Hi Guys,
I got a problem with updating images in mysql database wih php form.
It succesfully inserted the images into the database, but it can't do any updates/changse on the existing image record.

Thanks

<? 

session_start(); 
include("database.php");
include("login.php");


$pro_id = $_POST['pro_id'];
$pro_name = $_POST['pro_name'];
$pro_cat = $_POST['pro_cat'];
$pro_desc = $_POST['pro_desc'];
$pro_price = $_POST['pro_price'];


echo "<a href=\"main.php\">Main Menu</a><br>"; 
echo "<a href=\"logout.php\">Log Out</a><br>"; 

?>
<form action='edit.php' method='POST' enctype='multipart/form-data'>
<TABLE>
<TR>
   <?$sql = mysql_query("select * from category");?>
	   <TD>Product Category:</TD>   
	   <TD> 
			<select name='pro_cat'>
			<option value="">Select Category</option>;
			<?
				while($row=mysql_fetch_array($sql))
				{
					echo "<option value='$row[cat_id]'>$row[cat_name]</option>";
					echo $cat_name;
				}
			?>
			</select>
	</TD>
	
   <TD><INPUT TYPE='submit' name='submit' value='View'></TD> 
</TR>
</TABLE>
</form>
<?




if (isset($_POST['edit'])) 
{
	
		$name = $_FILES['myfile']['name'];
		$tmp_name = $_FILES['myfile']['tmp_name'];

if($name)
	{	
		echo "it in here";	
		$location = "avatars/$name";
		move_uploaded_file($tmp_name, $location);
		$sql = "UPDATE product SET pro_name ='$pro_name', pro_cat ='$pro_cat', pro_desc ='$pro_desc', pro_price ='$pro_price', imagelocation ='$location'  WHERE pro_id ='$pro_id'";
		$result = mysql_query($sql);
		echo "<br>Product has been Edited.<br><br><br>";
		die(); 
	}


}               

$sql = mysql_query("SELECT * FROM product where user_id = '$_SESSION[user_id]'and pro_cat = '$pro_cat' ORDER  by pro_id ASC")or die(mysql_error());



while($row = mysql_fetch_array($sql))
{ 
$location = $row[imagelocation];
	?>
			<form action='edit.php' method='post'>
			<table border='3'>
				<tr>
				<td>
				<table>
					bla....bla..bla

					bla...bla...bla..
							
							
				<TR>
				<TD>Image:</TD>
				<TD><input name='myfile' type='file'></TD>
				</TR><br>		
												
				</table>
				

			<input type='hidden' name='pro_id' maxlength='60' value = '<?php echo $row['pro_id']; ?>'>
			<tr><td colspan='2' align='right'>
			<input type='submit' name='edit' value='Edit Product'>
			</td></tr>
			</table>
			</form><br><br><br>
	<?
}
?>

i'm assure the problem would be in here

if (isset($_POST['edit'])) 
{
	
		$name = $_FILES['myfile']['name'];
		$tmp_name = $_FILES['myfile']['tmp_name'];

if($name)
	{	
		echo "it in here";	
		$location = "avatars/$name";
		move_uploaded_file($tmp_name, $location);
		$sql = "UPDATE product SET pro_name ='$pro_name', pro_cat ='$pro_cat', pro_desc ='$pro_desc', pro_price ='$pro_price', imagelocation ='$location'  WHERE pro_id ='$pro_id'";
		$result = mysql_query($sql);
		echo "<br>Product has been Edited.<br><br><br>";
		die(); 
	}


}

First of all, I recommend filtering all data being sent through the SQL query to prevent 1) breaking the query, and, 2) SQL injections.

Use this to escape any dynamic data going in the query:

mysql_real_escape_string()

http://se2.php.net/manual/en/function.mysql-real-escape-string.php

If there is a single quote in any of the fields (like $pro_name, $pro_cat, etc..) it will break the query and leave it open for SQL injections if someone realizes this. Can you give this a try and see if it helps?

doesnt work either m8, got any other idea?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.