I host the web that I created on 000webhost.com. All went well. But there are mistakes that happen sometimes. When uploading photos, adding data to the database, or when editing data. Sometimes data is stored and changed, sometimes nothing happens. Sometimes photos uploaded, sometimes nothing happens. Sometimes the data is successfully edited, sometimes nothing happens. Why is that? What is wrong?
this is my code
<?php
include('connect.php');
date_default_timezone_set('Asia/Jakarta');
$q = mysql_query("SELECT * FROM artikel");
$id = $_GET['id'];
$fileName = $_FILES['file']['name'];
$judul = $_POST['judul'];
$isi = $_POST['isi'];
$link = $_POST['link'];
$tanggal = date("Y-m-d H:i:s");
$message = "Data tidak boleh kosong!";
//Jika form nama tidak di isi
if(empty($judul || $isi || $link)){
echo "<script type='text/javascript'>alert('$message');</script>";
echo "<script>window.location = 'edit-artikel.php?id=$id';</script>";
}
//Jika kedua form di isi masukan data baru ke database
else{
$move = move_uploaded_file($_FILES['file']['tmp_name'],"img/ArtPic/{$_FILES['file']['name']}");
if ($move){
$sql = mysql_query("UPDATE `artikel` SET waktu='$tanggal', judul='$judul', isi='$isi', foto='$fileName', link='$link' WHERE id='$id'");
//Pemrosesan telah selesai, dan kembalikan ke halaman index.php
echo "<script>window.location = 'beranda-admin.php';</script>";
}elseif (empty($fileName)) {
$sql = mysql_query("UPDATE `artikel` SET waktu='$tanggal', judul='$judul', isi='$isi', link='$link' WHERE id='$id'");
echo "<script>window.location = 'beranda-admin.php';</script>";
}else{
echo "gagal bor";
}
}
exit;
?>
Related
I am still learning PHP. I want my the picture that i have uploaded to show after uploading.
its uploading but its not changing the uploaded picture on the browser.
It changes after i restart my computer.Sometimes it changes when I change the browser. i am using Chrome.
What could be the problem here because it is uploading and updating the database. But the uploaded picture is not changing immediately when uploaded.
here is my code.
<?php
include 'config.php';
session_start();
$user=$_SESSION['username'];
$update = $conn->real_escape_string($_POST['update']);
$phone = $conn->real_escape_string($_POST['phone']);
$email = $conn->real_escape_string($_POST['email']);
$pswd = $conn->real_escape_string($_POST['pswd']);
$pswd2 = $conn->real_escape_string($_POST['pswd2']);
//$avatar = $_POST['name'];
if ($pswd!=$pswd2)
{
$_SESSION["message"] = "Passwords do not match. Please try again.";
header("location:profile?error");
}
else
{
$pswd = password_hash($pswd, PASSWORD_BCRYPT);
$sql= "UPDATE students SET email='$email' WHERE username='$user'";
$sql2 ="UPDATE students SET phonenum='$phone' WHERE username='$user'";
$result = $conn->query($sql) and $conn->query($sql2);
if (empty($pswd) || empty($pswd2))
{
header("location:profile");
}
else
{
$sql3= "UPDATE students SET pswd='$pswd' WHERE username='$user'";
}
$passresult=$conn->query($sql3);
if($result==TRUE && $passresult==TRUE)
{
$_SESSION['message'] = "Profile Updated!";
header("location:profile.php?done");
}
}
if(isset($_POST['submit'])){
//Targeting Folder
$target="propics/";
$target=$target.basename($_FILES['propic']['name']);
//Getting Selected image Type
$type=pathinfo($target,PATHINFO_EXTENSION);
//Allow only image Format To Upload
if($type!='jpg' && $type!='jpeg' && $type!='JPG' && $type!='PNG' && $type!='GIF' && $type!='png' && $type!='gif'){
echo "Only JPG,JPEG,PNG and GIF file format are allowed to Upload";
}
else{
//lmit file size
if ($_FILES['propic']['size'] > 5000000) {
echo "Sorry, your image is too large.";
}
else{
$upload_success=move_uploaded_file($_FILES['propic']['tmp_name'],$target);
if($upload_success==TRUE){
//Getting Selected image Information
//renaming the file to the username to avoid conflict when uploading
$name=$user.".".$type;
rename("propics/".$_FILES['propic']['name'],"propics/".$name);
//
$sql= "UPDATE students SET propic='$name' WHERE username='$user'";
$result = $conn->query($sql);
if($result==TRUE){
$_SESSION['message']= "Profile picture updated successfully!";
header("location:/prac/profile.php?done");
}
}
}
}
}
?>
below is the code that is showing the picture.
<img id="mainpropic" src="propics/<?php echo $row['propic'];?>" width="200px" height="200px" >
I realized that this is a browser problem, the browser is caching the picture. If i refresh without cache everything works well.
Here I want to create one more folder inside upload folder and that folder will be unique like based on registration id.
In database I want to save path like ../upload/userid/image_name.jpg
Here is my PHP code:-
session_start();
include 'db.php';
$target_dir = "../upload/";
$target_file = $target_dir . basename($_FILES["photo"]["name"]);
$uploadOk = 1;
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
move_uploaded_file($_FILES["photo"]["tmp_name"], $target_file);
}
$name = $_POST["name"];
$email = $_POST["email"];
$sql = "SELECT email FROM register where email='$email'";
$qur = $connection->query($sql);
if(mysqli_num_rows($qur)==0)
{
$password = md5($_POST["password"]);
$phone = $_POST["phone"];
$sql = "INSERT INTO register(name,email,password,photo,phone)
VALUES ('$name','$email','$password','$target_file','$phone')";
$success = $connection->query($sql);
if (!$success) {
die("Couldn't enter data: ".$connection->error);
}else{
echo "Thank You For registration <br>";
}
}else{
echo "Email-id already exist";
}
$connection->close();
Try this code.
if($uploadOk == 0){
echo "Sorry, your file was not uploaded.";
}else{
mkdir($target_dir.$id);
//The variable $id is your registration id.
move_uploaded_file($_FILES["photo"]["tmp_name"], $target_dir.$id."/");
}
You can use php function mkdir("/path/to/my/dir"); You would need to move use of function move_uploaded_file after record has been inserted in database [in case of new registration]. After record is inserted you would need to get last inserted id from mysql and use it in mkdir function with full path of the folder where you want to keep the uploaded file.
Actually My problem is when I am registering user profile on localhost is working fine and image is storing in folder but after published is not storing image in folder.
my php code
$target_dir = "../upload/";
$target_file = $target_dir . basename($_FILES["photo"]["name"]);
$uploadOk = 1;
if ($uploadOk == 0) {
echo "Sorry, your file was not uploaded.";
} else {
move_uploaded_file($_FILES["photo"]["tmp_name"], $target_file);
}
$name = $_POST["name"];
$email = $_POST["email"];
$sql = "SELECT email FROM register where email='$email'";
$qur = $connection->query($sql);
if(mysqli_num_rows($qur)==0)
{
$password = md5($_POST["password"]);
$birth = $_POST["birth"];
$sql = "INSERT INTO register(name, email,password,photo,birth)
VALUES ('$name','$email','$password','$target_file','$birth')";
$success = $connection->query($sql);
if (!$success) {
die("Couldn't enter data: ".$connection->error);
}else{
echo "Thank You For registration";
}
}else{echo "Email-id already exist";
}
most of the time server need dont allow to upload data.
you need to give permission to your upload folder and it will work
You can check your error: $_FILES['photo']['error']
You can get more detail from here :- http://php.net/manual/en/features.file-upload.errors.php
I have a client edit form that successfully uploads an image to my website. When I uploaded a file using the FILE field, it then will save it to my mysql database.
The problem is, if I save the client record again, if there is nothing in the FILE field, it will overwrite the existing record with blank entry. If nothing new gets uploaded, I would like it to NOT overwrite what was already saved.
The code below should explain better. I'm guessing the UPDATE shouldn't proceed with coupon_img='$file' when no new file has been chosen to upload?
<?php
$file = rand(1000,100000)."-".$_FILES['file']['name'];
$file_loc = $_FILES['file']['tmp_name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$folder="coupons/";
$id = $_POST['id'];
$category = $_POST['category'];
$package = $_POST['package'];
$client_name = $_POST['client_name'];
$client_img = $_POST['client_img'];
$deal = $_POST['deal'];
$phone = $_POST['phone'];
$yelp = $_POST['yelp'];
$address = $_POST['address'];
$latlong = $_POST['latlong'];
move_uploaded_file($file_loc,$folder.$file);
$sql="UPDATE $tbl_name SET id='$id', category='$category', coupon_img='$file', package='$package', client_name='$client_name', client_img='$client_img', deal='$deal', phone='$phone', yelp='$yelp', address='$address', latlong='$latlong' WHERE id='$id'";
$result_edit=mysqli_query($GLOBALS["___mysqli_ston"], $sql);
// if successfully updated.
if($result_edit){
header("Location: edit/edit.php");
}
else {
echo "ERROR";
}
?>
I figured out how to do this...
if($_FILES['file']['name'] == "") {
$sql="UPDATE $tbl_name SET id='$id', category='$category', package='$package', client_name='$client_name', client_img='$client_img', deal='$deal', phone='$phone', yelp='$yelp', address='$address', latlong='$latlong' WHERE id='$id'";
} else {
$sql="UPDATE $tbl_name SET id='$id', category='$category', coupon_img='$file', package='$package', client_name='$client_name', client_img='$client_img', deal='$deal', phone='$phone', yelp='$yelp', address='$address', latlong='$latlong' WHERE id='$id'";
}
i am little bit problem in Image upload in a database directory.image upload my avatar folder and can't show my page becouse problem is that in database id, username table show my data but imagelocation table can't show my directory.please any one told me that, what is the problem in my code and correct it specify line
upload.php
<?php
include("connecton.php");
$_SESSION['username']="kyle";
$username = $_SESSION['username'];
if($_POST['submit'])
{
//get file attribute
$name = $_FILES['myfile']['name'];
$tmp_name = $_FILES['myfile']['tmp_name'];
if($name)
{
//start upload process
$location = "avatars/$name";
move_uploaded_file($tmp_name,$location);
$query = mysql_query("UPDATE users SET imagelocation='$location' WHERE username='$username'");
die("Your avatar has been uploaded! <a href='view.php'>HOme</a>");
}
else
die("Please select a file");
}
echo "Welcome, ".$username."!<p>";
echo "Upload Your Image:
<form action='upload.php' method='POST' enctype='multipart/form-data'>
File: <input type='file' name='myfile'> <input type='submit' name='submit' value='upload!'>
</form>
";
?>
view.php
<?php
include("connecton.php");
$username = $_SESSION['username'];
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
if (mysql_num_rows($query)==0)
die ("User not found");
else
{
$row = mysql_fetch_assoc($query);
$location = $row['imagelocation'];
echo "<img src='$location' width='100' height='100'>";
}
?>
a) You do not check if the upload succeeded. At least do something like:
if ($_FILES['myfile']['error'] === UPLOAD_ERR_OK) {
... upload went ok
}
b) You're using the original user's filename to store it on your server, and you do not sanitize the filename. THere is NOTHING to prevent a malicious user from setting a filename such as ../../../../../../../../../some/critical/system/file, which your script will then happily overwrite.
c) You do not check of the move_uploaded_file() succeeded:
if (!move_uploaded_file(...)) {
die("Move failed!")
}
d) You do not check if the database query succeeded:
$stmt = mysql_query(...)
if ($stmt === FALSE) {
die("MySQL query failed: " . mysql_error());
}
e) You've not sanitized the $filename, so again a malicious user can subvert your query and directly attack your database with SQL injection attacks.
f) You're doing a SELECT * FROM... to get the image's location. Are you sure your table contains an 'imagelocation' row? YOU didn't check if the insert query succeeded using the same row, so maybe you've got a typo and it's really "imglocation" instead.
First php statement of both of upload.php and view.php should be this:
session_start();