PHP MYSQL Changing the photo on my database - php

I am very new to PHP;
ADD.PHP - I have a form that collects the following information 1. name 2. email 3. phone and picture
pictures are stored on a directory folder on my server and then the filename of that photo is stored on my sql table.
VIEW.PHP - all the data in mysql is being displayed in this page including the photo in tabular format including the id of every record. The id being display is a hyperlink in which when clicked you will be directed to a page wherein you can edit the record contents:
below is the code for my EDIT.PHP
<?php
// Connects to your Database
mysql_connect("localhost", "user1", "12345") or die(mysql_error()) ;
mysql_select_db("test") or die(mysql_error()) ;
// Check whether the value for jobnumber is transmitted
if (isset($_GET['id'])) {
// Put the value in a separate variable
$id = $_GET['id'];
// Query the database for the details of the chosen jobnumber
$result = mysql_query("select id, name, email,
phone, picture from employees where id = $id");
// Check result
// This shows the actual query sent to MySQL, and the error. Useful for debugging.
if (!$result) {
$message = "Invalid query: " . mysql_error() . "\n";
$message .= "Whole query: " . $query;
die($message);
}
// Attempting to print $result won't allow access to information in the resource
// One of the mysql result functions must be used
// See also mysql_result(), mysql_fetch_array(), mysql_fetch_row(),etc.
while ($row = mysql_fetch_array($result)) {
$name = $row['name'];
echo $name. "\n";
echo $row['email'] . "\n";
echo $row['phone'] . "\n";
echo "<img width=500px height=500px src=pics/" . $row['picture'].">" . "\n";
// form tag
echo '<form action="add2.php" method="POST">';
//display name
echo 'Name: <input type="text" name="name" value="';
echo $row['name'];
echo '"><br>';
//display email
echo 'email: <input type="text" name="email" value="';
echo $row['email'];
echo '"><br>';
//display phone
echo 'Phone: <input type="text" name="phone" value="';
echo $row['phone'];
echo '"><br>';
//display photo
echo 'Photo: <input type="text" name="photo" value="';
echo $row['picture'];
echo '"><br>';
echo '<input type="submit" value="Add">';
echo '</form>';
}
} else {
die("No valid data specified!");
}
?>
using this code, the test fields went well but the input box for the photo is blank and when i click the button the photo field in my database will be blank unless i uploaded a new photo?
how can the user change the existing photo? or retain the old photo if not being changed?


Assuming your employees.picture column stores the path to the image.
To upload a new photo, you're going to need to change a couple of things...
Your form needs to use the correct encoding type, ie
<form action="add2.php" method="post" enctype="multipart/form-data">
You also need to provide a "file" input element to accept the new photo, eg
<input type="file" name="photo">
To see if a new photo has been supplied, simply check (after detecting a valid POST request)
if ($_FILES['photo']['error'] == UPLOAD_ERR_OK) {
// file uploaded
}


see this link :http://www.w3schools.com/PHP/php_file_upload.asp
As to changing the existing photo, u should also save the name of the photo name in your db fom within the page add2.php
when any users wants to upload the photo for the second time, then a check should be made in add2.php to find whether a photo was previously uploaded. Then U can take a decision from the user from 2 yes, no buttons. If yes then UPDATE( not insert) the corresponding column in db table.
U can use jquery to take the decision and work accordingly. Any help needed with jquery?
IF it is for the first time that the uploading is gonna take place, then u can bypass the check process.
Clear?

Related

How to INSERT multiple rows with multiple values, but only for items that have checkboxes ticked next to them

I am coding a discography tool for a music database.
Artists are able to insert tracks, singles, EPs, and albums all into separate tables on the database.
Having tracks be in their own separate table allows the same tracks to be attached to multiple singles, EPs and albums while only requiring there to be one record for that track in the database.
Which means individual track pages can have an automatically generated list of links back to the Singles, EPs and albums that they appear on. Making navigating the database through the website a much smoother experience.
I have come to the point where I am coding a tool to attach any existing tracks in the database for a given artist onto an album page.
I am using another table in the database called 'trackconnections' to create the relational links between the track ids from the track table and the album id from the album table, with an additional column called albumtracknum available to be able to output the tracks in the right order when queried on the album page.
The code for the tool is behind a button labelled 'Attach existing track(s) to album'. The code for this tool is as follows:
if (isset($_POST['attachexistingtracktoalbum-submit'])) {
require "includes/db_connect.pdo.php";
$artistid = $_POST["artistid"];
$albumid = $_POST["albumid"];
echo '<strong>Select each track you would like to add to this album below and type in the track number you want it to have on the album in the box underneith the name of each selected track.</strong><br><br>';
$stmt = $pdo->query("SELECT * FROM track WHERE artist_id = '$artistid'
order by trackname");
while ($row = $stmt->fetch())
{
echo '<form action="includes/attachexistingtracktoalbum.inc.php" method = "post">';
echo '<div class="checkbox">';
echo '<label>';
echo "<input type='checkbox' name='trackid[]' value='".$row['id']."' />";
echo '<span class="cr"><i class="cr-icon glyphicon glyphicon-ok"></i></span>';
echo ' '.$row['trackname'];
echo '</label>';
echo "<br><label for='albumtracknum'>Track number:</label><br>
<input type='text' name='albumtracknum[]'>
<input type='hidden' name='albumid[]' value='".$albumid,"'>
<br><br>";
echo '</div>';
}
?>
<input type="hidden" name="albumidforreturn" value="<?php echo $albumid;?>">
<button type="submit" name="attachexistingtracktoalbum-submit">Attach track(s) to album</button>
<?php }
else {
header("Location: /index.php");
exit();
}?>
(NB: The post data here is not sanitised for the sql query as it has been passed along in a hidden form from the original album page)
This generates a page with all track names for the current artist available on a list with checkboxes, with each track name being followed by a data entry box to enter the track number for the album being added to.
Submission of the form then hands off to the following include code:
if (isset($_POST['attachexistingtracktoalbum-submit'])) {
require "db_connect.pdo.php";
$albumid = implode(',',$_POST['albumid']);
$trackid = implode(',',$_POST['trackid']);
$albumtracknum = implode(',',$_POST['albumtracknum']);
$albumidforreturn = $_POST['albumidforreturn'];
// echo 'albumid: '.$albumid.'<br>';
// echo 'trackid: '.$trackid.'<br>';
// echo 'albumtracknum: '.$albumtracknum.'<br>';
$sql = "INSERT INTO trackconnections (albumid, trackid, albumtracknum) VALUES (?,?,?);";
$stmt= $pdo->prepare($sql);
$stmt->execute([$albumid,$trackid,$albumtracknum]);
header("Location: ../albumdetail.php?albumid=$albumidforreturn");
exit();
}
else {
header("Location: ../index.php");
exit();
}
(NB: The commented out echos are there to test what the output is from the previous form)
The 2 problems I am having are that my 'Attach existing tracks to album' form submit:
1. Passes on too much data.
The generated form should only pass on the track ids, album number, and track numbers that have had their checkboxes ticked. For insertion into the 'trackconnections' table.
Instead it narrows down the ticked checkbox track ids only and then creates comma separated values for every available track to select, rather than just those actually selected.
Which leads to annoying outputs such as the following when passing on data from form to include:
albumid: 4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4
trackid: 30,14
albumtracknum: ,2,3,,,,,,,,,,,,,,,,,,,,,
Where it should only read as:
albumid: 4,4
trackid: 30,14
albumtracknum: 2,3
Having too much data get passed through means that the row inserts won't be correct on multiple INSERTS once I do get this working, as they won't align with one another in the correct order.
2. The include only INSERTS 1 row to the 'trackconnections' table.
It seems I am misunderstanding how to add multiple rows to the database with my code here.
As having multiple checkboxes ticked on my 'Attach existing tracks to album' form only inserts 1 single row to the database on submission of the form each time.
Consistently the only track that gets added to the 'trackconnections' table is the first track with its checkbox ticked and, because of issue no. 1 above, the albumtracknum is always 0 unless I type a number into the first albumtracknum box on the available checklist.
I need to make tweaks to this code so that both problem 1 and 2 are addressed together, meaning that ticking the checkboxes & adding track numbers into each box following the track names actually adds multiple rows to the database along with their corresponding album track numbers.
I hope someone can help.
EDIT TO SHOW REFINED AND WORKING CODE:
New code for checkbox and textbox sections -
if (isset($_POST['attachexistingtracktoalbum-submit'])) {
require "includes/db_connect.pdo.php";
$artistid = $_POST["artistid"];
$albumid = $_POST["albumid"];
echo '<strong>Select each track you would like to add to this album below and type in the track number you want it to have on the album in the box underneith the name of each selected track.</strong><br><br>';
$stmt = $pdo->query("SELECT * FROM track WHERE artist_id = '$artistid'
order by trackname");
echo '<form action="includes/attachexistingtracktoalbum.inc.php" method = "post">';
while ($row = $stmt->fetch())
{
echo '<div class="checkbox">';
echo '<label>';
echo "<input type='checkbox' name='trackid[]' value='".$row['id']."' />";
echo '<span class="cr"><i class="cr-icon glyphicon glyphicon-ok"></i></span>';
echo ' '.$row['trackname'];
echo '</label>';
echo "<br><label for='albumtracknumber'>Track number:</label><br>
<input type='text' name='albumtracknumber_".$row['id']."'>
<input type='hidden' name='albumid[]' value='".$albumid,"'>
<br><br>";
echo '</div>';
}
?>
<input type="hidden" name="albumidforreturn" value="<?php echo $albumid;?>">
<button type="submit" name="attachexistingtracktoalbum-submit">Attach track(s) to album</button>
</form>
<?php }
else {
header("Location: /index.php");
exit();
}
New code for the include INSERT processing -
if (isset($_POST['attachexistingtracktoalbum-submit'])) {
require "db_connect.pdo.php";
$albumid = implode(',',$_POST['albumid']);
$trackid = implode(',',$_POST['trackid']);
$albumidforreturn = $_POST['albumidforreturn'];
foreach($_POST['trackid'] as $trackidloop) {
$albumtracknum = $_POST["albumtracknumber_{$trackidloop}"];
$sql = "INSERT INTO trackconnections (albumid, trackid, albumtracknum) VALUES (?,?,?);";
$stmt= $pdo->prepare($sql);
$stmt->execute([$albumid,$trackidloop,$albumtracknum]);
}
header("Location: ../albumdetail.php?albumid=$albumidforreturn");
exit();
}
else {
header("Location: ../index.php");
exit();
}

This isn't an entire solution but I see some problems:
You are looping through tracks and creating a new form for each one. The first problem is , you are missing the closing form tag. I guess the browser is automatically creating one, when it sees the next form start tag. ?? That's why you only get one single posted checkbox.
I would put all the track checkboxes into a single form. Then the posted trackid[] array will contain all the checked items.
[EDIT after your comment: The hidden fields albumid[] post the entire array, whereas the trackid[] checkboxes only post the actual checked boxes (HTML spec).
Instead of having albumid[], You could put the trackID and albumID together for the checkbox value, then parse them apart when you handle the post:
$value = $row['id']. ',' . $row['albumid'];
echo "<input type='checkbox' name='trackid[]' value='".$value."' />";
ALSO, the SQL, "INSERT INTO (..) .. VALUES (...) " only inserts one row.
It's easy to do that SQL in a loop for all the checked boxes.
foreach($_POST['trackid'] as $value) {
// parse the $value...
// SQL Insert...
}
EDIT 2: From my own comment:
Like hidden fields, input (text) field arrays also post the entire array (with empty values for blank inputs). (Again, this is not a PHP thing, it's a web browser standard to only post checked checkboxes and radio buttons. But ALL text and hidden INPUTs are posted.) So in your example, you need to code a mechanism to know which textbox goes with each checkbox. Quick and dirty...You could add a row index (0,1,2,3...) as another comma-separated number in your checkbox values, then you'll have the index into the posted textbox array. Alternatively, you could name the textboxes ' .. name="textinput_' . $row['trackid'] . '" ...' (not an array), then upon post, read them in your foreach loop with
$val = $_POST["textinput_{$trackid}"];

How to add multiple checkboxes in PHP and mysql with different user id

I am developing a platform that allows me to enter presences at an event and I am stuck in one place. How can I load a series of checkboxes in order to change the user ID for each item?
A practical example, I have a table containing the name of all the people and next to it a checkbox once pressed submit php must upload the data for each user to the db.
Below the html form and the php script that manages the upload to the db.
'''php
<?php
$query = "SELECT * FROM utenti";
$ris = mysqli_query($conn, $query);
//$dati = mysqli_fetch_array($ris);
while($row = mysqli_fetch_assoc($ris)){
echo "<tr><td>".$row['nome']."</td>";
echo "<td>".$row['cognome']."</td>";
echo "<td>".$row['squadra']."</td>";
echo "<td>
<input type='checkbox' name='presenza' data-toggle='toggle' data-onstyle='success' data-offstyle='danger' data-on='Presente' data-off='Assente' value='1'>
</td></tr>";
}
'''
if (isset($_POST['submit'])){
if(!empty($_POST['presenza'])){
// Loop to store and display values of individual checked checkbox.
foreach($_POST['presenza'] as $selected){
echo $selected."</br>";
$sql="INSERT INTO presenze(id_utente,settimana,presenza) VALUES ('1','1','$selected')";
if(mysqli_query($conn, $sql)){
echo "Records added successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($conn);
}
}
}
}
'''

One of the way to get relationship between a user and a checkbox is to use user ID (or whatever unique identifier you have in your tables structure) in checkbox name e.g.:
"<input type='checkbox' name='presenza_" . $row['user_id'] . "'>"
Then on the backend you can iterate over all post params with presenza_ prefix and get user ID from it.
So your code will be a bit more sophisticated:
foreach($_POST as $param_key) {
// working only with params started with presenza_
if (0 !== strpos($param_key, "presenza_")) {
continue;
}
$presenza_parts = explode("_", $param_key);
$user_id = (int)$presenza_parts[1];
}
Keep in mind that checkbox field sends only value if it's switched on and sends nothing if it's switched off.

pass on a row ID onto another page in php

I am trying to pass on a row ID by user click on the specified row, onto another page. I have a table with ID and info column.
code below displays the wanted row ID and info
if ($info = $stmnt2->fetch()) {
echo '<p>Your Info:</p>';
do {
echo "$info[id] . $info[review] . <a href=edit.php?edit=$info[id]>edit</a></br> </br>" ; //The info id is contained in the $info['id']
} while ($info = $stmnt2->fetch());
} else {
echo "<p>No Info</p>";
}
I want the user to be able to click on any of the rows and the selected row to pass on its ID onto another page. How do I do this?
This is the code on the other page and I want the ID on which the user clicked to replace "$info[id]" in the sql query. This replaces the whole column and not the specified row.
if(isset($_POST['id'])){
$update=$_POST['id'];
$db->exec("UPDATE infos SET info = '$update' WHERE reviewid = '$info[id]'");
}
In the edit page I have an input which the user can write to replace the selcted row (from the ID that gets passed on)
<form action="edit.php" method="POST">
<input type="text" name="id" value="">
<input type="submit" value=" Update "/>
</form>
So I want the ID that was passed from the first page to be used to replace the info row with the user input from the edit page

Pass the ID to the URL to the next page, navigate to the next page, then use $id =$_GET['id'];
Your edit=$info['id'] part is right but you're using $_POST and $_POST['id'], on the next page. The GET global is needed and it's named edit, not id
if ($info = $stmnt2->fetch()) {
echo '<p>Your Info:</p>';
do {
echo "$info[id] . $info[review] . <a href=edit.php?edit=$info[id]>edit</a></br> </br>" ; //The info id is contained in the $info['id']
} while ($info = $stmnt2->fetch());
} else {
echo "<p>No Info</p>";
}
edit.php:
if(isset($_GET['edit'])){
$update = $_GET['edit'];
$db->exec("UPDATE infos SET info = '$update' WHERE reviewid = '$info[id]'");
}
Also for future expansion and learning, read into how to do prepared statements with bound parameters if you are going to be using queries with variables built in. You're prone to sql injection currently and it's good practice to learn the newer and safer methods.

you can get the parameter value by using $_REQUEST
$update = $_REQUEST['edit'] in edit.php file
when you use $_REQUEST method you can catch both $_GET and $_POST values.

Use while loop to update database content, from a form

My users have profile photos with captions. Each photo is stored under an auto incremented ID in a database table, so in order to display all relevant photos for an individual user I while look content relevant to their user number.
Because of the differing photo quantities between users, I am unsure of how to process the submitted form.
Is it possible to while loop content back into the database in order to update the table?
Code that produces form details:
while($row = mysql_fetch_array($result))
{
echo '<div style="width:180px; height:210px; float:left;"><img src="../assets/uploads/thumbnail_' . $row['photoLINK'] . '" alt="" class="profileImgsStretch"/>';
echo '<input type="text" name="caption' . $row['photoID'] . '" value="' . $row['photoCAPTION'] . '"></div>';
echo '<input type="hidden" name="picture" value="' . $row['photoID'] . '"></div>';
}

First you need to look at the structure of the database. if 1 user has many pictures you need to make a separate database table consisting of the user id and the photo id
your database structure should be like this
myDB
table 1 -Users
table 2 -user_and_picture
-user_id
-picture_id
table 3 -Pictures
You insert the new picture into the pictures table
Then retrieve that picture id
get the user id and the picture id and store it in the new table user_and_picture
When you want to retrieve the pictures that belong to lets say user 1 you run a query on table user_and_pictures
an example would be
SELECT user_id, user_picture_id
FROM user_and_picture
WHERE user_id = 1
The result of this query will give you all the pictures associated with user #1
after that make a query that gets the filenames of those pictures

In your html use:
<input type="text" name="caption[' . $row['photoID'] . ']" value="' . $row['photoCAPTION'] . '">
You may remove the hidden input field.
So that in your PHP file you may use:
$captions = $_GET['caption'];
foreach ($captions as $picture_id => $caption){
/*
VERY IMPORT TIP ABOUT HACKING: For each caption, check if the picture_id belongs to the user BEFORE making the update. Otherwise a hacker can just change the picture id's and add malicious captions for other users!
If the picture belongs to the uploading user, then continue.
*/
echo 'caption for picture_id: '.$picture_id.' = '.$caption.'<br />'
}

This is how form with data works:
your input field have element named name. its the variable name for your input which you receive in you back-end i.e PHP page.
the form variable name could be literal variable or could be an array.
so for example:
login:
<input type="text" name="username" />
<input type="text" name="password" />
to get it in PHP
$user = $_POST["username"];
$pass = $_POST["password"];
OR in array
<input type="text" name="loginData[username]" />
<input type="text" name="loginData[password]" />
to get it in PHP
$userData = $_POST["loginData"]; // $userData = Array(username, password)
OR
$user = $_POST["loginData[username]"];
$pass = $_POST["loginData[password]"];

Not deleting the correct file in PHP

I am facing problem deleting the correct files. I am displaying the list of files uploaded by the user sorted by the time of upload (last upload first). If there's a list of 3-4 files, no matter which file I click to delete, the first file in the list gets deleted, the file last uploaded that is. Here is my page displaying the files a particular user has uploaded.
<?php
$uid=$faculty_data['faculty_id']; //Assigns logged in id to a variable
$query="SELECT * FROM uploads ORDER BY datetime DESC"; //Sorts by date time
$result=mysql_query($query);
while($row=mysql_fetch_assoc($result))
{
if($uid==$row['faculty_id']) //Checks if the logged in id matches with id in DB
{
echo '<form action="delete.php" method="POST">';
echo "<strong>File: </strong>";
$url=$row['link'];
$new="http://tofsis.com/fileshare/".$url;
echo "<a href='$new'>$new</a><br/>";
echo "<strong>On: </strong>".$row['datetime'];
echo '<br><input type="submit" name="delete" class="btn btn" value="Delete File"/>';
echo '<hr>';
echo '</form>';
}
}
?>
And this is my delete page:
<?php
$uid=$faculty_data['faculty_id'];
$query="SELECT * FROM uploads ORDER BY datetime DESC";
$result=mysql_query($query);
if(isset($_POST['delete']))
{
while($row=mysql_fetch_assoc($result))
{
if($uid==$row['faculty_id'])
{
$url=$row['link'];
$new="http://tofsis.com/fileshare/".$url;
$query="DELETE FROM uploads WHERE link = '$url'";
$result=mysql_query($query);
unlink($url);
}
}
header('Location: my_uploads.php');
exit();
}
else {
echo '<script type="text/javascript">alert("Oops something went wrong!")</script>';
header('Location: my_uploads.php');
exit();
}
?>
Can anyone please tell me where I am going wrong so that I can get my problem fixed?

A couple of changes should be make:
<?php
$uid=$faculty_data['faculty_id']; //Assigns logged in id to a variable
$query="SELECT * FROM uploads ORDER BY datetime DESC"; //Sorts by date time
$result=mysql_query($query);
while($row=mysql_fetch_assoc($result))
{
if($uid==$row['faculty_id']) //Checks if the logged in id matches with id in DB
{
$file_id = $row['id'];
echo '<form action="delete.php" method="POST">';
echo "<strong>File: </strong>";
$url=$row['link'];
$new="http://tofsis.com/fileshare/".$url;
echo "<a href='$new'>$new</a><br/>";
echo "<input type='hidden' value='$url' id='file_path' name='file_path' />";
echo "<input type='hidden' value='$file_id' id='id_file' name='id_file' />"; // new line
echo "<strong>On: </strong>".$row['datetime'];
echo '<br><input type="submit" name="delete" class="btn btn" value="Delete File"/>';
echo '<hr>';
echo '</form>';
}
}
?>
On the delete page, this:
<?php
$file_id=$_POST['id_file'];
$file_path = $_POST['file_path'];
$query="DELETE FROM uploads WHERE id = $file_id";
$result=mysql_query($query);
unlink($file_path); //this should works on deleting the file
?>
That should do the trick ;)

Add another hidden input that stores the File ID and Get it in your delete script and use it

You create a separate POST form for each available file but none of this forms contain any information about what file they refer to. I guess that $_POST contains nothing but a delete key with Delete File as value.
In your delete page, you read data from a variable that does not exist:
$uid=$faculty_data['faculty_id']
... and then you retrieve all files from the database to compare their ID against $uid. I guess you are removing all rows when the ID is zero.
To do:
Enable full error reporting. That's something you need to fix before you go further; it's impossible to code without the aid of error messages. Here's a brief explanation.
Add a hidden field to the form with the corresponding ID.
Read form data from $_POST, not from an arbitrary variable.
Learn some basic SQL, such as the WHERE clause, so you can do something like:
DELETE FROM uploads
WHERE faculty_id=333
Learn about SQL injection. Use a library that provides prepared statements.

Categories