I cannot get my two file upload fields working with my update form. I'm able to get create_form to upload the files to my server and input info into the SQL database, but I can't get the edit to take without receiving an error. Files don't upload and info doesn't update in SQL. Please help!
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/session.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/db_connection.php");?>
<?php
session_start();
if($_SESSION["login_user"] != true) {
echo("Access denied!");
exit();
}
?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/functions.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/validation_functions.php");?>
<?php find_selected_event_page(); ?>
<?php
if (!$current_event) {
// page ID was missing or invalid or
// page couldn't be found in database
redirect_to("manage_content.php");
}
?>
<?php
if (isset($_POST['submit'])) {
// Process the form
// validations
$required_fields = array("visible");
validate_presences($required_fields);
if (empty($errors)) {
// Perform Update
$id = $current_event["id"];
$visible = mysql_prep($_POST["visible"]);
$homepage = mysql_prep($_POST["homepage"]);
$fa_id = mysql_prep($_POST["fa_id"]);
$title = mysql_prep($_POST["title"]);
$caption = mysql_prep($_POST["caption"]);
$url = mysql_prep($_POST["url"]);
$month = mysql_prep($_POST["month"]);
$date = mysql_prep($_POST["date"]);
$year = mysql_prep($_POST["year"]);
$summary = mysql_prep($_POST["summary"]);
$full_text = mysql_prep($_POST["full_text"]);
$image = rand(1000,100000)."-".$_FILES['image']['name'];
$image_loc = $_FILES['image']['tmp_name'];
$image_size = $_FILES['image']['size'];
$image_type = $_FILES['image']['type'];
$image_folder="images/";
$file = rand(1000,100000)."-".$_FILES['file']['name'];
$file_loc = $_FILES['file']['tmp_name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_folder="files/";
$final_image=str_replace(' ','-',$new_image_name);
$final_file=str_replace(' ','-',$new_file_name);
if($_FILES) {
unlink("images/".$current_event['image']);
move_uploaded_file($image_loc,$image_folder.$final_image);
unlink("files/".$current_event['file']);
move_uploaded_file($file_loc,$file_folder.$final_file); }
else
{
// if no image selected the old image remain as it is.
$final_image = $current_event['image']; // old image from database
$fine_file = $current_event['file']; // old image from database
}
$query = "UPDATE `events` SET ";
$query .= "`visible` = '{$visible}', ";
$query .= "`homepage` = '{$homepage}', ";
$query .= "`fa_id` = '{$fa_id}', ";
$query .= "`title` = '{$title}', ";
$query .= "`caption` = '{$caption}', ";
$query .= "`url` = '{$url}', ";
$query .= "`month` = '{$month}', ";
$query .= "`date` = '{$date}', ";
$query .= "`year` = '{$year}', ";
$query .= "`summary` = '{$summary}', ";
$query .= "`full_text` = '{$full_text}', ";
$query .= "`image` = '{$final_image}', ";
$query .= "`image_type` = '{$image_type}', ";
$query .= "`image_size` = '{$image_new_size}' ";
$query .= "`file` = '{$final_file}', ";
$query .= "`file_type` = '{$file_type}', ";
$query .= "`file_size` = '{$file_new_size}' ";
$query .= "WHERE `events`.`id` = {$id} ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection)) {
// Success
echo "<pre>".$query."</pre>";
$_SESSION["message"] = "Item updated.";
redirect_to("manage_content.php");
} else {
// Failure
//$_SESSION["message"] = "Item creation failed.";
//redirect_to("new_news.php");
echo "Error: " . $query . "<br>" . $result->error;
}
}
} else {
// This is probably a GET request
} // end: if (isset($_POST['submit']))
?>
Here is the error:
Error: UPDATE events SET visible = 'Y', homepage = 'Y', fa_id = '460463', title = 'Event', caption = 'Event Caption', url = '', month = '1', date = '', year = '2017', summary = 'Support event.', full_text = 'Join event', image = '', image_type = '', image_size = '' file = '', file_type = '', file_size = '' WHERE events.id = 1 LIMIT 1
Related
I was trying to make a website where image can be uploaded to the database and be edited on the website like replacing the image. Whenever I try to replace the picture in the website, it gets replaced in the database but it doesn't show up in the website.
This is my PhP code.
if(isset($_POST['update_post'])){
$post_author = $_POST['post_author'];
$post_title = $_POST['post_title'];
// post_category from input
$post_category_id = $_POST['post_category'];
$post_status = $_POST['post_status'];
$post_image = $_FILES['post_image']['name'];
$post_image_temp = $_FILES['post_image']['name'];
$post_content = $_POST['post_content'];
$post_tags = $_POST['post_tags'];
move_uploaded_file($post_image_temp, "../images/$post_image");
if(empty($post_image)) {
$query = "SELECT * FROM posts WHERE post_id = $the_post_id ";
$select_image = mysqli_query($connection, $query);
while($row = mysqli_fetch_assoc($select_image)){
$post_image = $row['post_image'];
}
}
$query = "UPDATE posts SET ";
$query .= "post_title = '{$post_title}', ";
$query .= "post_category_id = '{$post_category_id}', ";
$query .= "post_date = now(), ";
$query .= "post_author = '{$post_author}', ";
$query .= "post_status = '{$post_status}', ";
$query .= "post_tags = '{$post_tags}', ";
$query .= "post_content = '{$post_content}', ";
$query .= "post_image = '{$post_image}' ";
$query .= "WHERE post_id = {$the_post_id} ";
$update_query = mysqli_query($connection, $query);
confirm($update_query);
}
This the my database
Database Image
This is my website
Website Image
As you can see in the database, I have the images there but in my website, some pictures are not showing up. I want all of them to show up. Please help
I am uploading multiple images to my sql database but my implode method isn't working...
if(isset($_POST['submit'])) {
$id = $_POST['id'];
for($i = 0; $i < count($_FILES['file_upload']['name']); $i++){
$filetmp = $_FILES['file_upload']['tmp_name'][$i];
$filename = basename($_FILES['file_upload']['name'][$i]);
$filetype = $_FILES['file_upload']['type'][$i];
$filepath = "../images/".$filename;
move_uploaded_file($filetmp,$filepath);
}
$mainfiles = implode(", ", $filename);
$sql = "INSERT INTO pictures2 (";
$sql .= "image, photograph_id";
$sql .= ") VALUES ('";
$sql .= $database->escape_character($mainfiles) ."', '";
$sql .= $id ."')";
$result = $database->query($sql);
if($result){
$session->message('<div class="success-msg">Pictures uploaded sucessfully.</div>');
}
}
$filename should be an array. You are passing string into implode function. Do something like this.
if(isset($_POST['submit'])) {
$id = $_POST['id'];
$filename= [];
for($i = 0; $i < count($_FILES['file_upload']['name']); $i++){
$filetmp = $_FILES['file_upload']['tmp_name'][$i];
$filename[] = basename($_FILES['file_upload']['name'][$i]);
$filetype = $_FILES['file_upload']['type'][$i];
$filepath = "../images/".$filename[$i];
move_uploaded_file($filetmp,$filepath);
}
$mainfiles = implode(", ", $filename);
$sql = "INSERT INTO pictures2 (";
$sql .= "image, photograph_id";
$sql .= ") VALUES ('";
$sql .= $database->escape_character($mainfiles) ."', '";
$sql .= $id ."')";
$result = $database->query($sql);
if($result){
$session->message('<div class="success-msg">Pictures uploaded sucessfully.</div>');
}
}
Hope this helps.
Made changes like this, I am considering $id is your photograph_id
if (isset($_POST['submit'])) {
$id = $_POST['id'];
for ($i = 0; $i < count($_FILES['file_upload']['name']); $i++) {
$filetmp = $_FILES['file_upload']['tmp_name'][$i];
$filename[] = [$id, basename($_FILES['file_upload']['name'][$i])]; // here changes
$filetype = $_FILES['file_upload']['type'][$i];
$filepath = "../images/" . $filename;
move_uploaded_file($filetmp, $filepath);
}
// I made changes at below code
$valueStr = array_map(function ($item) {
return "('" . implode("','", $item) . "'),"; // to convert into `,` separated values
}, $filename);
$mainfiles = rtrim(implode("", $valueStr), ','); // removing right training `,`
$sql = "INSERT INTO pictures2 (";
$sql .= "image, photograph_id";
$sql .= ") VALUES ('";
$sql .= $database->escape_character($mainfiles) . "', '";
$sql .= $id . "')";
$result = $database->query($sql);
if ($result) {
$session->message('<div class="success-msg">Pictures uploaded sucessfully.</div>');
}
}
I cannot get my two file upload fields working with my update form. I'm able to get create_form to upload the files to my server and input info into the SQL database, but I can't get the edit to take without receiving an error. Files don't upload and info doesn't update in SQL. Please help!
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/session.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/db_connection.php");?>
<?php
session_start();
if($_SESSION["login_user"] != true) {
echo("Access denied!");
exit();
}
?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/functions.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/validation_functions.php");?>
<?php find_selected_event_page(); ?>
<?php
if (!$current_event) {
// page ID was missing or invalid or
// page couldn't be found in database
redirect_to("manage_content.php");
}
?>
<?php
if (isset($_POST['submit'])) {
// Process the form
// validations
$required_fields = array("visible");
validate_presences($required_fields);
if (empty($errors)) {
// Perform Update
$id = $current_event["id"];
$visible = mysql_prep($_POST["visible"]);
$homepage = mysql_prep($_POST["homepage"]);
$fa_id = mysql_prep($_POST["fa_id"]);
$title = mysql_prep($_POST["title"]);
$caption = mysql_prep($_POST["caption"]);
$url = mysql_prep($_POST["url"]);
$month = mysql_prep($_POST["month"]);
$date = mysql_prep($_POST["date"]);
$year = mysql_prep($_POST["year"]);
$summary = mysql_prep($_POST["summary"]);
$full_text = mysql_prep($_POST["full_text"]);
$image = rand(1000,100000)."-".$_FILES['image']['name'];
$image_loc = $_FILES['image']['tmp_name'];
$image_size = $_FILES['image']['size'];
$image_type = $_FILES['image']['type'];
$image_folder="images/";
$file = rand(1000,100000)."-".$_FILES['file']['name'];
$file_loc = $_FILES['file']['tmp_name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$file_folder="files/";
$final_image=str_replace(' ','-',$new_image_name);
$final_file=str_replace(' ','-',$new_file_name);
if($_FILES) {
unlink("images/".$current_event['image']);
move_uploaded_file($image_loc,$image_folder.$final_image);
unlink("files/".$current_event['file']);
move_uploaded_file($file_loc,$file_folder.$final_file); }
else
{
// if no image selected the old image remain as it is.
$final_image = $current_event['image']; // old image from database
$fine_file = $current_event['file']; // old image from database
}
$query = "UPDATE `events` SET ";
$query .= "`visible` = '{$visible}', ";
$query .= "`homepage` = '{$homepage}', ";
$query .= "`fa_id` = '{$fa_id}', ";
$query .= "`title` = '{$title}', ";
$query .= "`caption` = '{$caption}', ";
$query .= "`url` = '{$url}', ";
$query .= "`month` = '{$month}', ";
$query .= "`date` = '{$date}', ";
$query .= "`year` = '{$year}', ";
$query .= "`summary` = '{$summary}', ";
$query .= "`full_text` = '{$full_text}', ";
$query .= "`image` = '{$final_image}', ";
$query .= "`image_type` = '{$image_type}', ";
$query .= "`image_size` = '{$image_new_size}' ";
$query .= "`file` = '{$final_file}', ";
$query .= "`file_type` = '{$file_type}', ";
$query .= "`file_size` = '{$file_new_size}' ";
$query .= "WHERE `events`.`id` = {$id} ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection)) {
// Success
echo "<pre>".$query."</pre>";
$_SESSION["message"] = "Item updated.";
redirect_to("manage_content.php");
} else {
// Failure
//$_SESSION["message"] = "Item creation failed.";
//redirect_to("new_news.php");
echo "Error: " . $query . "<br>" . $result->error;
}
}
} else {
// This is probably a GET request
} // end: if (isset($_POST['submit']))
?>
The error I get is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'file = '', file_type = '', file_size = '' WHERE events.id = 1 LIMIT 1' at line 1
update
$query .= "`image_size` = '{$image_new_size}' ";
to
$query .= "`image_size` = '{$image_new_size}' ,";
so your final query
$query = "UPDATE `events` SET ";
$query .= "`visible` = '{$visible}', ";
$query .= "`homepage` = '{$homepage}', ";
$query .= "`fa_id` = '{$fa_id}', ";
$query .= "`title` = '{$title}', ";
$query .= "`caption` = '{$caption}', ";
$query .= "`url` = '{$url}', ";
$query .= "`month` = '{$month}', ";
$query .= "`date` = '{$date}', ";
$query .= "`year` = '{$year}', ";
$query .= "`summary` = '{$summary}', ";
$query .= "`full_text` = '{$full_text}', ";
$query .= "`image` = '{$final_image}', ";
$query .= "`image_type` = '{$image_type}', ";
$query .= "`image_size` = '{$image_new_size}', ";
$query .= "`file` = '{$final_file}', ";
$query .= "`file_type` = '{$file_type}', ";
$query .= "`file_size` = '{$file_new_size}' ";
$query .= "WHERE `events`.`id` = {$id} ";
$query .= "LIMIT 1";
Somebody solve my problem. Update query not work.
Error in Update query this step... Array to string conversion $query .= "image = '{$image}' "; ------------------------------------------------------------------------------------------------------------------------------------
if (isset($_POST['submit'])) {
$file = rand(1000,100000)."-".$_FILES['image']['name'];
$file_loc = $_FILES['image']['tmp_name'];
$folder="uploads/";
$new_file_name = strtolower($file);
$image =str_replace(' ','-',$new_file_name);
move_uploaded_file($file_loc,$folder.$image);
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$address1 = $_POST["address1"];
$address2 = $_POST["address2"];
$city = $_POST["city"];
$state = $_POST["state"];
$zipcode = $_POST["zipcode"];
$email = $_POST["email"];
$country = $_POST["country"];
$phone = $_POST["phone"];
$image = $_FILES["image"];
$username = $_POST["username"];
$passwordold = $_POST["oldpassword"];
$passwordone = $_POST["passwordone"];
$passwordtwo = $_POST["passwordtwo"];
$sessions = $_SESSION['admin_id'];
$query = "UPDATE user SET ";
$query .= "firstname = '{$firstname}', ";
$query .= "lastname = '{$lastname}', ";
$query .= "addressone = '{$address1}', ";
$query .= "addresstwo = '{$address2}', ";
$query .= "city = '{$city}', ";
$query .= "state = '{$state}', ";
$query .= "zipcode = '{$zipcode}', ";
$query .= "email = '{$email}', ";
$query .= "country = '{$country}', ";
$query .= "phone = '{$phone}', ";
$query .= "image = {$image} ";
$query .= "WHERE id = {$sessions} ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
echo "<pre>";
print_r($_FILES);
print_r($_POST);
echo "</pre>";
}
$_FILES["image"] is an array. You can only pass string in sql queries. May be you need to serialize the array and then store it in the database.
I cant put my file into a directory...
$swfpath = "swf/";
file_put_contents($swfpath . $swf, file_get_contents($swf_url));
it goes into /example.swf instead of /swf/example.swf
<?php
include "mysql.php";
echo "you shouldn't be here";
$gt = $_POST["game_tag"];
connect() or die (mysql_error());
$pubId = 'censored';
if (!$gt)
exit;
$data = file_get_contents("http://www.mochimedia.com/feeds/games/$pubId/$gt/?format=xml");
$response = new DOMDocument();
$response->loadXML($data);
$obj = $response->getElementsByTagName("entry")->item(0);
$sql = "INSERT INTO games (title, swfname, description, category, thumb) VALUES('";
$sql .= addslashes($obj->getElementsByTagName("title")->item(0)->nodeValue) . "','";
$swf_url = $obj->getElementsByTagName("link")->item(1)->getAttribute("href");
$swf = md5($sql);
$swfpath = "swf/";
file_put_contents($swfpath . $swf, file_get_contents($swf_url));
echo " URL = $swf_url";
$sql .= "$swf','"; //swfpath is the path of the directory where you store the swf files
$sql .= addslashes($obj->getElementsByTagName("description")->item(0)->nodeValue) . "','";
switch($obj->getElementsByTagName("category")->item(0)->nodeValue) {
case "Action" : $sql .= "act','"; break;
case "Shooting" : $sql .= "s','"; break;
case "Shooter" : $sql .= "s','"; break;
case "Classic" : $sql .= "c','"; break;
case "Arcade" : $sql .= "a','"; break;
default : $sql .= "m','"; break;
}
include "functions.php";
$thumbnail_url = $obj->getElementsByTagName("thumbnail")->item(0)->getAttribute("url");
$thumb = substr($thumbnail_url, -4, 4);
$thumbs = "".$gt."$thumb";
$thumbpath = "thumbs/";
file_put_contents($thumbpath . $thumbs, file_get_contents($thumbnail_url));
$sql .= "$thumbs');"; //thumbpath is the path of the directory where you store the thumb files
mysql_query("$sql") or die (mysql_error());
//insert the $sql to your database
?>