Updating Database Row with image upload and text

loewman

The below code currently allows me to update existing text entry in the database row but does not upload a new image to the appropriate directory. Any help would be appreciated.

<?php 
if (isset($_POST['profileSubmitted'])) {

$id = $_POST['id'];
$shorttitle = $_POST['shorttitle'];
$description =  $_POST['description'] ;

$base = '/Users/loewman/Sites';
$dir = '/images_promos/';
$filename = time () . $_FILES["uploadfile"]["name"];
$path = $dir . $filename;

$fullpath = $base . $path;

$sql = "UPDATE tbl_upload SET  
	shorttitle = '$shorttitle',
	description = '$description'
	";

if(is_uploaded_file($_FILES['uploadfile']['tmp_name']))
{	
	if(copy($_FILES['uploadfile']['tmp_name'], $fullpath))
	{

	$sql = "
	logopath = '$fullpath',
	logourl = '$path'
	WHERE id=$id";
	}
		if (@mysql_query($sql)) 
	{
		echo '<p>Image has been added.</p>';
	} else {
		echo '<p>Error adding:'.
		mysql_error() . '</p>';
	}

}

if (@mysql_query($sql)) 
{
	echo '<p>Your promo has been altered.</p>';
	} 
		else 
		{
		echo '<p>Error adding submitted promo:'.
		mysql_error() . '</p>';
		}
	}

  $id = $_REQUEST['id'];
  $profile = @mysql_query(
      "SELECT * FROM tbl_upload WHERE id='$id'");
  if (!$profile) {
    exit('<p>Error fetching profile details: ' .
        mysql_error() . '</p>');
 }

$row = mysql_fetch_array($profile);

	$shorttitle = stripslashes($row['shorttitle']);
	$description = $row['description'];
	$fullpath = $row['logopath'];
	$logourl = $row['logourl'];

?>

leatherback

Does it upload a file at all? Are there any values in the $_FILES?

Please verify what is happening to your variables. Did you set your form-ENCTYPE to "multipart/form-data"?

Please also, edit your post en enclose it in PHP tags ([ php] [/ php]) for readability

bradgrafelman

As leatherback suggested, you should use the [noparse]

[/noparse] bbcode tags whenever you post PHP code; it helps us read and analyze the code.

As for your problem, the code in this if() statement:

        if(copy($_FILES['uploadfile']['tmp_name'], $fullpath))
        {

    $sql = "
    logopath = '$fullpath',
    logourl = '$path'
    WHERE id=$id";
    }

overwrites your previous $sql declaration. I believe what you intended to do was instead append data onto the end; try using the '.=' operator instead.

Also note that you've got a couple of potential issues with your SQL handling at the bottom:

If an error occurs, you should never display the MySQL error message to the user - that isn't anything they need to know. Instead, this should be something you log for troubleshooting purposes.
If no rows match the query, mysql_query() will execute just fine but the mysql_fetch_array() call will produce an error. Perhaps you should first check that a row was returned before you attempt to access it.

If the file isn't being uploaded either, then you also need to debug that part of the upload process; check if any error code was set in the $_FILES array, and ensure that error_reporting is set to E_ALL so you can catch any errors PHP is reporting.

loewman

"bradgrafelman" was absolutely correct, I did need the '.=' operator.
Thank you for your help.

bradgrafelman

Don't forget to mark this thread resolved (using the link under "Thread Tools").