I am trying to update a specific value from my table getting them as row from a table let’s say the name but the problem is the image, cause i can’t pass a value to an input field type = file
I need to update the value in the database only if there is a value to change if not don’t change the value that already is there.
My query looks like this and i would like to know what i can change to update image value only if there is a value
//image upload + validation $file = $_FILES['image']; $file_name = $_FILES['image']['name'];//file name var_dump($file_name); $file_location = $_FILES['image']['tmp_name']; //temporary location $file_size = $_FILES['image']['size'];// size $file_error = $_FILES['image']['error'];// error 0 if no error or 1 if there is an error $temp_extension = explode('.',$file_name);//explode from . file extension, we have file name and extension $file_extension = strtolower(end($temp_extension)); // extension name (end return the last element of the array) $allowed_extensions = array('jpg', 'jpeg', 'png', 'pdf'); if (empty($file_name)) { if (in_array($file_extension, $allowed_extensions)) { if ($file_error === 0) { if ($file_size < 15728640) { //15728640b(bytes binary) 15mb mediumblob $new_file_name = uniqid('',true).".".$file_extension; // var_dump($new_file_name); $file_destination = dirname(__FILE__, 2)."/images/".$new_file_name; move_uploaded_file($file_location, $file_destination); }else { echo "Sorry your file size it's too big!"; } }else { echo "Sorry, there was an error, try again"; } }else { echo "Sorry, your file type is not accepted"; } } if(is_array($row)) { $sql = "UPDATE `accommodation` SET `name` = '{$_POST['name']}', `image` = '$new_file_name', `description` = '{$_POST['description']}', `adress` = '{$_POST['adress']}', `link` = '{$_POST['link']}' WHERE `id` = '{$_POST['id']}'"; mysqli_query(get_connection(), $sql); var_dump($sql); // header("Location: admin.php?page=accommodation_list"); }else{ $conn = get_connection(); $sql = "INSERT INTO `accommodation` (`name`, `image`, `description`, `adress`, `link`) VALUES ('{$_POST['name']}', '$new_file_name', '{$_POST['description']}', '{$_POST['adress']}', '{$_POST['link']}')"; mysqli_query($conn, $sql); $accommodation_id = mysqli_insert_id($conn); header("Location: admin.php?page=room_add_edit"); }//end if else
This is the query that i need to change but i don’t know how….
$sql = "UPDATE `accommodation` SET `name` = '{$_POST['name']}', `image` = '$new_file_name', `description` = '{$_POST['description']}', `adress` = '{$_POST['adress']}', `link` = '{$_POST['link']}' WHERE `id` = '{$_POST['id']}'";
I am aware of SQL injection but first i need this query to work then i will work on SQL injection, and i typed address as adress and i have to change that too.
I have changed the code to this but i don’t know if it’s a good way to do it
//image upload + validation $file = $_FILES['image']; $file_name = $_FILES['image']['name'];//file name var_dump($file_name); $file_location = $_FILES['image']['tmp_name']; //temporary location $file_size = $_FILES['image']['size'];// size $file_error = $_FILES['image']['error'];// error 0 if no error or 1 if there is an error $temp_extension = explode('.',$file_name);//explode from . file extension, we have file name and extension $file_extension = strtolower(end($temp_extension)); // extension name (end return the last element of the array) $allowed_extensions = array('jpg', 'jpeg', 'png', 'pdf'); if (!empty($file_name)) { if (in_array($file_extension, $allowed_extensions)) { if ($file_error === 0) { if ($file_size < 15728640) { //15728640b(bytes binary) 15mb mediumblob $new_file_name = uniqid('',true).".".$file_extension; // var_dump($new_file_name); $file_destination = dirname(__FILE__, 2)."/images/".$new_file_name; move_uploaded_file($file_location, $file_destination); $text1 = "`image` = '$new_file_name',"; }else { echo "Sorry your file size it's too big!"; } }else { echo "Sorry, there was an error, try again"; } }else { echo "Sorry, your file type is not accepted"; } }else { $text1 = ""; } if(is_array($row)) { $sql = "UPDATE `accommodation` SET `name` = '{$_POST['name']}', $text1 `description` = '{$_POST['description']}', `adress` = '{$_POST['adress']}', `link` = '{$_POST['link']}' WHERE `id` = '{$_POST['id']}'"; mysqli_query(get_connection(), $sql); var_dump($sql); // header("Location: admin.php?page=accommodation_list"); }
Advertisement
Answer
you can simply check the file uploaded or not using a third variable. If file uploaded than save new file name otherwise save the old file name. So you will not lose your file on update. I am assuming you are getting whole row data in $row so check below code
$is_file_uploaded = 0; if (empty($file_name)) { if (in_array($file_extension, $allowed_extensions)) { if ($file_error === 0) { if ($file_size < 15728640) { //15728640b(bytes binary) 15mb mediumblob $new_file_name = uniqid('',true).".".$file_extension; // var_dump($new_file_name); $file_destination = dirname(__FILE__, 2)."/images/".$new_file_name; move_uploaded_file($file_location, $file_destination); $is_file_uploaded = 1; }else { echo "Sorry your file size it's too big!"; } }else { echo "Sorry, there was an error, try again"; } }else { echo "Sorry, your file type is not accepted"; } if(is_array($row)) { $new_file_name = ($is_file_uploaded == 1) ? $new_file_name : $row['image']; //your code } }