I have a page in my clients dashboard for editing his about content.
Once i click on edit button it redirects to another page and there is an option for uploading new image and also content.
Problem :If no new image is uploaded suppose only some text fields are changed and clicked on update the text content changes and redirects to main page but image is deleted from db,but i don't want image to be deleted from the db if no new picture is uploaded.
Two Files Are there
1)index.php
2)editabout.php
index.php
<div class="main-container">
<div class="row">
<div class="container">
<div class="col-lg-12">
<div class="row">
<?php include('db.php'); $select=mysql_query("SELECT * FROM `about`"); while($row=mysql_fetch_array($select)){?>
<div class="col-md-3"><img id="profileimage" src="about/<?php echo $row['image']; ?>" style="width:100%;height:200px;" class="img-thumbnail img-responsive" required>
<div class="row">
<div class="col-md-6"> <input style="width:100%;" class="btn btn-info btn-lg mb-3 mr-3" type="submit" value="Edit"></div>
</div>
</div>
<?php}?>
</div>
</div>
</div>
</div>
editabout.php
<div class="row">
<div class="col-lg-4">
<form action="" method="post" enctype="multipart/form-data">
<div class="main-container file-upload">
<div class="file-upload__dropzone">
<?php
include('db.php');
$select=mysql_query("SELECT * FROM `about` where `sl.no`='$bid' ");
while($row=mysql_fetch_array($select)){
?>
<img id="profileimage" src="about/<?php echo $row['image']; ?>" value="<?php echo $row['image']; ?>" class="img-thumbnail img-responsive" style="width:100%;height:200px;">
<?php } ?>
<div class="file-upload__browse-files">
<button class="btn btn-outline-info btn-lg btn-block btn-rounded file-upload__browse-btn">Browse files</button>
<input id="upload-files-default" name="img" type="file" multiple class="upload" onchange="readURL(this);">
</div><br>
<button class="btn btn-success btn-lg mb-2 mr-3" name="ok" type="submit">Update</button>
</div>
</div>
</form>
</div>
Php code for uploading
include('db.php');
if(isset($_POST['ok']))
{
$photo=$_FILES['img']['name'];
$target_dir = "about/";
$location = $target_dir .$_FILES["img"]["name"];
move_uploaded_file($_FILES['img']['tmp_name'],$location);
$query1="UPDATE `about` SET `image`='$photo',
`up_date`=now()
WHERE `about`.`sl.no` ='$bid'";
mysql_query($query1);
You have to check does the file exist/uploaded or not before executing any query. As an example below:
if(is_uploaded_file($_FILES["img"]["tmp_name"] && file_exists($_FILES["img"]["tmp_name"])){
//update query with picture
//move_uploaded_file here
}else{
//Only query updating does details without move_uploaded_file
}
Above code must be put in the if(isset($_POST["ok"])) code block.
Related
Quick rundown:
Everything ran perfectly as it should when I had my own custom textarea field to send data
I had a custom text editor widget for inputs, but tried to add CKEditor for more functionality
When I added CKEditor package (https://ckeditor.com/ckeditor-4/download/?undefined-addons=) the editor was there, but when I clicked "Add" button and sent data, the input was doubled and there was a space between inputs (for example - input was:"test" and output was "test<br><br>test"), as if I put <br> tag and multiplied my input somewhere.
When I stopped trying with CKEditor, I went back to original code and my own original custom text editor, which before worked perfectly. However, to my surprise, it now still doubles the input string, but it doesn't put a <br> tag in between.
In DB the string value is normal and not doubled.
I have no idea how this happened, I've been going over the code for a hour or so now, trying to see if I overlooked something, but I even created a separate file with functioning code, before I was trying with CKEditor in case something broke and I could just replace it with old code and try tomorrow, but now it's messed up and I have no idea how and where.
notifications.php
<form class="form-inline" action="/action_page.php">
</form>
</nav>
<div class="container-fluid m-0 p-0">
<div class="row justify-content-center">
<div class="col-md-10">
<?php if (isset($_SESSION['response'])) { ?>
<div class="alert alert-<?= $_SESSION['res_type']; ?> alert-dismissible text-center">
<button type="button" class="close" data-dismiss="alert">×</button>
<b><?= $_SESSION['response']; ?></b>
</div>
<?php } unset($_SESSION['response']); ?>
</div>
</div>
<div class="row">
<div class="">
<?php
$query = 'SELECT * FROM crud';
$stmt = $conn->prepare($query);
$stmt->execute();
$result = $stmt->get_result();
?>
<table class="table table-hover" id="data-table">
<tbody>
<?php while ($row = $result->fetch_assoc()) { ?>
<tr>
<td></td>
<td class="pt-2"><?=
$longString=$row['name'];
$link = $row['id'];
$longStringshortcut = strlen($longString);
//echo substr($longString, 0, 100).'... Read More';
if ($longStringshortcut > 250) {
echo substr($longString, 0, 250).".. <a href='details.php?details=$link'><strong>Preberi več...</strong></a>"; }
else {
echo $longString;
}
?>
Details
Delete
Edit
</td>
</tr>
<?php } ?>
</tbody>
</table>
<div class="col-md-4 p-0">
<h5 class="">Add notification:</h5>
<form action="action.php" method="post" enctype="multipart/form-data">
<input type="hidden" name="id" value="<?= $id; ?>">
<div class="form-group">
<textarea name="name" value="<?= $name; ?>" class="form-control" placeholder="This is the default text" required></textarea>
</div>
<div class="form-group">
<?php if ($update == true) { ?>
<input type="submit" name="update" class="btn btn-success btn-block" value="Change notification">
<?php } else { ?>
<input type="submit" name="add" class="btn btn-primary btn-block" value="Add">
<?php } ?>
</div>
<div class="form-group">
<input type="hidden" name="oldimage" value="<?= $photo; ?>">
<input type="file" name="image" class="custom-file">
<img src="<?= $photo; ?>" width="120" class="img-thumbnail">
</div>
</form>
</div>
</div>
</div>
</div>
action.php
<?php
session_start();
include 'config.php';
$update=false;
$id="";
$name="";
$photo="";
if(isset($_POST['add'])){
$name=$_POST['name'];
$photo=$_FILES['image']['name'];
$upload="uploads/".$photo;
$query="INSERT INTO crud(name,photo)VALUES(?,?)";
$stmt=$conn->prepare($query);
$stmt->bind_param("ss",$name,$upload);
$stmt->execute();
move_uploaded_file($_FILES['image']['tmp_name'], $upload);
header('location:index.php');
$_SESSION['response']="Successfully Inserted to the database!";
$_SESSION['res_type']="success";
}
The problem was with the <?= syntax (echoing), <?php solved it.
I have an upload image to database code like this:
<form method="post" action="quanly.php" class="form-group justify-content-center" enctype="multipart/form-data">
<div class="custom-file mb-3">
<input type="file" class="custom-file-input" id="image" name="image">
<label class="custom-file-label" for="customFile">Choose file</label>
</div>
<div class="col text-center">
<button type="submit" name="submit" id="add_btn" class="btn btn-primary mb-2"> <i class="fas fa-plus"></i>Submit</button>
</div>
</form>
And the PHP code:
$image = addslashes($_FILES['image']['name']);
$query = "INSERT INTO tasks (image) VALUES ('$image')";
mysqli_query($db, $query); //db is the mysql connection
Everything upload works just fine, but I have some code to display image using Bootstrap 4 modal
<?php $i = 1; while ($row = mysqli_fetch_array($tasks)) { ?>
<button type="button" class="btn btn-primary btn-sm " data-toggle="modal" data-target="#imagemodal<?php echo $row['id'];?>" <?php if (empty($row['image'])) { echo "disabled"; } ?> ><i class="fas fa-image"></i></button>
<!-- IMAGE MODAL BEGIN -->
<div class="modal fade" id="imagemodal<?php echo $row['id'];?>">
<div class="modal-dialog">
<div class="modal-content">
<!-- Modal Header -->
<div class="modal-header">
<h4 class="modal-title">Xem ảnh/ đính kèm</h4>
<button type="button" class="close" data-dismiss="modal">×</button>
</div>
<!-- Modal body -->
<div class="modal-body">
<?php echo '<img src="data:image/jpeg;base64,'.base64_encode( $row['image'] ).'"/>'; ?>
</div>
<!-- Modal footer -->
<div class="modal-footer">
<button type="button" class="btn btn-danger" data-dismiss="modal">Close</button>
</div>
</div>
</div>
</div>
<!-- IMAGE MODAL END -->
<?php $i++; } ?>
Which image of rows showing a small image square (error), when I view the image url, it's something like this: data:image/jpeg;base64,ei5wbmc=
Store and upload image in folder code
<?php
if(isset($_POST['but_upload'])){
$name = $_FILES['file']['name'];
$target_dir = "upload/";
$target_file = $target_dir . basename($_FILES["file"]["name"]);
// Select file type
$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
// Valid file extensions
$extensions_arr = array("jpg","jpeg","png","gif");
// Check extension
if( in_array($imageFileType,$extensions_arr) ){
// Insert record
$query = "insert into images(name) values('".$name."')";
mysqli_query($con,$query);
// Upload file
move_uploaded_file($_FILES['file']['tmp_name'],$target_dir.$name);
}
}
?>
<form method="post" action="" enctype='multipart/form-data'>
<input type='file' name='file' />
<input type='submit' value='Save name' name='but_upload'>
</form>
Show in display view.
<?php
$sql = "select name from images where id=1";
$result = mysqli_query($con,$sql);
$row = mysqli_fetch_array($result);
$image = $row['name'];
$image_src = "upload/".$image;
?>
<img src='<?php echo $image_src; ?>' >
My submit button suddenly stopped working. It submits data into a MySQL database.
While I was doing some design changes, it suddenly stopped working.
Are there any apparent errors/mistakes in the code below?
I'm a noob who's currently trying to learn some PHP and so on, so any help would be much appreciated. :)
<section id="moviesearch">
<!-- Section -->
<div class="subcribe2">
<div class="container">
<!-- Container -->
<div class="row">
<!-- Row -->
<div class="col-md-4">
</div>
<body ng-app="myApp">
<div ng-controller="MyCtrl" class="col-md-4">
<form class="form-watch-list-create">
<input required="required" placeholder="Movie title" type="text" class="form-control" typeahead="item.Title for item in getLocation($viewValue)" typeahead-loading="loadingLocations" typeahead-min-length="2" typeahead-wait-ms="1000" typeahead-on-select="onSelected($item)"
typeahead-template-url="customTemplate.html" ng-model="asyncSelected">
<i ng-show="loadingLocations" class="glyphicon glyphicon-refresh"></i>
</div>
<div class="col-md-4">
<button type="submit" class="btn btn-block btn-sm btn-dark">Add to watchlist</button>
</div>
</body>
</div>
<!-- End Row -->
</div>
<!-- End Container -->
</div>
<script type="text/ng-template" id="customTemplate.html">
<a>
<span bind-html-unsafe="match.label | typeaheadHighlight:query" style="width: auto;"></span>
({{match.model.Year}})
<!-- <img ng-src="{{match.model.Poster}}" width="120"> -->
</a>
</script>
<div ng-controller="MyCtrl">
<i ng-show="loadingLocations" class="glyphicon glyphicon-refresh"></i>
</div>
</section>
Edit
Here's the code that sends data into the MYSQL database:
function addWatchList() {
if (isset($_GET['addtowatchlist'])) {
$name = $_GET['name'];
$conn = dbmysql();
$query ="INSERT INTO watch_list values(null,'{$name}','{$_SESSION['user_id']}','NOW()')";
if (mysqli_query($conn,$query)) {
$last = "SELECT * FROM watch_list WHERE created_by = '{$_SESSION['user_id']}' order by id desc limit 1";
$data = mysqli_query($conn,$last);
while ($row = mysqli_fetch_assoc($data)) {
include "_view.php";
}
}else {
echo "An error occurred. Please try again.";
}
exit;
}
}
I am looking to your code, missing attribute action="somefile.php" and method="get" if you are planning on submitting it using the form, you should put it or if you are planning on submitting your code using javascript you can use <form onsubmit="myFunction()"> That is what you are missing. I am not seeing you addtowatchlist name from your input so that php can catch it to your isset.
The submit button isn't inside the form.
You're missing the </form> tag to end the <form>. But you have </div> that matches the <div> just before </form>, so it's implicitly closing the <form> tag as well. Then you have <input type="submit"> after it. Since the submit button isn't inside the form, and has no form tag associating it with the form, it doesn't know which form it should submit when you click on it.
Try this:
<form class="form-watch-list-create">
<div ng-controller="MyCtrl" class="col-md-4">
<input
required="required"
placeholder="Movie title"
type="text"
class="form-control"
typeahead="item.Title for item in getLocation($viewValue)"
typeahead-loading="loadingLocations"
typeahead-min-length="2"
typeahead-wait-ms="1000"
typeahead-on-select="onSelected($item)"
typeahead-template-url="customTemplate.html"
ng-model="asyncSelected">
<i ng-show="loadingLocations" class="glyphicon glyphicon-refresh"></i>
</div>
<div class="col-md-4">
<button type="submit" class="btn btn-block btn-sm btn-dark">Add to watchlist</button>
</div>
</form>
This puts the form around both columns.
Use the method attribute in form tag and end the form tag properly
<form role="form" method="get" class="form-watch-list-create">
<div ng-controller="MyCtrl" class="col-md-4">
<input
required="required"
placeholder="Movie title"
type="text"
class="form-control"
typeahead="item.Title for item in getLocation($viewValue)"
typeahead-loading="loadingLocations"
typeahead-min-length="2"
typeahead-wait-ms="1000"
typeahead-on-select="onSelected($item)"
typeahead-template-url="customTemplate.html"
ng-model="asyncSelected">
<i ng-show="loadingLocations" class="glyphicon glyphicon-refresh"></i>
</div>
<div class="col-md-4">
<button type="submit" class="btn btn-block btn-sm btn-dark">Add to watchlist</button>
</div>
</form>
I am trying to handle the Post request in the same page. But i am facing some issues when handling post parameters.I am always getting 'value as empty'.
Below is my code.
<body>
<?php include 'Header.html' ?>
<div class="container">
<div style="margin:10% 30% 0% 30%;">
<div class="panel panel-default">
<div class="panel-heading">
<h4 align="center" style="font-family: monospace;"><p>Upload External Device Report</p></h4>
</div>
<div class="panel-body">
<div class="container col-lg-12">
<form class="form-horizontal" action="UploadExternalReport.php" role="form" method='post' enctype="multipart/form-data">
<div class="input-group">
<input type="file" class="filestyle" data-buttonName="btn-primary" name="fileToUpload" accept=".xls ,.xlsx" required="required" >
</div>
<br/>
<button type="submit" class="btn btn-default">Upload</button>
</form>
</div>
</div>
</div>
</div>
</div>
<?php
// require_once '../PHPExcel/IOFactory.php';
if(isset($_POST["fileToUpload"]) && trim($_POST["fileToUpload"]) != ""){
echo $_POST['fileToUpload'];
}
else
{
echo'value is empty';
}?>
I tried !empty($_POST["fileToUpload"]) in if condition. But still its getting as 'value is empty'.
You are supposed to use the $_FILES array, not $_POST.
So make use of $_FILES['fileToUpload'].
http://php.net/manual/en/reserved.variables.files.php
I need to know how can I implement a user level access in my site. I need to hide forms and images when users with level are member...
in my DB I have a USERS TABLE with:
id
nombre
apellido
username
password
level
level is ENUM and have this two selects: administrator and member
I can hide scripts in any page with this type of PHP code:
<?php if(basename($_SERVER['PHP_SELF']) == 'contact.php') { ?>
<script src="js/jquery.js"></script>
<?php } ?>
and works very well, but I don't know how can hide per example this:
<div class="box span6">
<div class="box-header well" data-original-title>
<h2><i class="icon-picture"></i> <?php $translate->__('Save images'); ?></h2>
<div class="box-icon">
<i class="icon-chevron-up"></i>
<i class="icon-remove"></i>
</div>
</div>
<div class="box-content">
<form action="upload.php" method="post" name="image_upload" id="image_upload" enctype="multipart/form-data">
<label><?php $translate->__('Images type'); ?> (gif, jpg, png)</label><br />
<input type="file" size="45" name="uploadfile" id="uploadfile" class="file margin_5_0" onchange="ajaxUpload(this.form);" />
<div id="upload_area" class="corners align_center">
<?php $translate->__('Please select one image'); ?>.
</div>
</form>
</div>
</div>
In google I saw this code but don't work in my partycular case:
<?php if($USERS->level == "administrator"): ?>
<?php endif; ?>
can you help me with my problem?
Hiding js files will not do you much good because an attacker can intercept the javascript file being served to your admin user, build his own mock-up page of your site and have it use that javascript. So make sure to put security and validation in your php code, especially inside your upload.php
Obviously this $USERS->level can be replaced by any variable that you have set.
<?php if($USERS->level == "administrator")
{
?>
<div class="box span6">
<div class="box-header well" data-original-title>
<h2><i class="icon-picture"></i> <?php $translate->__('Save images'); ?></h2>
<div class="box-icon">
<i class="icon-chevron-up"></i>
<i class="icon-remove"></i>
</div>
</div>
<div class="box-content">
<form action="upload.php" method="post" name="image_upload" id="image_upload" enctype="multipart/form-data">
<label><?php $translate->__('Images type'); ?> (gif, jpg, png)</label><br />
<input type="file" size="45" name="uploadfile" id="uploadfile" class="file margin_5_0" onchange="ajaxUpload(this.form);" />
<div id="upload_area" class="corners align_center">
<?php $translate->__('Please select one image'); ?>.
</div>
</form>
</div>
</div>
<?php
}
?>