Editing/Updating Image In CRUD App

[johnman]

Good day

I have written a CRUD code in prepared statement, the challenge i have is in the update query data, whenever
i tried updating/editing the data the images does not update to newly updated image in the table

HTML Form code

<form action="participantsController.php" method="POST" enctype="multipart/form-data">

  <?php

    $partID = $_GET['partEdit'];
    $ret = mysqli_query($connection, "select * from participants where partID = '$partID'");
    $cnt = 1;
    while ($row = mysqli_fetch_array($ret)) {

    ?>

<div class="form-group">
      <label >Upload business logo here <span class="text-danger mb-3">* </span> </label>
        <div>
          <input type="hidden" name="oldBizLogo" value="<?php echo $row['bizLogo']; ?>">
          <input type="file" name="imageBizLogo" id="imageBizLogo" class="form-control" >
          <img  src="../uploads/participants/<?=$bizLogo;?>" width="120" alt="Business Logo" class="img-thumbnail">
        </div>
    </div>

    <div class="form-group">
      <label >Upload participant profile image here <span class="text-danger mb-3">* </span> </label>
        <div>
          <input type="hidden" name="oldProfileImg"  value="<?php echo $row['profileImg']; ?>">
          <input type="file" name="imageProfileImg" id="imageProfileImg" class="form-control" >
          <img  src="../uploads/participants/<?=$profileImg;?>" width="120" alt="Profile Image"  class="img-thumbnail">
        </div>
    </div>
	
<?php }?>

</form>

Php code for updating

//Update page code
if(isset($_POST['partUpdate']))
{

  $partID = $_POST['partID'];

  $oldBizLogo = $_POST['oldBizLogo'];
  $oldProfileImg = $_POST['oldProfileImg'];
  
  if(isset($_FILES['imageBizLogo']['name'])&&($_FILES['imageBizLogo']['name']!="") || ($_FILES['imageProfileImg']['name'])&&($_FILES['imageProfileImg']['name']!=""))
  {
    $newBizLogo ="../uploads/participants/".$_FILES['imageBizLogo']['name'];
    $newProfileImg ="../uploads/participants/".$_FILES['imageProfileImg']['name'];

    unlink($oldBizLogo);
    unlink($oldProfileImg);

    move_uploaded_file($_FILES['imageBizLogo']['tmp_name'], $newBizLogo);
    move_uploaded_file($_FILES['imageProfileImg']['tmp_name'], $newProfileImg);
  }
  else{
    $newBizLogo = $oldBizLogo;
    $newProfileImg = $oldProfileImg;
  }
  $query = "UPDATE participants SET bizLogo=?,profileImg=?  WHERE partID=?";

  $stmt=$connection->prepare($query);
  $stmt->bind_param("ssi",$newBizLogo,$newProfileImg,$partID);

  $stmt->execute();

  $_SESSION['updateResponse']="Updated Successfully!";
  $_SESSION['updateRes_type']="primary";
  header('location:participantsAdd.php');

}

Kindly help

[ginerjm]

Do you have error checking enabled and are you displaying the messages?  Might help if you trapped for an error on the prepare or the execute as well.

[mac_gyver]

is the partID column value unique? if it is, there's no point in looping to produce the form fields. if it is not, you would need to use array names for the form fields and use some unique id as the field indexes so that you can update more than one row of data.

does your form have partUpdate and partID fields so that the php code will do anything?

always validate input data before using it ($_GET['partEdit']) and don't put external, unknown, dynamic values directly into an sql query statement. if you did this for the SELECT query because of how hard it is to use the mysqli extension for a prepared query, switch to the much simpler PDO extension.

do not pass unnecessary values through a form since all external data can be set to anything and cannot be trusted. query inside the form processing code to get the existing/old values.

your post method form processing code must detect if a post method form was submitted before referencing any of the form data. next, if the total size of the submitted form data exceeds the post_max_size setting, both the $_POST and $_FILES arrays will be empty. you must detect this and setup a message for the user telling them that the form data was too large and could not be processed. after you have determined that there is data in $_FILES, you must test the ['error'] element to find out if the file was successfully uploaded or not. the current test of the ['name'] element is not sufficient, i.e. some of the possible upload errors will have a non-empty name, but there is no file to save. only if the ['error'] element is a zero (UPLOAD_ERR_OK) can you actually use the uploaded file information. if it's a 4 (UPLOAD_ERR_NO_FILE), it would mean that no image was selected to be uploaded. for the other error values that the user has control over, you would setup a message telling them what was wrong. for the error values that the user has no control over, you would setup a general failure message, and log the actual information about what error occurred.

lastly, you ALWAYS need error handling for all statements that can fail. for database statements, the easiest way of adding error handling, without adding logic at each statement that can fail - connection, query, prepare, and execute, is to use exceptions for errors and in most cases let php catch and handle the exception, where php will use its error related settings to control what happens with the actual error information, via an uncaught exception error (database statement errors will 'automatically' get displayed/logged the same as php errors.)

 

Edited October 19, 2021 by mac_gyver