newb1000 Posted April 1, 2014 Share Posted April 1, 2014 (edited) The first file adds images correctly but if you want to edit the product, this form ignores the new image. It's not sending it to the file even if there is no previous image, so it's not an overwrite issue (I have other files overwriting images in the same site). It shows the temp name of the image, echoes the success message & updates the db but simply will not move that image. <?php session_start(); include('functions.php'); if (verifySession(getSession(session_id())) != true) { // only returns true for role of Administrator header('Location: noaccess.php'); } dbConnect(); $success=""; $problem=""; $title=""; $author_name=""; $price=""; $pub_name=""; $description=""; $description_b=""; $fileField=""; $newname=""; $product_id=""; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['getListing'])) { $title= mysql_real_escape_string($_POST['title']); $sql=mysql_query("Select * FROM product WHERE title='$title' LIMIT 1"); while($row = mysql_fetch_array($sql)){ $product_id=$row["product_id"]; $title=$row["title"]; $author_name=$row["author_name"]; $price=$row["price"]; $pub_name=$row["pub_name"]; $description=$row["description"]; $description_b=$row["description_b"]; } } if (isset($_POST['title']) && ($_POST['author_name']) && ($_POST['price']) &&($_POST['pub_name']) && ($_POST['description'])&& ($_POST['description_b'])){ { if (isset($_POST['submit']) && (!$problem)) { $product_id= mysql_real_escape_string($_POST['product_id']); $title= mysql_real_escape_string($_POST['title']); $author_name = mysql_real_escape_string($_POST['author_name']); $price= mysql_real_escape_string($_POST['price']); $pub_name= mysql_real_escape_string($_POST['pub_name']); $description= mysql_real_escape_string($_POST['description']); $description_b= mysql_real_escape_string($_POST['description_b']); $fileField=$_FILES['fileField']; //$fileField=(isset($_FILES['fileField'])); mysql_query("UPDATE product SET title='$title', author_name='$author_name', price='$price',pub_name='$pub_name', description='$description',description_b='$description_b' WHERE product_id= '$product_id'") or die (mysql_error()); $success='Updated ' .$title. '.'; if ($_FILES[$fileField]['tmp_name'] != "") { //Place image in the folder $product_id=mysql_insert_id();//how it tags the image in addBook, makes no difference with or w/o it here $newname = 'product' . $product_id. '.jpg'; move_uploaded_file($_FILES[$fileField]['tmp_name'], "product_images/$newname"); } } } } } //} ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Edit a Listing</title> <link rel="stylesheet" type="text/css" href=".././project.css"> <link rel="icon" type="image/png" href="https://<snip>/iShop/project_images/icon.png" > <script type="text/javascript"> <!-- function MM_swapImgRestore() { //v3.0 var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc; } function MM_preloadImages() { //v3.0 var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}} } function MM_findObj(n, d) { //v4.01 var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) { d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);} if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n]; for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document); if(!x && d.getElementById) x=d.getElementById(n); return x; } function MM_swapImage() { //v3.0 var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3) if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];} } //--> </script> </head> <body onload="MM_preloadImages('../project_images/inventory_down.png')"> <?php include('header.php');?> <?php include('.././footer.php');?> <div id="pageContent"> <p align = "center"><a href="index.php"><img src="../project_images/admin.png" width="609" height="71" alt="Admin Panel" /></a></p> <br /> <div id="addBook"> <form action="<?php htmlentities($_SERVER['PHP_SELF']) ?>" enctype="multipart/form-data" name="editBook" class="addBook_bg" method="post"> <a href="seeBooks.php" onmouseout="MM_swapImgRestore()" onmouseover="MM_swapImage('Inventory','','../project_images/inventory_down.png',1)"><img src="../project_images/inventory.png" alt="Inventory" name="Inventory" width="336" height="86" border="0" id="Inventory" /></a> <h2> Edit a Listing</h2><br/><br/> <?php //echo $book; ?> <table width="90%" border="0" cellspacing="0" cellpadding="6"> <tr> <td width="20%" align="right">Title</td> <td width="80%"> <input name="title" type="text" id="title" size="30" maxlength="100" class="form_input" value="<?php echo $title; ?>" /><input type="submit" name="getListing" id="getListing" value="Get Listing" /><br/><?php if(isset($_POST['submit'])) { $title=preg_replace('#[^a-z0-9?!-: (),]#i','',$_POST['title']); if($title =="" ){ echo '<span class="warning"></span>Please enter a title.</span>'; $problem = TRUE;}} ?> </td> </tr> <tr> <td align="right">Author</td> <td> <input name="author_name" type="text" id="author_name" size="30" maxlength="80" class="form_input" value="<?php echo $author_name; ?>"/><?php if(isset($_POST['submit'])) { $author_name=preg_replace('#[^a-z ]#i','',$_POST['author_name']); if($author_name =="" ){ echo '<span class="warning"></span>Please enter the author.</span>'; $problem = TRUE;}} ?> </td> </tr> <tr> <td align="right">Price</td> <td><input type="text" name="price" id="price" size="30" maxlength="7" class="form_input" value="<?php echo $price; ?>" /><?php if(isset($_POST['submit'])) { $price=preg_replace('#[^0-9.]#i','',$_POST['price']); if($price =="" ){ echo '<span class="warning"></span>Please enter the price.</span>'; $problem = TRUE;}} ?> </td> </tr> <tr> <td align="right">Publisher</td> <td><input type="text" name="pub_name" id="pub_name" size="30" maxlength="80" class="form_input" value="<?php echo $pub_name; ?>" /><?php if(isset($_POST['submit'])) { $pub_name=preg_replace('#[^a-z0-9?!-: (),]#i','',$_POST['pub_name']); if($pub_name =="" ){ echo '<span class="warning"></span>Please enter the publisher.</span>'; $problem = TRUE;}} ?> </td> </tr> <tr> <td align="right">Description</td> <td> <textarea name="description" type="text" id="description" cols="40" rows="6" maxlength="250" class="text_box" /><?php echo $description; ?></textarea><br/><?php if(isset($_POST['submit'])) { $description=preg_replace('#[^a-z0-9?!-: (),]#i','',$_POST['description']); if($description =="" ){ echo '<span class="warning"></span>Please enter the description.</span>'; $problem = TRUE;}} ?> </td> </tr> <tr> <td align="right">Detail</td> <td> <textarea name="description_b" type="text" id="description_b" cols="40" rows="6" maxlength="250" class="text_box" /><?php echo $description_b; ?></textarea><br/><?php if(isset($_POST['submit'])) { $description_b=preg_replace('#[^a-z0-9?!-: (),]#i','',$_POST['description_b']); if($description_b =="" ){ echo '<span class="warning"></span>Please enter the detail.</span>'; $problem = TRUE;}} ?> </td> </tr> <tr> <td align="right">Picture</td> <td> <input type="file" name="fileField" id="fileField" /> </td> </tr> <tr> <td> </td> <td> <input name="product_id" type="hidden" value="<?php echo $product_id; ?>" /> <input type="submit" name="submit" id="submit" /> <input type="reset" onclick="location.reload('editBook.php');return false;"/> <?php echo $success ?> </td> </tr> </table> <br/><br/> </form> <br /><br /> </div> </div> </body> </html> Edited April 1, 2014 by mac_gyver removed domain/path info Quote Link to comment https://forums.phpfreaks.com/topic/287452-form-ignoring-filefield/ Share on other sites More sharing options...
mac_gyver Posted April 1, 2014 Share Posted April 1, 2014 mysql_insert_id() is only valid after an INSERT query, otherwise it is a zero or maybe a null/false. you would need to use the $product_id that is being passed via the hidden form field. also, your login check logic is not secure as all anyone would need to do is ignore the header() redirect and they can freely access your page. you need an exit; statement after the header() redirect to prevent execution of the rest of the code on that page. Quote Link to comment https://forums.phpfreaks.com/topic/287452-form-ignoring-filefield/#findComment-1474654 Share on other sites More sharing options...
newb1000 Posted April 1, 2014 Author Share Posted April 1, 2014 (edited) Thank you for the quick response, I commented out the insert & it's still not moving that image. (Also thanks for the exit tip, added that.) I should add that I have gotten a product0.jpg in the destination folder occasionally while testing but I can't seem to recreate the process that gives that result. Edited April 1, 2014 by newb1000 Quote Link to comment https://forums.phpfreaks.com/topic/287452-form-ignoring-filefield/#findComment-1474656 Share on other sites More sharing options...
mac_gyver Posted April 1, 2014 Share Posted April 1, 2014 just for debugging purposes, what does adding the following show for the content of the $_FILES array after the form has been submitted - echo '<pre>',print_r($_FILES,true),'</pre>'; Quote Link to comment https://forums.phpfreaks.com/topic/287452-form-ignoring-filefield/#findComment-1474658 Share on other sites More sharing options...
newb1000 Posted April 1, 2014 Author Share Posted April 1, 2014 Updated Test Book. Array( [fileField] => Array ( [name] => littleblackbook.jpg [type] => image/jpeg [tmp_name] => /home/phptmp/uploads/phpLo3D9S [error] => 0 [size] => 23124 )) Although when I looked in phptmp/uploads it wasn't there & nothing new is in the product_images folder. Quote Link to comment https://forums.phpfreaks.com/topic/287452-form-ignoring-filefield/#findComment-1474659 Share on other sites More sharing options...
mac_gyver Posted April 1, 2014 Share Posted April 1, 2014 turn on php's full error reporting. add the following lines immediately after your first opening <?php tag - ini_set("display_errors", "1"); error_reporting(-1); Quote Link to comment https://forums.phpfreaks.com/topic/287452-form-ignoring-filefield/#findComment-1474661 Share on other sites More sharing options...
newb1000 Posted April 1, 2014 Author Share Posted April 1, 2014 (edited) Sorry, had a debug copy running in the background & forgot to look. Trying a new upload gives me this for your print: Array([fileField] => Array([name] => littleblackbook.jpg[type] => image/jpeg[tmp_name] => /home/phptmp/uploads/phpKMWjDL[error] => 0 => 23124)) And throws this: Notice: Undefined offset: 1 in /editBook.php on line 52 (which disappears if I don't use the $fileField variable & just go with ['fileField']) Edited April 1, 2014 by newb1000 Quote Link to comment https://forums.phpfreaks.com/topic/287452-form-ignoring-filefield/#findComment-1474663 Share on other sites More sharing options...
Solution newb1000 Posted April 1, 2014 Author Solution Share Posted April 1, 2014 (edited) So wow, I put a fresh url in the browser & the book changed. Thank you for your help <3 (btw yes, I was refreshing up until now & it was the original pink book every time, now it's a black book) Edited April 1, 2014 by newb1000 Quote Link to comment https://forums.phpfreaks.com/topic/287452-form-ignoring-filefield/#findComment-1474664 Share on other sites More sharing options...
newb1000 Posted April 1, 2014 Author Share Posted April 1, 2014 Could you please remove line 73 for me in the php file (the absolute path icon link)? I'll be sure to use your error checking methods from this point on. Quote Link to comment https://forums.phpfreaks.com/topic/287452-form-ignoring-filefield/#findComment-1474666 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.