Jump to content

Editing/Updating Image In CRUD App


Recommended Posts

Good day

I have written a CRUD code in prepared statement, the challenge i have is in the update query data, whenever
i tried updating/editing the data the images does not update to newly updated image in the table

HTML Form code

<form action="participantsController.php" method="POST" enctype="multipart/form-data">


    $partID = $_GET['partEdit'];
    $ret = mysqli_query($connection, "select * from participants where partID = '$partID'");
    $cnt = 1;
    while ($row = mysqli_fetch_array($ret)) {


<div class="form-group">
      <label >Upload business logo here <span class="text-danger mb-3">* </span> </label>
          <input type="hidden" name="oldBizLogo" value="<?php echo $row['bizLogo']; ?>">
          <input type="file" name="imageBizLogo" id="imageBizLogo" class="form-control" >
          <img  src="../uploads/participants/<?=$bizLogo;?>" width="120" alt="Business Logo" class="img-thumbnail">

    <div class="form-group">
      <label >Upload participant profile image here <span class="text-danger mb-3">* </span> </label>
          <input type="hidden" name="oldProfileImg"  value="<?php echo $row['profileImg']; ?>">
          <input type="file" name="imageProfileImg" id="imageProfileImg" class="form-control" >
          <img  src="../uploads/participants/<?=$profileImg;?>" width="120" alt="Profile Image"  class="img-thumbnail">
<?php }?>


Php code for updating

//Update page code

  $partID = $_POST['partID'];

  $oldBizLogo = $_POST['oldBizLogo'];
  $oldProfileImg = $_POST['oldProfileImg'];
  if(isset($_FILES['imageBizLogo']['name'])&&($_FILES['imageBizLogo']['name']!="") || ($_FILES['imageProfileImg']['name'])&&($_FILES['imageProfileImg']['name']!=""))
    $newBizLogo ="../uploads/participants/".$_FILES['imageBizLogo']['name'];
    $newProfileImg ="../uploads/participants/".$_FILES['imageProfileImg']['name'];


    move_uploaded_file($_FILES['imageBizLogo']['tmp_name'], $newBizLogo);
    move_uploaded_file($_FILES['imageProfileImg']['tmp_name'], $newProfileImg);
    $newBizLogo = $oldBizLogo;
    $newProfileImg = $oldProfileImg;
  $query = "UPDATE participants SET bizLogo=?,profileImg=?  WHERE partID=?";



  $_SESSION['updateResponse']="Updated Successfully!";


Kindly help

Link to comment
Share on other sites

is the partID column value unique? if it is, there's no point in looping to produce the form fields. if it is not, you would need to use array names for the form fields and use some unique id as the field indexes so that you can update more than one row of data.

does your form have partUpdate and partID fields so that the php code will do anything?

always validate input data before using it ($_GET['partEdit']) and don't put external, unknown, dynamic values directly into an sql query statement. if you did this for the SELECT query because of how hard it is to use the mysqli extension for a prepared query, switch to the much simpler PDO extension.

do not pass unnecessary values through a form since all external data can be set to anything and cannot be trusted. query inside the form processing code to get the existing/old values.

your post method form processing code must detect if a post method form was submitted before referencing any of the form data. next, if the total size of the submitted form data exceeds the post_max_size setting, both the $_POST and $_FILES arrays will be empty. you must detect this and setup a message for the user telling them that the form data was too large and could not be processed. after you have determined that there is data in $_FILES, you must test the ['error'] element to find out if the file was successfully uploaded or not. the current test of the ['name'] element is not sufficient, i.e. some of the possible upload errors will have a non-empty name, but there is no file to save. only if the ['error'] element is a zero (UPLOAD_ERR_OK) can you actually use the uploaded file information. if it's a 4 (UPLOAD_ERR_NO_FILE), it would mean that no image was selected to be uploaded. for the other error values that the user has control over, you would setup a message telling them what was wrong. for the error values that the user has no control over, you would setup a general failure message, and log the actual information about what error occurred.

lastly, you ALWAYS need error handling for all statements that can fail. for database statements, the easiest way of adding error handling, without adding logic at each statement that can fail - connection, query, prepare, and execute, is to use exceptions for errors and in most cases let php catch and handle the exception, where php will use its error related settings to control what happens with the actual error information, via an uncaught exception error (database statement errors will 'automatically' get displayed/logged the same as php errors.)


Edited by mac_gyver
Link to comment
Share on other sites

This thread is more than a year old. Are you sure you have something important to add to it?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.