Hi guys,

I hope you can help me with a bug.

I have an update form to update data in a mysql database.
Whenever a user wants to update the picture they uploaded it through the html form.

For some reason my mysql querie on line 67 is not updating the path string to uploaded file location to the table.

I've spent hours on this, but I can't find the bug.

Please help.

Tom

<?php // edit_vision.php
	// Start Session
	session_start();
		
	// Check for a valid admin ID in COOKIE
	if (!isset($_SESSION['admin_id'])) {
		// Start defining the URL.
		$url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
	
		// Check for a trailing slash.
		if ((substr($url, -1) == '/') or (substr($url, -1) == '\\')) {
			$url = substr($url, 0, -1); // Chop off the slash.
		}
		
		$url .= '/admin_login.php';
		header("Location: $url");
		exit(); // Quit the script
	}
	else {
		include_once("../admin/includes/get_content.php");
		require_once('../../mysql_connect.php'); // Connect to the db.
		
		// Error array
		$upload_errors = array(
					   UPLOAD_ERR_OK           => "No errors.",
					   UPLOAD_ERR_INI_SIZE     => "Larger than upload_max_filesize.",
					   UPLOAD_ERR_FORM_SIZE    => "Larger than form MAX_FILE_SIZE.",
					   UPLOAD_ERR_PARTIAL      => "Partial upload.",
					   //UPLOAD_ERR_NO_FILE      => "No file.",
					   UPLOAD_ERR_NO_TEMP_DIR  => "No temporary directory.",
					   UPLOAD_ERR_CANT_WRITE   => "Can't write to disk.",
					   UPLOAD_ERR_EXTENSION    => "File upload stopped by extension."
					   );

		if (isset($_POST['submitted'])) {
			
			// Declare message arrays
			$messages = array();
			$errors = array();
	
			// process the form data
			$temp_file = $_FILES['vision_image']['tmp_name'];
			$target_file = basename($_FILES['vision_image']['name']);
			$upload_dir = "../images/site_images";
			$file_path = "../images/site_images/".$target_file;
			
			// Get updated vision text
			$vision_text = mysql_real_escape_string($_POST['vision_text']);
			//$file_path = mysql_real_escape_string($file_path);
			
			// Check for existing file name in target directory \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
			
			// Move uploaded file
			if (move_uploaded_file($temp_file, $file_path)) {
				$messages = "Image Updated Successfully.";
			}
			else {
				$errors = $_FILES['vision_image']['error'];
				$messages = $upload_errors[$errors];
			}
			
			
			if (!empty($_POST['vision_text'])) {
				
				// Make this UPDATE query if just the vision is being updated.
				$query = "UPDATE company SET vision=$vision_text WHERE company_id=1";
				if (!empty($_FILES['vision_image']['name'])) {
					
					// Make this UPDATE query if both vision image and vision text are being updated.
					$query = "UPDATE company SET vision=$vision_text, vision_picture='".$file_path."' WHERE company_id=1";

					// Check for affected rows	
					if (mysql_affected_rows() == 2) { // If it ran OK.
						$messages = "Both Vision Text and Vision Image were Updated Successfully.";
					}
					else {
						$errors = "Error - Update Not Complete - either Vision Text or Vision Image not Updated."; // Problem occurred
					}
				}
				// Check for affected rows
				if (mysql_affected_rows() == 1) { // If it ran OK.
					$messages = "Vision Text was Updated Successfully.";
				}
				else {
					$errors = "Error - Update Not Complete - Vision Text not Updated."; // Problem occurred
				}
			}
							
			// Execute query
			$result_set = mysql_query($query);
			$messages = "Company Vision Updated Successfully.";
			/*
			if (!empty($errors)) {
				foreach ($errors as $msg) {
					echo '<p class="error">'.$msg.'</p><br />';
				}
			}
			
			if (!empty($messages)) {
				foreach ($messages as $mess) {
					echo '<p class="error">'.$mess.'</p><br />';
				}
			} */
		}
		
		
		$page_title = "ResultsFocus Company Settings!";
		include("../admin/includes/admin_header.php");
	}
?>

				<div id="content">	
                	<div id="submenu">
        				<?php show_company_submenu(); ?>
        			</div> <!-- End submenu -->
                    <div id="page_title">
                    	Edit Vision
                    </div> <!-- End title -->
    				<div id="sub_content">
                    	<div id="vision">
                        	<?php show_vision(); ?>
                        </div>
                        <div id="edit_vision">
	                        
                            <?php echo $file_path."<br />".$query; ?>
	    					<form action="edit_vision.php" method="post" enctype="multipart/form-data">
    	                    <fieldset>
	    	                    <br />Vision Text<br />
                                <textarea name="vision_text" rows="10" cols="75" /><?php show_vision_text(); ?></textarea><br /><br />
    	    	                New Image<br />
                                <input type="hidden" name="MAX_FILE_SIZE" value="4000000">
                                <input type="file" name="vision_image" size="60" /><br /><br /><br />
                	        	<input type="hidden" name="submitted" value="TRUE" />
        	        	        <input type="submit" name="submit" value="Update" /><br /><br />
                                
                        	</fieldset>
                        	</form>
                        </div>
                        
    				</div> <!-- End sub_content -->
                    
<?php
	include('../admin/includes/admin_footer.php');
?>

Escaping the querie values solved me problem

// Make this UPDATE query if both vision image and vision text are being updated.
	$query = "UPDATE company
		SET 
		vision=\"$vision_text\", 
		vision_picture=\"$file_path\" 
		WHERE company_id=1";
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.