Hey. I've done something stupid, it seems, and I can't seem to dig myself out of the hole. I've got a php-script meant to deal with different types of information editing on a self-made website. The edit works more or less, but there is something mucking it up - there are different types of information, all stored in the same table - the editing is done in different steps, depending on what is being edited. The problem arises when there is a file upload involved, with a picture displayed. I'll post the whole code here (it's a bit long) - any help would be appreciated, any tips on improving the code too. /**/ //lets you edit the various information /**/ elseif ($iID=$_POST['ID']) { $ua=mysql_fetch_array(mysql_query("SELECT * FROM $about_info WHERE ID = ('$iID')"),MYSQL_BOTH); $description = bbcode_to_html($ua['desc']); $cnum = $ua['cat_num']; if (isset($_POST['submit'])) { $formArray['desc']=$_POST['ridesc']; $formArray['s_title']=$_POST['title']; $formArray['fname']=$_POST['fname']; $formArray['lname']=$_POST['lname']; if (isset($_FILES['new_image'])) { $formArray['bilde']=$filePath; } else { $formArray['bilde']=$ua['s_bilde']; } } else { $formArray['desc']=$ua['desc']; $formArray['s_title']=$ua['s_title']; $formArray['fname']=$ua['s_fname']; $formArray['lname']=$ua['s_lname']; $formArray['bilde']=$ua['s_bilde']; } //the variables taken from the form $iID=$_POST['ID']; $fname=$_POST['fname']; $lname=$_POST['lname']; $title=$_POST['title']; $ridesc=$_POST['ridesc']; $update=$_POST['update']; $fname=mysql_real_escape_string($fname); $lname=mysql_real_escape_string($lname); $title=mysql_real_escape_string($title); $ridesc=mysql_real_escape_string($ridesc); //check to see if values have been entered //if not, display error-message if(!isset($_POST["fname"])) { $fname_error = ""; } elseif (empty($_POST["fname"])) { $fname_error = "<p class='error'>Du har ikke skrevet inn fornavn</p>"; } else { $fname_error = ""; } if(!isset($_POST["lname"])) { $lname_error = ""; } elseif (empty($_POST["lname"])) { $lname_error = "<p class='error'>Du har ikke skrevet inn etternavn</p>"; } else { $lname_error = ""; } if(!isset($_POST["title"])) { $title_error = ""; } elseif (empty($_POST["title"])) { $title_error = "<p class='error'>Du har ikke skrevet inn noen tittel</p>"; } else { $title_error = ""; } if(!isset($_POST["ridesc"])) { $desc_error = ""; } elseif (empty($_POST["ridesc"])) { $desc_error = "<p class='error'>Du har ikke skrevet inn noen tekst</p>"; } else { $desc_error = ""; } if(!isset($_POST['new_image'])) { $file_error = ""; } elseif(file_exists($target)) { $file_error = "<p class='error'>Filen finnes allerede - vennligst gi filen et nytt navn før du forsøker igjen</p>"; } else { $file_error = ""; } if ((isset($_POST["submit"])) && (!isset($_POST["update"]))) { $update_error = "<p class='error'>Du har ikke haket av for å oppdatere!</p>"; } else { $update_error = ""; } if ((isset($_POST["ridesc"])) && (isset($_POST["update"])) && $desc_error =="" && $title_error == "" && $fname_error == "" && $lname_error == "" && $file_error == "") { if ((($ua['s_bilde']) == "webgfx/") || (($ua['s_bilde']) == "") || (!isset($_FILES['new_image']))) { mysql_query("UPDATE $about_info SET s_fname='$fname',s_lname='$lname',s_title='$title',`desc`='$ridesc',s_bilde='webgfx/kommer.gif' WHERE ID='$iID'"); } elseif (!isset($_FILES['new_image'])) { mysql_query("UPDATE $about_info SET s_fname='$fname',s_lname='$lname',s_title='$title',`desc`='$ridesc' WHERE ID='$iID'"); } elseif (isset($_FILES['new_image'])) { $imagename = $_FILES['new_image']['name']; //Normalize the filename for storage $imagename = strtolower($imagename); $imagename = preg_replace("/^[a-z0-9 -_.]#i/", "", $imagename); $imagename = str_replace(" ","_",$imagename); $source = $_FILES['new_image']['tmp_name']; $target = "webgfx/".$imagename; $imagepath = $imagename; $save = "webgfx/" . $imagepath; //This is the new file you saving $file = "webgfx/" . $imagepath; //This is the original file //The image file path going to the database $filePath = "$url_pics$imagepath"; if (file_exists($target)) { $file_error = "<p class='error'>Filen finnes allerede - vennligst gi filen et nytt navn og forsøk igjen</p>"; $formArray['bilde']=$target; } else { move_uploaded_file($source, $target); list($width, $height) = getimagesize($file) ; $modwidth = 115; $diff = $width / $modwidth; $modheight = $height / $diff; $tn = imagecreatetruecolor($modwidth, $modheight) ; $image = imagecreatefromjpeg($file) ; imagecopyresampled($tn, $image, 0, 0, 0, 0, $modwidth, $modheight, $width, $height) ; imagejpeg($tn, $save, 100) ; mysql_query("UPDATE $about_info SET s_fname='$fname',s_lname='$lname',s_title='$title',`desc`='$ridesc',s_bilde='$filePath' WHERE ID='$iID'"); } } /* if($iID == 61) { header("location: $domain/index.php?page=paamelding"); } else { header("location: $domain/index.php?page=about"); }*/ } ?> <fieldset id="about_innlegg"><legend>Endre om-oss informasjonen</legend> <form id="about_form_endring" method="post" action="<?php echo "$domain"; ?>/index.php?page=edit" enctype="multipart/form-data"> <p><input type="hidden" value="<?php echo $ua['ID']; ?>" name="ID" /></p> <?php echo $update_error; ?> <?php if (($cnum == 3) || ($cnum == 4) || ($cnum == 5)) { echo $file_error; ?> <p class="left"><!-- marked <p>-tag (see references below --> <?php if ((file_exists($formArray['bilde'])) || (($ua['s_bilde']) != "webgfx/kommer.gif")) { ?> <img class="left" src="../<?php echo $formArray['bilde']; ?>" alt="Bilde av <?php echo "$ua[s_fname] $ua[s_lname]"; ?>" title="Bilde av <?php echo "$ua[s_fname] $ua[s_lname]"; ?>" /> <?php } else { ?> <img class="left" src="../webgfx/kommer.gif" alt="Bilde kommer" title="Bilde kommer" /> <?php } ?> <!-- continued content of the marked <p>-tag --> Bildet som vises er det som er lagret i databasen. Dersom det ikke eksisterer noe bilde for vedkommende, så benyttes standard-bildet. Det samme skjer dersom det ikke lastes opp noe nytt bilde.<br /><br /> <span class="important">Dersom nytt bilde lastes opp, så vil dette overskrive verdien i databasen.</span> <br /><br /> Bildet blir automatisk justert i størrelse til å passe i bredden. <br /> <input name="new_image" id="new_image" size="30" type="file" /> <input class="button" type="reset" name="cancel" value="Reset bilde" /> </p><!-- this is the end of the <p>-tag previously marked --> <div class="clear"> </div> <p><label>Fornavn: <?php echo $imp; ?></label> <input class="formlook" type="text" name="fname" size="25" maxlength="60" value="<?php echo $formArray['fname']; ?>" /> <label>Etternavn: <?php echo $imp; ?></label> <input class="formlook" type="text" name="lname" size="29" maxlength="100" value="<?php echo $formArray['lname']; ?>" /></p> <?php echo $fname_error; ?> <?php echo $lname_error; ?> <p><label>Tittel: <?php echo $imp; ?></label> <input class="formlook" type="text" name="title" size="73" maxlength="200" value="<?php echo $formArray['s_title']; ?>" /></p> <?php echo $title_error; ?> <p><label>Epostadresse: <?php echo $imp; ?></label> <input class="formlook" type="text" name="epost" size="64" maxlength="100" value="<?php echo $ua['s_mail']; ?>" /></p> <?php } else {} ?> <p><label>Beskrivelse: <?php echo $imp; ?></label><br /> <textarea class="formlook" name="ridesc" rows="9" cols="60" value="<?php echo $formArray['desc']; ?>" ><?php echo $formArray['desc']; ?></textarea></p> <?php echo $desc_error; ?> <p><label>Oppdater:</label><input class="formlook" type="checkbox" name="update" value="1" /><span class="important">Denne må hakes av dersom du skal få oppdatert</span></p> <p> <input class="button" type="submit" name="submit" value="Endre informasjon" /> <input class="button" type="button" name="cancel" value="Kanseller endring" onClick="window.location='<?php echo "$domain"; ?>/index.php?page=about'"> </p> </form> <?php } PHP: What I sort of need this code to do, is as follows: 1. if I edit pure textboxes, it should just save the content and that's it (this works) 2. if I edit a post with a picture, it should check the values (name, title, email, description and display errors etc.) - this also works 3. if there is no picture uploaded (!isset($_FILES['new_image'])) it should check for what value exists - if there isn't any picture in the database, it should use the default picture 4. if there is a picture already there, it should keep it, and do nothing 5. if there is a picture uploaded, it should use this, of course - it should also check to see if the picture chosen for upload exists (filename) - if so, it should throw an error 3/4/5 is what I'm having trouble with right now.... Anyone taking a look at this and helping me will get +rep, of course!
Hello, Well we havent looked through ur codes and we read the work u need to finish so..here are the things which might help you. first of all.. U said u are doing for editing right... pass the value of the current image in a hidden value <input name="oldImageName" type="hidden" value="<?php echo $imageName?>" /> now when u post the values: u do like this $oldImageName = $_REQUEST['oldImageName']; if($oldImageName =="") { $fileName = $_FILES['fileField']['name']; } else { $fileName = $oldImageName; } PHP: Now, this will help you in both cases regarding the image Regards Stylesofts Developing Team
From a quick check: First, you'll want to have a more reliable way of determining whether a file has been uploaded: Make sure the submitting form has ENCTYPE="multipart/form-data" On the processing side, create a function that checks the files array to confirm the upload status (status/error codes in FILE array), file size (compare what's reported in FILE with filesize result), AND use is_uploaded file on the temporary file --if and only if all these things match, go ahead and let that function return true. -- The rest of your logic might be fine for your application, but these steps are important to ensure file-upload-dependent logic only gets called when appropriate.
The form has enctype="multipart/form-data" I will look into error-checking for the file array. Haven't really worked that much with files and PHP, so it's a little bit touch and go
Got it working Now... would anyone want to actually look at the code and tell me what I've done totally wrong? (I'm sure there are some very bad coding in there, and I'd like for the upload to be as clean and easy as possible). /**/ //lets you edit the various information /**/ elseif ($iID=$_POST['maID']) { $ua=mysql_fetch_array(mysql_query("SELECT * FROM $about_info WHERE ID = ('$iID')"),MYSQL_BOTH); $cnum = $ua['cat_num']; $new_pic = $_FILES["new_image"]["name"]; /* $new_pic = strtolower($imagename); $new_pic = preg_replace("/^[a-z0-9 -_.]#i/", "", $imagename); $new_pic = str_replace(" ","_",$imagename);*/ if (isset($_POST['submit'])) { $formArray['desc']=$_POST['ridesc']; $formArray['s_title']=$_POST['title']; $formArray['fname']=$_POST['fname']; $formArray['lname']=$_POST['lname']; $formArray['email']=$_POST['epost']; } else { $formArray['desc']=$ua['desc']; $formArray['s_title']=$ua['s_title']; $formArray['fname']=$ua['s_fname']; $formArray['lname']=$ua['s_lname']; $formArray['bilde']=$ua['s_bilde']; $formArray['email']=$ua['s_mail']; } if (!empty($_FILES["new_image"]["name"])) { $formArray['bilde']="$url_pics" . "$new_pic"; } elseif ((empty($ua['s_bilde'])) || ($ua['s_bilde'] == $url_pics)) { $formArray['bilde'] = $url_pics . "kommer.gif"; } else { $formArray['bilde']=$ua['s_bilde']; } //the variables taken from the form $iID=$_POST['maID']; $update=$_POST['update']; $fname=mysql_real_escape_string($_POST['fname']); $lname=mysql_real_escape_string($_POST['lname']); $title=mysql_real_escape_string($_POST['title']); $ridesc=mysql_real_escape_string($_POST['ridesc']); $email=$_POST['epost']; //check to see if values have been entered and that they are entered correctly //if not, display error-message if(!isset($_POST["fname"])) { $fname_error = ""; } elseif (empty($_POST["fname"])) { $fname_error = "<p class='error'>Du har ikke skrevet inn fornavn</p>"; } else { $fname_error = ""; } if(!isset($_POST["lname"])) { $lname_error = ""; } elseif (empty($_POST["lname"])) { $lname_error = "<p class='error'>Du har ikke skrevet inn etternavn</p>"; } else { $lname_error = ""; } if(!isset($_POST["title"])) { $title_error = ""; } elseif (empty($_POST["title"])) { $title_error = "<p class='error'>Du har ikke skrevet inn noen tittel</p>"; } else { $title_error = ""; } if(!isset($_POST["ridesc"])) { $desc_error = ""; } elseif (empty($_POST["ridesc"])) { $desc_error = "<p class='error'>Du har ikke skrevet inn noen tekst</p>"; } else { $desc_error = ""; } if(!isset($_POST["epost"])){ $mail_error = ""; } elseif (empty($_POST["epost"])) { $mail_error = "<p class='error'>Du har ikke skrevet inn epostadresse</p>"; } elseif(check_email_address($email)) { $mail_error = ""; } else { $mail_error = "<p class='error'>Epostadressen du har skrevet inn er ikke gyldig</p>"; } if ((isset($_POST["submit"])) && (!isset($_POST["update"]))) { $update_error = "<p class='error'>Du har ikke haket av for å oppdatere!</p>"; } else { $update_error = ""; } /* if (empty($_FILES["new_image"]["name"])) { $pic_error = ""; } else {*/ if (($_FILES["new_image"]["type"]) == ("image/gif" || "image/jpeg" || "image/png")) { if ($_FILES["new_image"]["error"] > 0) { $pic_error = "<p class='error'>". $_FILES["new_image"]["error"] . "</p>"; } else { if (file_exists("$upload_pics" . $_FILES["new_image"]["name"])) { $pic_error = "<p class='error'>" . $_FILES["new_image"]["name"] . " finnes allerede. Vennligst gi filen et nytt navn og forsøk igjen.</p>"; } else { move_uploaded_file($_FILES["new_image"]["tmp_name"], "$upload_pics" . $_FILES["new_image"]["name"]); list($width, $height) = getimagesize("$url_pics"."$new_pic"); $modwidth = 115; $diff = $width / $modwidth; $modheight = $height / $diff; $tn = imagecreatetruecolor($modwidth, $modheight) ; $image = imagecreatefromjpeg("$url_pics"."$new_pic") ; imagecopyresampled($tn, $image, 0, 0, 0, 0, $modwidth, $modheight, $width, $height) ; imagejpeg($tn, "$url_pics"."$new_pic", 100) ; $pic_error = ""; } } } //} if ((isset($_POST["ridesc"])) && (isset($_POST["update"])) && $desc_error =="" && $title_error == "" && $fname_error == "" && $lname_error == "" && $file_error == "" && $mail_error == "" && $pic_error == "") { mysql_query("UPDATE $about_info SET s_fname='$fname',s_lname='$lname',s_title='$title',`desc`='$ridesc',s_bilde='$formArray[bilde]' WHERE ID='$iID'"); if($iID == 61) { header("location: $domain/index.php?page=paamelding"); } else { header("location: $domain/index.php?page=about"); } } ?> <fieldset id="about_innlegg"><legend>Endre om-oss informasjonen</legend> <form id="about_form_endring" method="post" action="<?php echo "$domain"; ?>/index.php?page=edit" enctype="multipart/form-data"> <p><input type="hidden" value="<?php echo $ua['ID']; ?>" name="maID" /></p> <?php if (($cnum == 3) || ($cnum == 4) || ($cnum == 5)) { echo $file_error; ?> <!-- This is the picture-display - start mark --> <p class="left"> <?php if ((isset($_FILES['new_image']['name'])) || (($ua['s_bilde']) != "")) { ?> <img class="left" src="../<?php echo $formArray['bilde']; ?>" alt="Bilde av <?php echo "$ua[s_fname] $ua[s_lname]"; ?>" title="Bilde av <?php echo "$ua[s_fname] $ua[s_lname]"; ?>" /> <?php } else { ?> <img class="left" src="../<?php echo $formArray['bilde']; ?>" alt="Bilde kommer" title="Bilde kommer" /> <?php } ?> Bildet som vises er det som er lagret i databasen. Dersom det ikke eksisterer noe bilde for vedkommende, så benyttes standard-bildet. Det samme skjer dersom det ikke lastes opp noe nytt bilde.<br /><br /> <span class="important">Dersom nytt bilde lastes opp, så vil dette overskrive verdien i databasen.</span> <br /><br /> Bildet blir automatisk justert i størrelse til å passe i bredden. <br /> <input name="new_image" id="new_image" size="50" type="file" /> <input class="button" type="reset" name="cancel" value="Reset bilde" /> </p> <!-- This is the the picture-display - end mark --> <div class="clear"> </div> <?php echo $pic_error; ?> <p> <label>Fornavn: <?php echo $imp; ?></label> <input class="formlook" type="text" name="fname" size="25" maxlength="60" value="<?php echo $formArray['fname']; ?>" /> <label>Etternavn: <?php echo $imp; ?></label> <input class="formlook" type="text" name="lname" size="29" maxlength="100" value="<?php echo $formArray['lname']; ?>" /> </p> <?php echo $fname_error; ?> <?php echo $lname_error; ?> <p><label>Tittel: <?php echo $imp; ?></label> <input class="formlook" type="text" name="title" size="73" maxlength="200" value="<?php echo $formArray['s_title']; ?>" /> </p> <?php echo $title_error; ?> <p><label>Epostadresse: <?php echo $imp; ?></label> <input class="formlook" type="text" name="epost" size="64" maxlength="100" value="<?php echo $formArray['email']; ?>" /> </p> <?php echo $mail_error; ?> <?php } else {} ?> <p><label>Beskrivelse: <?php echo $imp; ?></label><br /> <textarea class="formlook" name="ridesc" rows="9" cols="60" value="<?php echo $formArray['desc']; ?>" ><?php echo $formArray['desc']; ?></textarea> </p> <?php echo $desc_error; ?> <p><label>Oppdater:</label> <input class="formlook" type="checkbox" name="update" value="1" /><span class="important">Denne må hakes av dersom du skal få oppdatert</span> </p> <?php echo $update_error; ?> <p> <input class="button" type="submit" name="submit" value="Endre informasjon" /> <input class="button" type="button" name="cancel" value="Kanseller endring" onClick="window.location='<?php echo "$domain"; ?>/index.php?page=about'"> </p> </form> <?php } PHP: