CODEWITHSUNDEEP
phpmysql
user1084949
user1084949

Reputation: 65

update statement with image

I have a php page with form for updating records and image I don’t know what is wrong with the update statement ,,, the values of fields are taken and I can see them on url through the GET method ... But when I run the page and update record information is not changing and nothing appear on the page ,,, since none of fields r taking the update I think my update statement having problem ,,,here is the code:

<?php

    // Connect to the database
    require("includes/conn.php");
    // Script Variables

    $target_dir = 'images/';

    $file_given = false;
    $inputs_given = false;
    $id_given = false;

    if(isset($_POST['serialid']) && $_POST['serialid'] != "")
    {
        $serialid = $_POST['serialid'];
        $id_given = true;
    }


        // You only need to catch input from a create or modify action, so start by checking for ALL the REQUIRED inputs
        if(isset($_POST['name']) && $_POST['name'] != "" && isset($_POST['description']) && $_POST['description'] != "" && isset($_POST['price']) && $_POST['price'] != "")
        {
            $name = $_POST['name'];
            $paragraph = $_POST['description'];
            $price = $_POST['price'];

            if(isset($_POST['picture']) && $_POST['picture'] != "")
            {
                $picture = basename($_FILES['picture']['name']);
                $file_given = true; 
            } 

            // Just some verification (not really much, but you can write your own functions and slot them in
            $name_safe = true;
            $description_safe = true;
            $price_safe = true;
            $picture_safe = false;


            if($_FILES["picture"]["type"] == "image/gif" || $_FILES["picture"]["type"] == "image/jpg" || $_FILES["picture"]["type"] == "image/png" || $_FILES["picture"]["type"] == "image/bmp")
                $picture_safe = true;

            if($name_safe && $description_safe && $price_safe && $picture_safe)
                $inputs_given = true;
        }

        if($id_given && $inputs_given)
        {
            // Search for the record and see if it exists
            $get_record = mysql_query("SELECT serial, picture FROM products WHERE serial='$serialid'");
            $record_exists = mysql_num_rows($get_record);

            if($record_exists == 1)
            {
                if($file_given)
                {
                    $update_image = ", picture='$picture'";

                    // Now we need to remove the old image from the file system and upload our new one in it's place

                    $previous_image = mysql_result($get_record,'0','picture');
                    unlink($target_dir . $previous_image);

                    //Now that the previous image has been removed, we need to upload our new image
                    $new_image = $target_dir . $picture ;
                    move_uploaded_file($_FILES['picture']['tmp_name'], $new_image);
                }
                else
                    $update_image = "";

                if(mysql_query("UPDATE products SET name='$name', description='$description', price='$price', " . $update_image . " WHERE serial='$serialid'"))
                    $action_output = "Record successfully modified.";
                else
                    $action_output = "Record modification unsuccessful.";
            }
            else
                $action_output = "The record id you specified does not exist.";
        }

?>
<html>
    <head>
        <title>Manage Records</title>
    </head>

    <body>
        <?php echo $action_output; ?>
    </body>
</html>
<?php
    // Disconnect from the database
?>

Here is the url when I click the modify 

http://localhost/Shopping/update.php?name=View+Sonic+LCD&description=LCD&price=250&picture=C%3A%5CDocuments+and+Settings%5Ce2565%5CMy+Documents%5CTwasul%5Ctlogo%5Cicon%5Cpic1.jpg&serialid=1

My Modify Form is this 

<?php

    // Connect to the database
    require("includes/conn.php");
    $id_given = false;
    if(isset($_POST['serialid']) && $_POST['serialid'] != "")
    {
        $serialid = $_POST['serialid'];
        $id_given = true;
    }

    if($id_given)
    {
        $get_record = mysql_query("SELECT * FROM products WHERE serial='$serialid'");
        $record = mysql_fetch_array($get_record);

        $output = '<form method="POST" enctype="multipart/form-data" action="update.php?serialid=' . $record['serialid'] . '&action=modify">

                    <table>
                    <tr>
                    <td>Name:</td>
                    <td><input name="name" type="text"  value="' . $record['name'] . '"/></td>
                    </tr>
                    <tr>
                    <td>Description :</td>
                    <td><textarea name="description" cols="45" rows="5">' . $record['description'] . '</textarea></td>
                    </tr>
                    <tr>
                    <td>Price:</td>
                    <td><input name="price" type="text"  value="' . $record['price'] . '"/></td>
                    </tr>
                    <td colspan="2"><img height="50" width="50" src="../images/' . $record['picture'] . '"/><br/>' . $record['picture'] . '</td>
                    </tr> 
                    <tr>
                    <td>Modify Image:</td>
                    <td><input name="picture" type="file" value="" /></td>
                    </tr>
                    <tr>
                    <td colspan="2"><input type="submit" value="Modify Record"/>
                    </td>
                    </tr>
                    </table>

</form>';

    }
    else
        $output = 'No record id was specified.';
?>
<html>
    <head>
        <title>Modify Record</title>
    </head>

    <body>
        <?php echo $output; ?>
    </body>
</html>
<?php
    // Disconnect from the database
?>

Upvotes: 0

Views: 182

Answers (2)

jbrtrnd
jbrtrnd

Reputation: 3833

First, you have an extra comma in this line, before the WHERE : 

if(mysql_query("UPDATE products SET name='$name', description='$description', price='$price', " . $update_image . " WHERE serial='$serialid'"))

The correct syntax is : 

if(mysql_query("UPDATE products SET name='$name', description='$description', price='$price' " . $update_image . " WHERE serial='$serialid'"))

Then, you said

I can see them on url through the GET method

But in your script you are using $_POST variable to get values, use $_GET instead or change the method of your form to post.
If you want to upload a picture you have to use post method, the file will be available in the $_FILES variable.
In your example, you pass parameters by URL so, with the get method, and the "picture" is just the path to the picture in your PC, and it's not uploaded on the server.

EDIT :
Add "<input type='hidden' name='serialid' value='".$record['serialid']."' />" AND "<input type='hidden' name='action' value='modify' />" in your form instead of add this parameters to the action url of it, and it should work

Upvotes: 1

Juice
Juice

Reputation: 3063

you have added comma in $update_image = ", picture='$picture'"; as well as in

if(mysql_query("UPDATE products SET name='$name', description='$description', price='$price', " . $update_image . " WHERE serial='$serialid'"))

either remove the comma in $update_image = " picture='$picture'"; or remove in this

if(mysql_query("UPDATE products SET name='$name', description='$description', price='$price' " . $update_image . " WHERE serial='$serialid'"))'

Upvotes: 0

Related Questions