Form ignoring fileField

[newb1000]

The first file adds images correctly but if you want to edit the product, this form ignores the new image. It's not sending it to the file even if there is no previous image, so it's not an overwrite issue (I have other files overwriting images in the same site). It shows the temp name of the image, echoes the success message & updates the db but simply will not move that image.

<?php session_start();
	include('functions.php');
	if (verifySession(getSession(session_id())) != true) { // only returns true for role of Administrator
		header('Location: noaccess.php');
	}

dbConnect();
$success="";
$problem="";
$title="";
$author_name="";
$price="";
$pub_name="";
$description="";
$description_b="";
$fileField="";
$newname="";
$product_id="";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['getListing'])) {
	$title= mysql_real_escape_string($_POST['title']);
	$sql=mysql_query("Select * FROM product WHERE title='$title' LIMIT 1");
	while($row = mysql_fetch_array($sql)){ 
	$product_id=$row["product_id"];
	$title=$row["title"];
	$author_name=$row["author_name"];
	$price=$row["price"];
	$pub_name=$row["pub_name"];
	$description=$row["description"];
	$description_b=$row["description_b"];
	
	}
}

	if (isset($_POST['title']) && ($_POST['author_name']) && ($_POST['price']) &&($_POST['pub_name']) && ($_POST['description'])&& ($_POST['description_b'])){
{
if (isset($_POST['submit']) && (!$problem)) {
	$product_id= mysql_real_escape_string($_POST['product_id']);
	$title= mysql_real_escape_string($_POST['title']);
	$author_name = mysql_real_escape_string($_POST['author_name']);
	$price= mysql_real_escape_string($_POST['price']);
	$pub_name= mysql_real_escape_string($_POST['pub_name']);
	$description= mysql_real_escape_string($_POST['description']);
	$description_b= mysql_real_escape_string($_POST['description_b']);
	$fileField=$_FILES['fileField'];
	//$fileField=(isset($_FILES['fileField']));
	mysql_query("UPDATE product SET title='$title', author_name='$author_name', price='$price',pub_name='$pub_name', description='$description',description_b='$description_b' WHERE product_id= '$product_id'") or die (mysql_error());
		$success='Updated ' .$title. '.'; 
		if ($_FILES[$fileField]['tmp_name'] != "") {
	     //Place image in the folder 
			$product_id=mysql_insert_id();//how it tags the image in addBook, makes no difference with or w/o it here
	    	$newname = 'product' . $product_id. '.jpg';
		
	
	    move_uploaded_file($_FILES[$fileField]['tmp_name'], "product_images/$newname");
	}
}
}
}
}
//}
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit a Listing</title>

<link rel="stylesheet" type="text/css" href=".././project.css">

<link rel="icon" type="image/png" href="https://<snip>/iShop/project_images/icon.png" >
<script type="text/javascript">
<!--
function MM_swapImgRestore() { //v3.0
  var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;
}
function MM_preloadImages() { //v3.0
  var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
    var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
    if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
}

function MM_findObj(n, d) { //v4.01
  var p,i,x;  if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
    d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
  if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
  for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
  if(!x && d.getElementById) x=d.getElementById(n); return x;
}

function MM_swapImage() { //v3.0
  var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
   if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
}
//-->
</script>
</head>
<body onload="MM_preloadImages('../project_images/inventory_down.png')">

<?php include('header.php');?>
<?php include('.././footer.php');?>
<div id="pageContent">
<p align = "center"><a href="index.php"><img src="../project_images/admin.png" width="609" height="71" alt="Admin Panel" /></a></p>
<br />
<div id="addBook">
<form action="<?php htmlentities($_SERVER['PHP_SELF']) ?>" enctype="multipart/form-data" name="editBook" class="addBook_bg" method="post">
    <a href="seeBooks.php" onmouseout="MM_swapImgRestore()" onmouseover="MM_swapImage('Inventory','','../project_images/inventory_down.png',1)"><img src="../project_images/inventory.png" alt="Inventory" name="Inventory" width="336" height="86" border="0" id="Inventory" /></a>
    <h2>    Edit a Listing</h2><br/><br/>
    <?php //echo $book; ?>
    <table width="90%" border="0" cellspacing="0" cellpadding="6">
      <tr>
        <td width="20%" align="right">Title</td>
        <td width="80%">
          <input name="title" type="text" id="title" size="30" maxlength="100" class="form_input"  value="<?php echo $title; ?>" /><input type="submit" name="getListing" id="getListing"  value="Get Listing" /><br/><?php if(isset($_POST['submit'])) { $title=preg_replace('#[^a-z0-9?!-: (),]#i','',$_POST['title']); if($title =="" ){  echo '<span class="warning"></span>Please enter a title.</span>'; $problem = TRUE;}} ?>
       </td>
      </tr>
      <tr>
        <td align="right">Author</td>
        <td>         
          <input name="author_name" type="text" id="author_name" size="30" maxlength="80"  class="form_input" value="<?php echo $author_name; ?>"/><?php if(isset($_POST['submit'])) { $author_name=preg_replace('#[^a-z ]#i','',$_POST['author_name']); if($author_name =="" ){  echo '<span class="warning"></span>Please enter the author.</span>'; $problem = TRUE;}} ?>
       </td>
      </tr>    
      <tr>
        <td align="right">Price</td>
       
           <td><input type="text" name="price" id="price"  size="30" maxlength="7" class="form_input" value="<?php echo $price; ?>" /><?php if(isset($_POST['submit'])) { $price=preg_replace('#[^0-9.]#i','',$_POST['price']); if($price =="" ){  echo '<span class="warning"></span>Please enter the price.</span>'; $problem = TRUE;}} ?>
        </td>
      </tr>
       <tr>
        <td align="right">Publisher</td>
       
           <td><input type="text" name="pub_name" id="pub_name"  size="30" maxlength="80" class="form_input" value="<?php echo $pub_name; ?>" /><?php if(isset($_POST['submit'])) { $pub_name=preg_replace('#[^a-z0-9?!-: (),]#i','',$_POST['pub_name']); if($pub_name =="" ){  echo '<span class="warning"></span>Please enter the publisher.</span>'; $problem = TRUE;}} ?>
        </td>
      </tr>
      <tr>
        <td align="right">Description</td>
        <td>          
          <textarea name="description" type="text" id="description" cols="40" rows="6" maxlength="250" class="text_box" /><?php echo $description; ?></textarea><br/><?php if(isset($_POST['submit'])) { $description=preg_replace('#[^a-z0-9?!-: (),]#i','',$_POST['description']); if($description =="" ){  echo '<span class="warning"></span>Please enter the description.</span>'; $problem = TRUE;}} ?>
        </td>
      </tr>
        <tr>
        <td align="right">Detail</td>
        <td>          
          <textarea name="description_b" type="text" id="description_b" cols="40" rows="6" maxlength="250" class="text_box" /><?php echo $description_b; ?></textarea><br/><?php if(isset($_POST['submit'])) { $description_b=preg_replace('#[^a-z0-9?!-: (),]#i','',$_POST['description_b']); if($description_b =="" ){  echo '<span class="warning"></span>Please enter the detail.</span>'; $problem = TRUE;}} ?>
        </td>
      </tr>
      <tr>
        <td align="right">Picture</td>
        <td>
          <input type="file" name="fileField" id="fileField" />
        </td>
      </tr>      
      <tr>
        <td> </td>
        <td>
         <input name="product_id" type="hidden" value="<?php echo $product_id; ?>" />
          <input type="submit" name="submit" id="submit"  />  <input type="reset" onclick="location.reload('editBook.php');return false;"/> 
          <?php echo $success ?>
    </td>
      </tr>
    </table>
    <br/><br/>
  
    </form>
    <br /><br />
    </div>
    </div>
</body>
</html>

[mac_gyver]

mysql_insert_id() is only valid after an INSERT query, otherwise it is a zero or maybe a null/false.

 

you would need to use the $product_id that is being passed via the hidden form field.

 

also, your login check logic is not secure as all anyone would need to do is ignore the header() redirect and they can freely access your page. you need an exit; statement after the header() redirect to prevent execution of the rest of the code on that page.

[newb1000]

Thank you for the quick response, I commented out the insert & it's still not moving that image. (Also thanks for the exit tip, added that.)

 

I should add that I have gotten a product0.jpg in the destination folder occasionally while testing but I can't seem to recreate the process that gives that result.

[mac_gyver]

just for debugging purposes, what does adding the following show for the content of the $_FILES array after the form has been submitted -

echo '<pre>',print_r($_FILES,true),'</pre>';

[newb1000]

 

  Updated Test Book.

Array(    [fileField] => Array        (            [name] => littleblackbook.jpg            [type] => image/jpeg            [tmp_name] => /home/phptmp/uploads/phpLo3D9S            [error] => 0            [size] => 23124        ))

Although when I looked in phptmp/uploads it wasn't there & nothing new is in the product_images folder.

[mac_gyver]

turn on php's full error reporting. add the following lines immediately after your first opening <?php tag -

ini_set("display_errors", "1");
error_reporting(-1);

[newb1000]

Sorry, had a debug copy running in the background & forgot to look. Trying a new upload gives me this for your print:

 

Array
(
[fileField] => Array
(
[name] => littleblackbook.jpg
[type] => image/jpeg
[tmp_name] => /home/phptmp/uploads/phpKMWjDL
[error] => 0
=> 23124
)

)

 

And throws this:

 

Notice: Undefined offset: 1 in /editBook.php on line 52

 

(which disappears if I don't use the $fileField variable & just go with ['fileField'])

[newb1000]

So wow, I put a fresh url in the browser & the book changed. Thank you for your help <3

 

(btw yes, I was refreshing up until now & it was the original pink book every time, now it's a black book)

[newb1000]

Could you please remove line 73 for me in the php file (the absolute path icon link)? I'll be sure to use your error checking methods from this point on.