Jump to content

How to update image in db with session

PNewCode

By PNewCode
in PHP Coding Help

 Share

Recommended Posts

PNewCode Advanced Member

PNewCode

Posted
Posted (edited)

Hello. I am having rotten luck in finding a simple update image form to use. I have a working form for users to update their name and email address, but not an image.
I have been searching for a couple days on how to accomplish this however I can't seem to find anything that I can edit to be only the image and not the other information, or that works with my sessions.

I'm showing below what I have that works for updating a name and email address. If someone has a way to change this to an image upload update (to change the profile image) I would be greatful.

Note: The images are being stored in a folder called "images", and the file name for the image is being stored in a column called "img" in the table "users"
I did not include the db connection file in this post but it is on my site and working, as well as the session for the user is working as well.

I have learned A LOT since I started getting guidance and assitance on this website. I'm very greatful for that :)

Here is the form html file
  

<div align="center">
  <p>&nbsp;</p>
  <p><img src="edit-banner.png" width="336" height="52"> <br>
    <br>
  </p>
</div>
<form action="Profile_update.php" method="post">
  <div align="center">
    <input type="text" name="fname" Placeholder="Update Name" style="font-size:20pt;" >
    <br>
    <br>
     
    <input type="email" name="email" Placeholder="Update Email Address" style="font-size:20pt;" >
    <br>
    <br>

    <input type="submit" name="edit" value="UPDATE" class="button button1 button4" >
  </div>
</form>

<div align="center"> 
  <p><font face="Verdana, Arial, Helvetica, sans-serif"><b><font color="#CCCCFF">If 
    You Want To Delete Your Account<br>
    </font></b></font><font face="Verdana, Arial, Helvetica, sans-serif"><b><font color="#CCCCFF">Let 
    A Mod Know </font></b></font> </p>
  </div>

And here is the php file 

<?php
 
 session_start();
 include "Connection.php";
 if(isset($_POST['edit']))
 {
    $id=$_SESSION['id'];
    $fname=$_POST['fname'];
    $email=$_POST['email'];
    $select= "select * from users where id='$id'";
    $sql = mysqli_query($conn,$select);
    $row = mysqli_fetch_assoc($sql);
    $res= $row['id'];
    if($res === $id)
    {
   
       $update = "update users set fname='$fname', email='$email' where id='$id'";
       $sql2=mysqli_query($conn,$update);
if($sql2)
       { 
           /*Successful*/
           header('location:Dashboard.php');
       }
       else
       {
           /*sorry your profile is not update*/
           header('location:Profile_edit_form.php');
       }
    }
    else
    {
        /*sorry your id is not match*/
        header('location:Profile_edit_form.php');
    }
 }
?>

 

Edited by PNewCode
Link to comment
https://forums.phpfreaks.com/topic/315823-how-to-update-image-in-db-with-session/
Share on other sites
PNewCode Advanced Member

PNewCode

Posted
  • Author
Posted

@ginerjm That is because I have tried over a dozen different ones and I don't have a copy of any of them. None of them worked at all. The list of errors each time was extremely long that I thought it would be a waste of time to post and just get asked "Why did you do this and that". So I thought if someone had a method of doing this easily, then I could benefit from that in using it and my education.

PNewCode Advanced Member

PNewCode

Posted
  • Author
Posted

@ginerjm Here are the updates of what I tried. This form works for just uploading without the session for a basic file upload. But doesn't work for what I am trying to accomplish. This one has no errors listed but just says "page isn't working"

Form 

<form action="Profile_updatepicture.php" method="post" enctype="multipart/form-data">
  <div align="center"><font face="Verdana, Arial, Helvetica, sans-serif"> <br>
    <br>
    Choose Pic 
    <input type="file" name="file">
    <input type="submit" name="submit" value="Upload">
    </font> </div>
</form>

php 

<?php


error_reporting(E_ALL);
ini_set('display_errors', '1');


 
 session_start();
 include "Connection.php";
 if(isset($_POST['edit']))
 {
    $id=$_SESSION['id'];
    $file=$_FILES['file'];
    $select= "select * from users where id='$id'";
    $sql = mysqli_query($conn,$select);
    $row = mysqli_fetch_assoc($sql);
    $res= $row['id'];
    if($res === $id)
    {
   
       $update = "update users set file='$file' where id='$id'";
       $sql2=mysqli_query($conn,$update);
// File upload path
$targetDir = "images/";
$fileName = basename($_FILES["file"]["name"]);
$targetFilePath = $targetDir . $fileName;
$nameviewer = $_POST['nameviewer'];
$fileType = pathinfo($targetFilePath,PATHINFO_EXTENSION);
if(isset($_POST["submit"]) && !empty($_FILES["file"]["name"])){
    // Allow certain file formats
    $allowTypes = array('jpg','png','jpeg','gif','pdf');
    if (!file_exists($targetFilePath)) {
        if(in_array(strtolower($fileType), $allowTypes)){
                // Upload file to server
            if(move_uploaded_file($_FILES["file"]["tmp_name"], $targetFilePath)){
                // Insert image file name into database
                $insert = $db->query("INSERT into users (img) VALUES ('".$fileName."');
                if($insert){
                    $statusMsg = "The picture <b>".$fileName. "</b> has been uploaded successfully." . $backlink;
                }else{
                    $statusMsg = "File upload failed, please try again." . $backlink;
                } 
            }else{
                $statusMsg = "Sorry, there was an error uploading your picture." . $backlink;
            }
        }else{
            $statusMsg = "Sorry, only JPG, JPEG, PNG, GIF, & PDF files are allowed to upload." . $backlink;
        }
    }else{
            $statusMsg = "The file <b>".$fileName. "</b> is already exist." . $backlink;
        }
}else{
    $statusMsg = 'Please select a file to upload.' . $backlink;
}
// Display status message
echo $statusMsg;
?>

 

mac_gyver Prolific Member

mac_gyver

Posted
Posted (edited)

just trying different things, and throwing them away when they don't work is not learning. an analogy to the method you are trying to use, would be picking up a piece of a jigsaw puzzle, trying it in every possible location, without looking at what part of the picture it likely matches so that you are trying it in places it has a chance of fitting. this method takes 100 times longer, and sometimes never, to accomplish putting together the puzzle.

writing code involves actually learning the meaning of the words and syntax you are using, so that you are writing (and reading) the programming language you are using. without this learning, you cannot debug code when it doesn't work, because you don't know what each statement contributes, and you also cannot write new code, building on what you have learned before, because no learning has occurred to serve as the basis for new learning.

you must somehow make the transition from just copy/pasting words you have found to actually learning (internalizing) the meaning of the words, so that you can write meaningful code that does what you want.

another reason to learn what the words actually mean and do, is because a large percentage of the code you will find posted on the internet is lacking in security, validation, and error handling. they may 'work' under perfect conditions, but they aren't secure, and when anything unexpected occurs, they won't tell you why they didn't work.

here's an example from your original code that appears to work, but isn't actually doing what you think, that reading what the lines of code are doing would point out - 

    $id=$_SESSION['id'];
    $fname=$_POST['fname'];
    $email=$_POST['email'];
    $select= "select * from users where id='$id'";
    $sql = mysqli_query($conn,$select);
    $row = mysqli_fetch_assoc($sql);
    $res= $row['id'];
    if($res === $id)

all the code on this web page 'requires' a logged in user for the form processing code to be executed or the form to be displayed. to accomplish this, your code must validate the session variable first, before using it, e.g. does it even exist. the code must also test if the query matched a row of data before using the fetched data. the above code, when the session variable doesn't exist ends up testing if null (the query will fail to match a row of data, resulting in $res being null) === null (the nonexistent session variable), which is true comparison, and allows anyone who isn't logged in to cause the UPDATE query to be executed.

next, for any post method form processing code, you should not attempt to detect if the submit button is set. there are cases where it won't be. you should instead detect if a post method form was submitted. one of the cases where the submit button won't be set is if the size of the form data exceeds the post_max_size setting on the server. this can occur for any post method form, but is more likely to occur when uploading files, since the size of the uploaded file is out of your control. when this condition occurs, both the $_POST and $_FILES arrays will be empty. after detecting if a post method form was submitted, the code must detect if this condition exists, and setup an error message for the user, since there's no form data for the rest of the code to use. once your code has found that there is form data, you must test the ['error'] element in the $_FILES... array, which is why there's an error element to test. testing the ['name'] element is not enough. for some of the possible upload errors, there will be a valid ['name'] element, but the file upload has failed with whatever error is indicated in the ['error'] element.

Edited by mac_gyver
mac_gyver Prolific Member

mac_gyver

Posted
Posted (edited)
10 hours ago, PNewCode said:

This one has no errors listed but just says "page isn't working"

you are getting a http 500 error because the code contains a php syntax error. you don't know this because you haven't put the php error related settings into the php.ini on your system, so that ALL php errors will get reported and displayed. when you put these settings into your code, they don't do anything for php syntax errors in that file since your php code never runs in this case to change those settings.

the approximate point where the syntax error is occurring at can be seen since the color highlighting stops changing, both in your programming editor and in the forum post. if you always build sql query statements in a php variable, it helps prevent syntax errors like this by separating the sql query syntax as much as possible from the php code. you can also help prevent syntax errors like this by using a prepared query (which will also prevent sql special characters in a value from being able to break the sql query syntax) when supplying external,  unknown, dynamic values to the query when they get executed, since you are only putting a simple ? prepared query place-holder into the sql syntax for each value.

Edited by mac_gyver
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.