I have a CMS for a store on an apache server that edits a product description. It won't edit the image though. It won't even move a new image into the destination folder if one doesn't exist (the first file will when adding a new product). It's not a permission problem because other pages in my CMS will overwrite images. This file is ignoring the upload altogether (it does update the db/text fields) although it does show the temp name of the image next to the upload button and it echoes the success message after submit.[ATTACH]5081[/ATTACH]
<?php session_start();
include('functions.php');
if (verifySession(getSession(session_id())) != true) { // only returns true for role of Administrator
header('Location: noaccess.php');
}
dbConnect();
$success="";
$problem="";
$title="";
$author_name="";
$price="";
$pub_name="";
$description="";
$description_b="";
$fileField="";
$newname="";
$product_id="";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['getListing'])) {
$title= mysql_real_escape_string($_POST['title']);
$sql=mysql_query("Select * FROM product WHERE title='$title' LIMIT 1");
while($row = mysql_fetch_array($sql)){
$product_id=$row["product_id"];
$title=$row["title"];
$author_name=$row["author_name"];
$price=$row["price"];
$pub_name=$row["pub_name"];
$description=$row["description"];
$description_b=$row["description_b"];
}
if (isset($_POST['submit']) && (!$problem)) {
$product_id= mysql_real_escape_string($_POST['product_id']);
$title= mysql_real_escape_string($_POST['title']);
$author_name = mysql_real_escape_string($_POST['author_name']);
$price= mysql_real_escape_string($_POST['price']);
$pub_name= mysql_real_escape_string($_POST['pub_name']);
$description= mysql_real_escape_string($_POST['description']);
$description_b= mysql_real_escape_string($_POST['description_b']);
$fileField=$_FILES['fileField'];
mysql_query("UPDATE product SET title='$title', author_name='$author_name', price='$price',pub_name='$pub_name', description='$description',description_b='$description_b' WHERE product_id= '$product_id'") or die (mysql_error());
$success='Updated ' .$title. '.';
if ($_FILES[$fileField]['tmp_name'] != "") {
//Place image in the folder
$product_id=mysql_insert_id();//doesn't make a difference with or w/o this line but this is how I originally tagged the image with addBook.php
$newname = 'product' . $product_id. '.jpg';
}
move_uploaded_file($_FILES[$fileField]['tmp_name'], "product_images/$newname");
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit a Listing</title>
<link rel="stylesheet" type="text/css" href=".././project.css">
<link rel="icon" type="image/png" href="../iShop/project_images/icon.png" >
<script type="text/javascript">
<!--
function MM_swapImgRestore() { //v3.0
var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;
}
function MM_preloadImages() { //v3.0
var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
}
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}
function MM_swapImage() { //v3.0
var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
}
//-->
</script>
</head>
<body onload="MM_preloadImages('../project_images/inventory_down.png')">
<?php include('header.php');?>
<?php include('.././footer.php');?>
<div id="pageContent">
<p align = "center"><a href="index.php"><img src="../project_images/admin.png" width="609" height="71" alt="Admin Panel" /></a></p>
<br />
<div id="addBook">
<form action="<?php htmlentities($_SERVER['PHP_SELF']) ?>" enctype="multipart/form-data" name="editBook" class="addBook_bg" method="post">
<a href="seeBooks.php" onmouseout="MM_swapImgRestore()" onmouseover="MM_swapImage('Inventory','','../project_images/inventory_down.png',1)"><img src="../project_images/inventory.png" alt="Inventory" name="Inventory" width="336" height="86" border="0" id="Inventory" /></a>
<h2>****Edit a Listing</h2><br/><br/>
<?php //echo $book; ?>
<table width="90%" border="0" cellspacing="0" cellpadding="6">
<tr>
<td width="20%" align="right">Title</td>
<td width="80%">
<input name="title" type="text" id="title" size="30" maxlength="100" class="form_input" value="<?php echo $title; ?>" /><input type="submit" name="getListing" id="getListing" value="Get Listing" /><br/><?php if(isset($_POST['getListing'])) { $title=preg_replace('#[^a-z0-9?!-: (),]#i','',$_POST['title']); if($title =="" ){ echo '<span class="warning"></span>Please enter a title.</span>'; $problem = TRUE;}} ?><?php if(isset($_POST['submit'])) { $title=preg_replace('#[^a-z0-9?!-: (),]#i','',$_POST['title']); if($title =="" ){ echo '<span class="warning"></span>Please enter a title.</span>'; $problem = TRUE;}} ?>
</td>
</tr>
<tr>
<td align="right">Author</td>
<td>
<input name="author_name" type="text" id="author_name" size="30" maxlength="80" class="form_input" value="<?php echo $author_name; ?>"/><?php if(isset($_POST['submit'])) { $author_name=preg_replace('#[^a-z ]#i','',$_POST['author_name']); if($author_name =="" ){ echo '<span class="warning"></span>Please enter the author.</span>'; $problem = TRUE;}} ?>
</td>
</tr>
<tr>
<td align="right">Price</td>
<td><input type="text" name="price" id="price" size="30" maxlength="7" class="form_input" value="<?php echo $price; ?>" /><?php if(isset($_POST['submit'])) { $price=preg_replace('#[^0-9.]#i','',$_POST['price']); if($price =="" ){ echo '<span class="warning"></span>Please enter the price.</span>'; $problem = TRUE;}} ?>
</td>
</tr>
<tr>
<td align="right">Publisher</td>
<td><input type="text" name="pub_name" id="pub_name" size="30" maxlength="80" class="form_input" value="<?php echo $pub_name; ?>" /><?php if(isset($_POST['submit'])) { $pub_name=preg_replace('#[^a-z0-9?!-: (),]#i','',$_POST['pub_name']); if($pub_name =="" ){ echo '<span class="warning"></span>Please enter the publisher.</span>'; $problem = TRUE;}} ?>
</td>
</tr>
<tr>
<td align="right">Description</td>
<td>
<textarea name="description" type="text" id="description" cols="40" rows="6" maxlength="250" class="text_box" /><?php echo $description; ?></textarea><br/><?php if(isset($_POST['submit'])) { $description=preg_replace('#[^a-z0-9?!-: (),]#i','',$_POST['description']); if($description =="" ){ echo '<span class="warning"></span>Please enter the description.</span>'; $problem = TRUE;}} ?>
</td>
</tr>
<tr>
<td align="right">Detail</td>
<td>
<textarea name="description_b" type="text" id="description_b" cols="40" rows="6" maxlength="250" class="text_box" /><?php echo $description_b; ?></textarea><br/><?php if(isset($_POST['submit'])) { $description_b=preg_replace('#[^a-z0-9?!-: (),]#i','',$_POST['description_b']); if($description_b =="" ){ echo '<span class="warning"></span>Please enter the detail.</span>'; $problem = TRUE;}} ?>
</td>
</tr>
<tr>
<td align="right">Picture</td>
<td>
<input type="file" name="fileField" id="fileField" />
</td>
</tr>
<tr>
<td>*</td>
<td>
<input name="product_id" type="hidden" value="<?php echo $product_id; ?>" />
<input type="submit" name="submit" id="submit" action="editBook.php"/> <input type="reset" onclick="location.reload('editBook.php');return false;"/>
<?php echo $success ?>
</td>
</tr>
</table>
<br/><br/>
</form><br /><br />
</div>
</div>
</body>
</html>
e_b.png
