real_escape_string($_POST['username'])); $phone = htmlspecialchars($connection->real_escape_string($_POST['phone'])); $response = array(); if (!empty($username) && !empty($phone)) { $lastProfilePic = $connection->query("SELECT * FROM users WHERE phone = '$phone' AND username = '$username'") ->fetch_assoc(); $lastProfilePic = $lastProfilePic['profile_pic']; $file_or_name = $_FILES['profile_pic']['name']; $kaboom = explode(".", $file_or_name); $ext = end($kaboom); $time = time(); $random = (rand(10, 1000000)); $new_image_name = $random . $time . "." . $ext; move_uploaded_file($_FILES['profile_pic']["tmp_name"], "../img/$new_image_name"); $sql = "UPDATE users SET profile_pic = '$new_image_name' WHERE phone = '$phone' AND username = '$username'"; $query = $connection->query($sql); if ($query === true) { unlink("../img/$lastProfilePic"); $response = array( 'status' => 1, 'msg' => "Updated Successfully.", 'file' => $new_image_name, ); } else { $response = array( 'status' => 2, 'msg' => "unexpected error" ); } } else { $response = array( 'status' => 0, 'msg' => "empty fields." ); } echo json_encode($response);