file upload/update

BluntedbyNature

ok so i got a file upload script, it works perfect when i am created a new user and have to upload the image for that new user. but when i use the script to update a current user, like change the image of the current user the file does no upload.

here is the form and what not on the current user.

<?
{
 include 'library/config.php';
 include 'library/opendb.php';
}
?>
<? 
mysql_select_db("$dbname"); 
?>
<?
$sql = "SELECT * FROM professionals WHERE pro_id = $_GET[id];";

// execute SQL query and get result
$sql_result = mysql_query($sql,$conn)
    or die(mysql_error());
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>

<body>
<?
// Loop through the data set and extract each row in to it's own variable set

while ($row = mysql_fetch_array($sql_result)) {
    extract($row);
?>
<form action="proupdate.php" method="POST" name="form1" class="black">
      <p>
        <input name="pro_id" type="hidden" id="pro_id" value="<?php echo $pro_id; ?>">
        <br>
        Positon<br>
        <select name="pro_positon" id="pro_positon">
          <option value="Partners" <?php if (!(strcmp("Partners", $pro_positon))) {echo "selected=\"selected\"";} ?>>Partners</option>
          <option value="Associates" <?php if (!(strcmp("Associates", $pro_positon))) {echo "selected=\"selected\"";} ?>>Associates</option>
          <option value="Of Counsel" <?php if (!(strcmp("Of Counsel", $pro_positon))) {echo "selected=\"selected\"";} ?>>Of Counsel</option>
          <option value="Special Of Counsel" <?php if (!(strcmp("Special Of Counsel", $pro_positon))) {echo "selected=\"selected\"";} ?>>Special Of Counsel</option>
          <option value="Technical Staff" <?php if (!(strcmp("Technical Staff", $pro_positon))) {echo "selected=\"selected\"";} ?>>Technical Staff</option>
        </select>
</p>
      <p><img src="../professionals/<?php echo $pro_pic; ?>" width="148" height="200"><br>
        Picture Address
          <input name="MAX_FILE_SIZE" type="hidden" id="MAX_FILE_SIZE" value="900000000000000000000">
        <br>
        <input name="userfile" type="file" id="userfile" value="<?php echo $pro_pic; ?>" size="60">
      </p>
      <p>Name<br>
          <input name="pro_name" type="text" id="pro_name" value="<?php echo $pro_name; ?>">
</p>
      <p>Bio<br>
        <textarea name="pro_content" cols="60" rows="8" id="pro_content"><?php echo $pro_content; ?></textarea>
        <br>
        <input name="add" type="submit" id="add" value="Submit">
        <input name="add2" type="reset" id="add2" value="Reset">
      </p>


</form>
<?
// End while loop
}
?>
</body>
</html>
<?php

mysql_close($conn);
?>

and here is the page where it does its magic. lol

<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "index.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   

  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Serko &amp; Simon LLP .::. Admin CP</title>
<link href="../styles.css" rel="stylesheet" type="text/css">
</head>

<body>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td colspan="2" style="background-image:url(../images/bgtop.jpg)"><img src="../images/Globe4.jpg" width="589" height="191"></td>
  </tr>
  <tr>
    <td width="20%" height="150" valign="top"><div style="margin-top:5px"><? include('cpnav.php'); ?></div></td>
    <td width="80%" valign="top">
      <p>
      <? ini_set("upload_max_filesize","20M");
if(isset($_POST['add']))
{
include 'library/config.php';
include 'library/opendb.php';

$pro_id = $_POST['pro_id'];
$pro_positon = $_POST['pro_positon'];
$pro_name = $_POST['pro_name'];
$pro_content = $_POST['pro_content'];

$uploaddir = '/home/virtual/site26/fst/var/www/html/professionals/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

/*if (($_FILES['userfile']['type'] != "application/msword") || ($_FILES['userfile']['type'] != "application/pdf")) {
die($_FILES['userfile']['type']);
}*/

echo($_FILES['userfile']['type']);

move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);

$pro_pic = $_FILES['userfile']['name'];

$query = "UPDATE professionals SET pro_positon='$pro_positon', pro_name='$pro_name', pro_content='$pro_content', pro_pic='$pro_pic' WHERE pro_id='$pro_id'";
mysql_query($query) or die('Error, update query failed, could not connect to database');

//echo "New Alert added  \n";

include 'library/closedb.php';
}
?>
      </p>
      <p>File Updated<br>
    Click here to go <a href="professionals.php" class="black">back</a></p></td>
  </tr>
</table>
</body>
</html>

everything else updates, like the name and postion and the bio about it, just not the picture, it wont even upload the new picture. so it is something with the file upload.

phence

could it be how you are getting the name of your pic?
how are you displaying your picture when pulling it from the database?

you may want to keep the full or relative path in your database for when you want to display the image.

here is how I update my pictures...

I have a function that creates a random number (to ensure i don't copy over anothers image- or an error). Then I add it to the pictures name...

	
	//Generates random number
	function setRandomFilename(){
		global $dirToSaveIn; 
		srand((double)microtime()*1000000);  

		$rand_name = rand(1,1000000);
		$dir = opendir($dirToSaveIn);
		$tmp_num = 0;
		$tmp_arr[$tmp_num] = "";
		while(false !== ($file = readdir($dir))){
			$tmp_arr[$tmp_num] = $file;
			$tmp_num++;
		}
		$tmp_arr_sze = sizeof($tmp_arr);
		$truefalse = false;
		for($i=0;$i<$tmp_arr_sze;$i++){
			if($rand_name == $tmp_array[$i]){ $truefalse = true; }
		}
		if($truefalse == true){
			$rand_name = setRandomFilename();
		}else{
			return $rand_name;
		}
	}

// ...

// Validate Picture & Upload
	$webpath = "http://www.yoursite.net/pathto/images/"; // Web Address Picture Directory
	$dirToSaveIn = "/home/yoursite/www/pathto/images"; // Server path to Directory

// Picture update - check for a new pic 
if (!empty($_FILES['pro_image1']['type'])){
	$newname = $_FILES['pro_image1']['name']; 
	$extension = "";
	if($_FILES['pro_image1']['type'] == "image/gif"){ $extension = "gif"; }
	elseif($_FILES['pro_image1']['type'] == "image/pjpeg"){ $extension = "jpg"; }
	elseif($_FILES['pro_image1']['type'] == "image/jpeg"){ $extension = "jpg"; }
	elseif($_FILES['pro_image1']['type'] == "image/png"){ $extension = "png"; }
	else{
		$errors['pro_image1'] = "Your Image does not have the proper extenstion. Please upload .gif, .jpg, and .png files only!";
	}
	$file_name = $newname.setRandomFilename().".".$extension;
	$newpath = $dirToSaveIn."/".$file_name;
	$webpath_1 = $webpath.$file_name;
	$result  = move_uploaded_file($_FILES['pro_image1']['tmp_name'], $newpath);
}

Hope that helps.
Phence

samudasu

be sure your form has the enctype="multipart/form-data" attribute. Chapter 38 handling file uploads in the php manual.

BluntedbyNature

samudasu wrote:
be sure your form has the enctype="multipart/form-data" attribute. Chapter 38 handling file uploads in the php manual.

this was accually the problem.

i found a bug though. if you update other info but dont want to change the image, when you submit the data the image disappears, its happening cause the file feild is blank so it changes the $pro_pic to nothing so in the database it becomes blank.

tell me if this will work. im still a n00b when it comes to writing, i understand pretty well, but i suck at accually making it work.

<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "index.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   

  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Serko &amp; Simon LLP .::. Admin CP</title>
<link href="../styles.css" rel="stylesheet" type="text/css">
</head>

<body>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td colspan="2" style="background-image:url(../images/bgtop.jpg)"><img src="../images/Globe4.jpg" width="589" height="191"></td>
  </tr>
  <tr>
    <td width="20%" height="150" valign="top"><div style="margin-top:5px"><? include('cpnav.php'); ?></div></td>
    <td width="80%" valign="top">
      <p>
      <? ini_set("upload_max_filesize","20M");
if(isset($_POST['add']))
{
include 'library/config.php';
include 'library/opendb.php';

$pro_id = $_POST['pro_id'];
$pro_positon = $_POST['pro_positon'];
$pro_name = $_POST['pro_name'];
$pro_content = $_POST['pro_content'];
$pro_pic2 = $pro_pic

$uploaddir = '/home/virtual/site26/fst/var/www/html/professionals/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

/*if (($_FILES['userfile']['type'] != "application/msword") || ($_FILES['userfile']['type'] != "application/pdf")) {
die($_FILES['userfile']['type']);
}*/

echo($_FILES['userfile']['type']);

move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);

$pro_pic = $_FILES['userfile']['name'];

if($pro_pic == ""){
	$pro_pic == $pro_pic2;
}
$query = "UPDATE professionals SET pro_positon='$pro_positon', pro_name='$pro_name', pro_content='$pro_content', pro_pic='$pro_pic' WHERE pro_id='$pro_id'";
mysql_query($query) or die('Error, update query failed, could not connect to database');

//echo "New Alert added  \n";

include 'library/closedb.php';
}
?>
      </p>
      <p>File Uploaded Successfully<br>
    Click here to go <a href="professionals.php" class="black">back to professionals.</a></p></td>
  </tr>
</table>
</body>
</html>

this is what i added

if($pro_pic == ""){
	$pro_pic == $pro_pic2;
}

so it checks $pro_pic sees if its empty, if it is then i have a variable set "pro_pic2" which is the old image that was there, before it inserts into the database

samudasu

I didn't test this but should work.

//below is the form page

//below is the update script.
If $_FILES['userfile'] is not empty run the image upload script or else insert the $pro_pic value taken from the hidden fild on the upload form into the database.

$pro_pic = $_POST['pro_pic'];

if (!empty($_FILES['userfile'])) { 

$uploaddir = '/home/virtual/site26/fst/var/www/html/professionals/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

/*if (($_FILES['userfile']['type'] != "application/msword") ||     ($_FILES['userfile']['type'] != "application/pdf")) {
die($_FILES['userfile']['type']);
}*/

echo($_FILES['userfile']['type']);

move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);

$pro_pic = $_FILES['userfile']['name']; 
}