I have a php/mysql photo gallery that I am developing, which has a user interface to upload photographs and edit details. The user is asked to enter a title and category for each picture, which can be edited at a later date.
Everything is working as it should be, except for the "edit" part. When I choose to update the details, it updates the details of ALL rows in the database. For example, I try changing the title of "pictureA" to "A picture" and every picture in the database is now called "A picture".
This is really frustrating me as I'm sure everything was working smoothly earlier. If anyone is kind enough to have a look through my code, I would very much appreciate it.
This is in a switch statement, whereby the contents of $_GET['action'] are evaluated.
case "edit":
$select = mysql_query("SELECT * FROM gallery WHERE id = ".$_GET['id']) or die(mysql_error());
$row = mysql_fetch_row($select);
$id = $row[0];
$title = $row[1];
$category = $row[2];
$image = $row[3];
$basename = $row[4];
?>
<img src="../<?=$image?>" alt="<?=$title?>" /><br /><br />
<form action="admin.php?action=postedit&id=<?=$id?>" method="post" enctype="multipart/form-data">
<label for="title"><b>Title: </b></label><br />
<input type="text" name="title" value="<?=$title?>" /><br />
<label for="category"><b>Category: </b></label><br />
<select name="category">
<option value="action"<? if($category == "action") echo "selected='selected'" ?>>Action</option>
<option value="portrait"<? if($category == "portrait") echo "selected='selected'" ?>>Portraiture</option>
<option value="abstract"<? if($category == "abstract") echo "selected='selected'" ?>>Abstract / Misc</option>
<option value="landscape"<? if($category == "landscape") echo "selected='selected'" ?>>Landscapes</option>
</select><br />
Leave Alone If You Want The Same Image: <br />
<input type="file" name="image" /><br />
<input type="submit" value="Edit Image" />
</form>
<?
break;
case "postedit":
foreach($_POST as $key => $value){
$$key = htmlspecialchars($value);
}
$id = $_GET["id"];
$select = mysql_query("SELECT basename FROM gallery WHERE id = ".$id) or die(mysql_error());
$row = mysql_fetch_row($select);
$basename0 = $row[0];
if(mysql_query("UPDATE gallery SET title = '".$title."', category = '".$category."'") or die(mysql_error())){
echo "Updated.<br />";
if($_FILES["image"]){
$file = $_FILES["image"];
$basename = date("d-m-Y-G-j-s-").basename($file['name']);
if($file['type'] == 'image/gif' || $file['type'] == "image/jpeg" || $file['type'] == "image/pjpeg" || $file['type'] == 'image/png'){
if(unlink($basename0) && move_uploaded_file($file['tmp_name'], '../uploaded_images/'.$basename)){
echo "Moved File<br />";
echo "<img src='../uploaded_images/$basename' /><br />";
if(mysql_query("UPDATE gallery SET basename = '".$basename."',
image = 'uploaded_images/$basename'") or die(mysql_error())){
echo "Image Location updated.";
}
else {
echo "Image Location could not be updated.";
}
}
else {
"Couldn't move";
}
}//is an image
}//if file is there
}//updated
else {
echo "Could not update.";
}//didn't update
break;
