You can just simply save the generated id in a variable and use in in both the INSERT INTO ...
and the move_uploaded_file()
call. Something like this:
<?php
$name=$_POST['name'];
// .... snip ....
// switched to mysqli_ for the example, save the resulting db link (should check for connection errors too)
$db = mysqli_connect( /* login credentials */);
// generate the uniqid and save it to a variable
$file_uniq_id = uniqid();
// then use the generated id here
if(move_uploaded_file($_FILES["photo"]["tmp_name"],
"avatars/" . $file_uniq_id . '.' . $pic['extension']))
{
mysqli_query($db, 'INSERT INTO `employees` VALUES (
'.mysqli_query($db, $name).',
'.mysqli_query($db, $email).',
'.mysqli_query($db, $phone).',
'.mysqli_query($db, $file_uniq_id).')'); // And here, you can add path or extension as you see fit
}
There are some non-functionality related problems in your code too:
- Always escape your query parameters, or you will have SQL injection issues.
- Stop using the
mysql_*
functions since they are deprecated. Themysqli_*
family works almost the same.