submit" name="submitlogout">Logout</button>
    </form>
</body>
</html>

My database name is login.
Help me to resolve this problem.

Hello @sushanth

I can see the error is that you are not checking the image file uploading errors.

Before the $file = $_FILES['file']; line, you can add the following.

if (empty($_FILES['file']) {
   exit('Empty File');
}

In any type of uploading, you should do some more validations, such as

  1. Checking the image upload
  2. Checking for upload time errors
  3. Checking whether the uploaded file exists in the server
  4. Validating the file size
  5. Validating the Mime Type

Also, you should use prepared statements when using user inputs for queries. So, mind changing your code to MYSQLI prepared statements

See this complete beginner’s guide to learn more on image uploading with PHP and MYSQL.