Tabytha
Tabytha

Reputation: 25

Edit and Insert form element using php

I have a form to insert and also update

<form name="image_form" enctype="multipart/form-data" action="image-upload.php" method="POST" id="image_form" role="form">
<div class="form-group">
    <label>Image</label>
    <input name="picture" type="file" id="pics" value="">
</div>
<div class="form-group">
    <label>Image Name</label>
    <input name="picture_name" type="text" required class="form-control" value="<?php echo $row_images['img_name']; ?>">
</div>
<div class="form-group">
    <label>Image Description</label>
    <input name="picture_descrip" type="text" required class="form-control" value="<?php echo $row_images['img_descrip']; ?>">
</div>
<button type="submit" class="btn btn-default">Save</button>

The form action image-upload.php

    <?php
    require_once ('connections/dbconnect.php');
    if (!function_exists("GetSQLValueString")) {
    function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") {
        if (PHP_VERSION < 6) {
            $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
        }

        $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
        switch ($theType) {
            case "text":
                $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
                break;

            case "long":
            case "int":
                $theValue = ($theValue != "") ? intval($theValue) : "NULL";
                break;

            case "double":
                $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
                break;

            case "date":
                $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
                break;

            case "defined":
                $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
                break;
        }
        return $theValue;
    }
}

$target_dir = "imgs/";
$target_file = $target_dir . basename($_FILES["picture"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file, PATHINFO_EXTENSION);

// Check for image originality
if (isset($_POST["save"])) {
    $check = getimagesize($_FILES["picture"]["tmp_name"]);
    if ($check !== false) {
        echo "File is an image - " . $check["mime"] . ".";
        $uploadOk = 1;
    } 
    else {
        echo "File is not an image.";
        $uploadOk = 0;
    }
}

// Check if file already exists
if (file_exists($target_file)) {
    echo "Sorry, file already exists.";
    $uploadOk = 0;
}

// image size limit
if ($_FILES["picture"]["size"] > 600000) {
    echo "Sorry, your file is too large.";
    $uploadOk = 0;
}

// Allow certain file formats
if ($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif") {
    echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
    $uploadOk = 0;
}

//update query
if ((isset($_GET['edit'])) && ($_GET['edit'] != "")) {
    $updateSQL = sprintf("UPDATE `image` SET image=%s, img_name=%s,   img_descrip=%s WHERE img_id=%s", GetSQLValueString($_FILES["picture"]["name"], "text"), GetSQLValueString($_POST['picture_name'], "text"), GetSQLValueString($_POST['picture_descrip'], "text"), GetSQLValueString(date("y-m-d"), "date"), GetSQLValueString($_POST['img_id'], "int"));

    mysql_select_db($database_dbconnect, $dbconnect);
    $Result1 = mysql_query($updateSQL, $dbconnect) or die(mysql_error());

    $updateGoTo = "image-list.php?msg=Image updated successfullly";
    if (isset($_SERVER['QUERY_STRING'])) {
        $updateGoTo.= (strpos($updateGoTo, '?')) ? "&" : "?";
        $updateGoTo.= $_SERVER['QUERY_STRING'];
    }
    header(sprintf("Location: %s", $updateGoTo));
} 
else {

    //insert query
    $insertSQL = sprintf("INSERT INTO `images` (image, img_name, img_descrip, img_date ) VALUES (%s, %s, %s, %s)", GetSQLValueString($_FILES["picture"]["name"], "text"), GetSQLValueString($_POST['picture_name'], "text"), GetSQLValueString($_POST['picture_descrip'], "text"), GetSQLValueString(date("y-m-d"), "date"));

    mysql_select_db($database_dbconnect, $dbconnect);
    $Result1 = mysql_query($insertSQL, $dbconnect) or die(mysql_error());

    $insertGoTo = "image-list.php?msg=Image successfully Posted!!!";
    if (isset($_SERVER['QUERY_STRING'])) {
        $insertGoTo.= (strpos($insertGoTo, '?')) ? "&" : "?";
        $insertGoTo.= $_SERVER['QUERY_STRING'];
    }
    header(sprintf("Location: %s", $insertGoTo));
}

// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
    echo "Sorry, your file was not uploaded.";

    // if everything is ok, try to upload file


} 
else {
    if (move_uploaded_file($_FILES["picture"]["tmp_name"], $target_file)) {
        echo "The file " . basename($_FILES["picture"]["name"]) . " has been uploaded.";
    } 
    else {
        echo "Sorry, there was an error uploading your file.";
    }
}
?>

Now the parameter 'edit' is from here

<a href="image-edit.php?edit=<?php echo $row_images['img_id']?>" title="Edit User">
 <button type="button" class="btn btn-primary btn-circle">
 <i class="fa fa-pencil"></i></button>
</a>

But when i click on the edit button which is supposed to update it keeps inserting, What did I do wrong?

Upvotes: 1

Views: 65

Answers (1)

sergio
sergio

Reputation: 5260

The problem in you SQL query, in oder of variables:

$updateSQL = sprintf("UPDATE `image` SET 
      image=%s,
      img_name=%s,  
      img_descrip=%s 
      WHERE img_id=%s",
       GetSQLValueString($_FILES["picture"]["name"], "text"),
       GetSQLValueString($_POST['picture_name'], "text"),
       GetSQLValueString($_POST['picture_descrip'], "text"),
       GetSQLValueString(date("y-m-d"), "date"),
       GetSQLValueString($_POST['img_id'], "int"));

So, for img_id you set GetSQLValueString(date("y-m-d"), "date") I believe there should be img_date in your query, something like that:

 $updateSQL = sprintf("UPDATE `image` SET 
          image=%s,
          img_name=%s,  
          img_descrip=%s 
          img_date=%s 
          WHERE img_id=%s",

Upvotes: 1

Related Questions