edit.php works but only if I upload a new image everytime

JHouse

Hi,

I created a really simple news' application that allows the client to add news articles, along with a photo. Well, all the pages work well except for the edit.php page.

Basically, my edit.php page only works if I upload a new image everytime, so, if I just want to edit the text and that's it, I get the following error: Invalid File Type

So, my question is, how do one update the record without uploading an image everytime?

Here's the code (I'd post just the related code, but I'm such a newbie that I don't know what parts are/not related):

Thanks.

<?php

include 'DL_Config.php';

if ($submit)
{
// Grab form data...
$title = mysql_real_escape_string($_POST['title']);
$text1 = mysql_real_escape_string($_POST['text1']);
$text2 = mysql_real_escape_string($_POST['text2']);

if (!$title)
{
 @unlink($_FILES['imagefile']['tmp_name']);
 echo 'Error: News title is a required field. Please fill it.';
 die;
}

// Check file size...
       if ($_FILES['imagefile']['size'] <= 75000)
       {
        // Create path...
        $path = '../images/photos/' . $_FILES['imagefile']['name'];

 // Check file type...
               switch ($_FILES['imagefile']['type'])
               {
  case 'image/jpg':
  case 'image/jpeg':
  case 'image/gif':
   // Relocate file...
   if (!@move_uploaded_file($_FILES['imagefile']['tmp_name'], $path))
   {
    @unlink($_FILES['imagefile']['tmp_name']);
    die('Unable to relocate file.');
   }
   break;

  default:
   @unlink($_FILES['imagefile']['tmp_name']);
   die('Invalid file type.');
               }

 // UPDATE News table...
 $sql = "UPDATE news SET title='$title', text1='$text1', text2='$text2', image='$path' WHERE newsid='$newsid' ";
 $res = mysql_query($sql) or die(mysql_error());

  // Perform query...
 // $sql = "UPDATE news (title, text1, text2, image)
 // VALUES ('$title', NOW(), '$text1', '$text2', '$path')";
 // $res = mysql_query($sql) or die(mysql_error());

 @unlink($_FILES['imagefile']['tmp_name']);

 if (mysql_affected_rows() > 0)
 {
  // Success!
  echo '<meta http-equiv="Refresh" content="3;url=DL_Index.php">';
  echo '<b>UPDATED!<br>You\'ll be redirected to the Admin Area in a couple seconds...Hold tight!';
 }
 else
 {
  // Failure!
  echo 'Unable to create record.';
 }
}
else
{
 @unlink($_FILES['imagefile']['tmp_name']);
 die('This file is too large.');
}
}
elseif($newsid)
{
        $sql = "SELECT * FROM news WHERE newsid='$newsid'";
		$res = mysql_query($sql) or die(mysql_error());
        while($myrow = mysql_fetch_assoc($res))
             {
                $title = $myrow["title"];
                $text1 = $myrow["text1"];
                $text2 = $myrow["text2"];
                $image = $myrow["image"];
?>

Roger_Ramjet

Quite a few views of this post but no replies?? No one fancies it. Posting more code is better than posting not enough so don't worry about it. Your problem is your coding style. I can't be bothered to pick through it. Now add some major comments that explain the logic. Use comments like

// *************** INSERT SECTION *********
..... code

// *************** END INSERT *********
and

// *************** UPDATE SECTION **********

etc

to make it absolutely clear what is what and where it is. Post it back and you'll sonn get some help

phil_j_poore

i think and would bet on it that your problem is with the UPDATE query.

// UPDATE News table...
 $sql = "UPDATE news SET title='$title', text1='$text1', text2='$text2', image='$path' WHERE newsid='$newsid' ";
 $res = mysql_query($sql) or die(mysql_error());

this says to update the image to $path but it does not check to see i $path is defined.
put something like

if (isset($path))
{
$extra = "image='$path'";
} else {
$extra = "";
}

$query = "UPDATE news SET title='$title', text1='$text1', text2='$text2' ".$extra." WHERE newsid='$newsid' ";

this will only update the image if the path is something and will leave the old image if it isnt.

Kudose

No one else notice how the coloring of the script changed towards the end?

Check this out:

if (mysql_affected_rows() > 0)
 {
  // Success!
  echo '<meta http-equiv="Refresh" content="3;url=DL_Index.php">';
  echo '<b>UPDATED!<br>You'll be redirected to the Admin Area in a couple seconds...Hold tight!';
}
else
{

You need to escape a ' in there. It should be:

if (mysql_affected_rows() > 0)
 {
  // Success!
  echo '<meta http-equiv="Refresh" content="3;url=DL_Index.php">';
  echo "<b>UPDATED!<br>You\'ll be redirected to the Admin Area in a couple seconds...Hold tight!";
}
else
{

Not saying that is the only problem, but the most noticable one I saw (mainly becuase the thread changed colors on me).

**EDIT**
The board keeps stripping my escape. Just know it should be there.

Roger_Ramjet

Nope did not get that far down before getting lost.

Kudose

You should also be getting a parse error at the end of your script because you're not closing your WHILE statement or your ELSEIF statement.

JHouse

WOW, this board rocks! Thanks for everybody's help.

Okay, per your suggestions, I commented out my code a bit more, hopefully it's a bit easier to digest. I think I did it correctly, but I could be wrong.

I also took phil_j_poore suggestion and revised my UPDATE statement, however, now it doesn't work at all. This is the error I receive if I change the image:

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'image='../images/photos/HM_RandomTopCD2.gif' WHERE newsid='19''

And the error I receive if I don't change the image:

Invalid file type.

Here's the revised code per your guys suggestions.

Thanks again for all your help.

<?php

include 'DL_Config.php';

if ($submit)
{
// Grab form data...
$title = mysql_real_escape_string($_POST['title']);
$text1 = mysql_real_escape_string($_POST['text1']);
$text2 = mysql_real_escape_string($_POST['text2']);

if (!$title)
{
 @unlink($_FILES['imagefile']['tmp_name']);
 echo 'Error: News title is a required field. Please fill it.';
 die;
}

// ****************** CHECK IMAGE FILE SIZE AND TYPE SECTION ************

// Check file size...
       if ($_FILES['imagefile']['size'] <= 75000)
       {
        // Create path...
        $path = '../images/photos/' . $_FILES['imagefile']['name'];

 // Check file type...
               switch ($_FILES['imagefile']['type'])
               {
  case 'image/jpg':
  case 'image/jpeg':
  case 'image/gif':
   // Relocate file...
   if (!@move_uploaded_file($_FILES['imagefile']['tmp_name'], $path))
   {
    @unlink($_FILES['imagefile']['tmp_name']);
    die('Unable to relocate file.');
   }
   break;

  default:
   @unlink($_FILES['imagefile']['tmp_name']);
   die('Invalid file type.');
               }

// ****************** UPDATE SECTION ************ 

 // UPDATE News table...
if (isset($path)) 
{ 
$extra = "image='$path'"; 
} else { 
$extra = ""; 
} 
 $sql = "UPDATE news SET title='$title', text1='$text1', text2='$text2' ".$extra." WHERE newsid='$newsid' ";
 $res = mysql_query($sql) or die(mysql_error());

 // $sql = "UPDATE news SET title='$title', text1='$text1', text2='$text2', image='$path' WHERE newsid='$newsid' ";

 @unlink($_FILES['imagefile']['tmp_name']);

 if (mysql_affected_rows() > 0)
 {
  // Success!
  echo '<meta http-equiv="Refresh" content="3;url=DL_Index.php">';
  echo "<b>UPDATED!<br>You\'ll be redirected to the Admin Area in a couple seconds...Hold tight!";
 }
 else
 {
  // Failure!
  echo 'Unable to create record.';
 }
}
else
{
 @unlink($_FILES['imagefile']['tmp_name']);
 die('This file is too large.');
}
}

// ****************** END UPDATE ************

// ****************** SELECT SECTION ************

elseif($newsid)
{
        $sql = "SELECT * FROM news WHERE newsid='$newsid'";
		$res = mysql_query($sql) or die(mysql_error());
        while($myrow = mysql_fetch_assoc($res))
             {
                $title = $myrow["title"];
                $text1 = $myrow["text1"];
                $text2 = $myrow["text2"];
                $image = $myrow["image"];

// ****************** END SELECT ************
?>

<html>
<Body>
<p class="ParaTitle">Add News Article</p>

<!-- Edit Record Form -->

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data">
<input type="hidden" name="newsid" value="<? echo $myrow['newsid']?>">
<table width="600" border="0" cellspacing="0" cellpadding="0">
<tr valign="top">
  <td>Title:</td>
  <td><input name="title" size="40" maxlength="255" value="<? echo $title; ?>"></td>
</tr>
<tr valign="top">
  <td>Image:</td>
  <td><input type="file" name="imagefile" value="<? echo $image; ?>"></td>
</tr>
<tr valign="top">
  <td>First Paragraph:</td>
  <td><textarea name="text1"  rows="7" cols="50"><? echo $text1; ?></textarea></td>
</tr>
<tr valign="top">
  <td>The rest of the article:</td>
  <td><textarea name="text2" rows="10" cols="50"><? echo $text2; ?></textarea><br>
<input type="submit" name="submit" value="Update News Article"></td>
</tr>
</table>
</form>

<!--  End Edit Record Form -->

</Body>
</html>
<?
        }//end of while loop

  }//end else
?>

Kudose

You should be using the full path to the directory you are uploading to, not shortcuts. Not sure if that's your problem, but I thought I would point it out.

You also need to tell it what to do if there are no files uploaded. I suggest that you break up your code a bit.

Try having a section specificly for your file upload and another block for your updates.

i.e.

if($_FILES){
     //do you upload stuff and DB work
     //by DB work, I mean update your image field only
} else {
     //do updates to DB...or do nothing
}

//then go to your script for everything else

Roger_Ramjet

I'd go even further. I use code fragments that get included where needed. It really makes it easier to focus on a) what each piece of code is doing b) the overall logic flow of the main page.

In this case I would definitely move the image_check section to another file and include it. In the process you could generalise it so that you can reuse it in other pages and other applications. I would personally probably do that with the update section as well

if (isset($path)) { include_once 'update_bit.php'; }

That way, once tested I can forget about each bit and focus on the next part. Just some hints on making life easier for yourself. It really is a matter of taste.

JHouse

Okay, I see what you guys mean. I've seen this with other php apps I've worked with (open source), like oScommerce where most, if not all, of the functions are in separate files thus not all on the same page like mine.

I'll most likely break this up into separate functions where I call them with: if (isset($path)) { include_once 'update_bit.php'; } however, I'd like to do this after I solve the current problem, that is, if you guys think that's an okay idea for now. If you don't, I break it up.

Regarding the full path to the image directory, I don't think that's the problem 'cause it works fine when I upload a new image. Matter of fact, everything works well, it's just IF I DONT upload a new image, then it doesn't work.

Thanks again for your help.

Kudose

To be honest with you, my advice is to stop now. Take a moment to read about Object Oriendted Programming (OOP) , and then redo your script.

Basically I am recommending that you check into "generalizing" (OOP) as David (Roger Ramjet) put it, it will save you lots of time in the future, because you will have lots of REUSEABLE code.

But, to each thier own. It took me a little bit to grasp the concept of OOP, but once you get it, it's "on like donkey kong". Mainly since OOP is key to many programming languages. PHP is just now getting a good OOP back-bone.

🙂

JHouse

Cool, thanks for the advice. And yes, I will read that article.

I would stop now, per your suggestion, but I was suppose to have this done like yesterday, so I gotta figure out how to pull this off asap. Then I'll learn how to do it better. I wouldn't think that I'm far off since every part of the app works, even the edit page works, but again, only if you add a new image everytime.

Well, I'm gonna keep on.

Thanks.

Kudose

99% sure this will work for you. Copy and paste it into dreamweaver or something that formats. It's cool. Be sure to change your path name to reflect your username. Also, DO NOT use this as a secure form, it will just work for what you need.

<?php
include 'DL_Config.php';

if ($submit){
	// Grab form data...
	$title = mysql_real_escape_string($_POST['title']);
	$text1 = mysql_real_escape_string($_POST['text1']);
	$text2 = mysql_real_escape_string($_POST['text2']);

if (!$title){
	@unlink($_FILES['imagefile']['tmp_name']);
	echo 'Error: News title is a required field. Please fill it.';
	exit;
}

// ****************** CHECK IMAGE FILE SIZE AND TYPE SECTION ************

// Check file size...
   if (($_FILES) && (filesize($_FILES['imagefile']['size'])<=75000)){
		// Create path...
		$path = '/home/username/public_html/images/'.$_FILES['imagefile']['name'];

	 // Check file type...
	 $allowed = array("image/jpeg", "image/jpg", "image/gif");
	 if(in_array($_FILES['imagefile']['type'], $allowed)){
		if(move_uploaded_file($_FILES['imagename']['tmp_name'], $path)){
			@mysql_query("UPDATE news SET image='".$path."' WHERE newsid='".$newsid."'") or die("Could not upload image.");
		} else {
			echo "Error :: Image was not moved.";
		} 
	 } else {
		echo "Error :: Image type is not allowed.";
	 }
} else {
	@unlink($_FILES['imagefile']['tmp_name']);
	echo "Error :: File is too large.";
	exit;
}
// ****************** UPDATE SECTION ************

	 // UPDATE News table...
$sql = "UPDATE news SET title='$title', text1='$text1', text2='$text2' WHERE newsid='$newsid' ";
$res = mysql_query($sql) or die(mysql_error());

 // $sql = "UPDATE news SET title='$title', text1='$text1', text2='$text2', image='$path' WHERE newsid='$newsid' ";

 @unlink($_FILES['imagefile']['tmp_name']);

 if (mysql_affected_rows() > 0){
	// Success!
	echo '<meta http-equiv="Refresh" content="3;url=DL_Index.php">';
	echo "<b>UPDATED!<br>You'll be redirected to the Admin Area in a couple seconds...Hold tight!";
} else {
	// Failure!
	echo 'Unable to create record.';
}

// ****************** END UPDATE ************

// ****************** SELECT SECTION ************

} elseif($newsid) {
        $sql = "SELECT * FROM news WHERE newsid='$newsid'";
        $res = mysql_query($sql) or die(mysql_error());
        while($myrow = mysql_fetch_assoc($res))
             {
                $title = $myrow["title"];
                $text1 = $myrow["text1"];
                $text2 = $myrow["text2"];
                $image = $myrow["image"];

// ****************** END SELECT ************
?>

<html>
<Body>
<p class="ParaTitle">Add News Article</p>

<!-- Edit Record Form -->

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" enctype="multipart/form-data">
<input type="hidden" name="newsid" value="<? echo $myrow['newsid']?>">
<table width="600" border="0" cellspacing="0" cellpadding="0">
<tr valign="top">
  <td>Title:</td>
  <td><input name="title" size="40" maxlength="255" value="<? echo $title; ?>"></td>
</tr>
<tr valign="top">
  <td>Image:</td>
  <td><input type="file" name="imagefile" value="<? echo $image; ?>"></td>
</tr>
<tr valign="top">
  <td>First Paragraph:</td>
  <td><textarea name="text1"  rows="7" cols="50"><? echo $text1; ?></textarea></td>
</tr>
<tr valign="top">
  <td>The rest of the article:</td>
  <td><textarea name="text2" rows="10" cols="50"><? echo $text2; ?></textarea><br>
<input type="submit" name="submit" value="Update News Article"></td>
</tr>
</table>
</form>

<!--  End Edit Record Form -->

</Body>
</html>
<?
        }//end of while loop        

  }//end else
?>

Roger_Ramjet

OK. This is the first time I've scanned your whole code and one thing strikes me, or rather my UltraEdit:

The whole of the Update section is nested within the files if :

// Check file size...
if ($_FILES['imagefile']['size'] <= 75000)
{

So the update query will only run if this IF is TRUE. What I assume you actually want to happen is that the $path= bit is only added to the query string if the IF is true, but otherwise the query runs without it. As it is the query only ever runs if that IF is true. A bit more indenting would make it more obvious what is inside each if and else. I could do it for you but you'll never learn to be more carefull if you don't go through all the pain of debugging misplaced and missing brackets yourself. So have fun tracking them down.

and remember WE INDENT SO THAT WE CAN AVOID THIS KIND OF PROBLEM.

JHouse

Wow, thanks so much for your help here. Seriously man.

Okay, I'm gonna test this out and then report back shortly.

Thanks again.

Kudose

10-4

🙂

Roger_Ramjet

Good luck. If you are serious about programming then the $30 for a registered copy of UltrEdit will pay for itself in no time. The fact that it auto-indents when you close } brackets keeps me on track as to how far in or out of the nest I am. Has loads more important features but that is just a nice thing to have.

Kudose

Took me from your post time, to now to: download, install, and play with UltraEdit. Then uninstall it.

I couldnt get it to change my colors on syntax.

Oh well.

😃

JHouse

Okay, we're definitely getting somewhere...

I can now update the record without changing the image, however, now I get the following error:

Warning: filesize(): Stat failed for 0 (errno=2 - No such file or directory) in /home/pantica/public_html/davidliebman/adman/DL_EditNews.php on line 19
Error :: Image type is not allowed.UPDATED!

Again, it works, I just get that error.

Funny thing is, now it won't work if I actually add a new image during the update process. Here's the error I get:

Warning: filesize(): Stat failed for 18921 (errno=2 - No such file or directory) in /home/pantica/public_html/davidliebman/adman/DL_EditNews.php on line 19
Error :: Image was not moved.Unable to create record.

I'm guessing we're only a few or so characters away from pulling this off. I'm gonna try and figure out what's up.

BTW, I like the way you laid out the code. It makes much more sense that way, especially with the else statements...it's easier to follow.

Mucho mucho thanks again. Oh, if you ever need any graphic design help, I'll do it for free. I have over 8 years pro experience and would love to return the favor. Here's my site:
http://www.Pantica.com

JHouse

BTW, this is lines 19 - 21:


   if (($_FILES) && (filesize($_FILES['imagefile']['size'])<=75000)){ 
        // Create path... 
        $path = '../images/photos/'.$_FILES['imagefile']['name'];