Member Avatar for gymangel812

I can't figure out what the problem is with my code. What I want it to do is add a new sandwich to the database when all fields are filed out and an image is uploaded. If product name field is not entered, the sandwich selected in the dropdown box should be updated to a new (from whatever the user entered) description, image, origin, etc.

1. When I try to add a new sandwich, it always echoes "All fields not filled out" but the sandwich is added to the DB with all fields except the image name.

2. When I try to use the dropdown box and not enter a product name, it goes through the same thing above and never updates the DB. It's like it never goes to the else statement.

<?php

echo '<html>
<head>
<title>Uploading...</title>
</head>
<body>
<h3>Uploading file...</h3>';

if ($_FILES['filename']['error'] > 0)
{
	echo 'Problem: ';
    	switch ($_FILES['filename']['error'])
    	{
      		case 1:  echo 'File exceeded upload_max_filesize';  break;
      		case 2:  echo 'File exceeded max_file_size';  break;
      		case 3:  echo 'File only partially uploaded';  break;
      		case 4:  echo 'No file uploaded';  break;
    	}
    	exit;
}

// put the file where we'd like it
$upfile = './images/'.$_FILES['filename']['name'];

if (is_uploaded_file($_FILES['filename']['tmp_name']))
{
     	if (!move_uploaded_file($_FILES['filename']['tmp_name'], $upfile))
     	{
        	echo 'Problem: Could not move file to destination directory';
        	exit;
     	}
}
else
{
    	echo 'Problem: Possible file upload attack. Filename: ';
    	echo $_FILES['filename']['name'];
    	exit;
}

echo '<p>File uploaded successfully<br><br>';

if (isset($_POST['description'])) {
	$description = $_POST['description'];
} else {
        $description = $_FILES['filename']['name'];
}

// show what was uploaded
echo '<p>Preview of uploaded file:<br><hr>';
echo "<a href='$upfile'>$description</a>";
echo '<br><hr>';
echo '</body></html>';


// Set up the database connection.
require_once ('mysqli_connect.php');

    //if name selected from drop down box
	if (isset($_POST['product_name']))
	{
		if (isset($_POST['product_name']) && isset($_POST['product_description']) && isset($_POST['price']))
		{

			// add new sandwich
			$product_name = $_POST['product_name'];
			$product_description = $_POST['product_description'];
			$price = $_POST['price'];

			$query = "INSERT INTO products (product_name, product_description, price)
								   VALUES ('$product_name', '$product_description', '$price')";

			$result = mysqli_query ($dbc, $query);

			$productid = mysqli_insert_id($dbc);

			if (isset($_POST['origin']))
			{

				$origin = $_POST['origin'];

				$query = "INSERT INTO origins (origin, productid) VALUES ('$origin', '$productid')";

				$result = mysqli_query ($dbc, $query);
			}

			if (isset($_POST['filename']))
			{

				$imagename = $_POST['filename'];

				$query = "INSERT INTO images (productid, image_name) VALUES ('$productid', '$imagename')";

				$result = mysqli_query ($dbc, $query);
			}

		else
		{
			echo '<p>Error - All fields are required!</p>';
		}
	}
else
	{
			// update product_name selected

			if (isset($_POST['product_id']) && isset($_POST['product_description']) && isset($_POST['price']))
			{

				$product_id = $_POST[product_id];
				$product_description = $_POST['product_description'];
				$price = $_POST['price'];

				$query = "UPDATE products SET product_description='$product_description', price='$price',
									   WHERE product_id='$product_id'";

				$result = mysqli_query ($dbc, $query);

				if (isset($_POST['origin']))
				{

					$origin = $_POST['origin'];

					$query = "INSERT INTO origins (origin, productid) VALUES ('$origin', '$productid')";

					$result = mysqli_query ($dbc, $query);
				}

				if (isset($_POST['filename']))
				{

					$imagename = $_POST['filename'];

					$query = "UPDATE images SET image_name='$imagename' WHERE product_id='$product_id'";

					$result = mysqli_query ($dbc, $query);
				}
			}

			else
			{
				echo '<p>Error!</p>';
			}

	}
}

echo 'Productid: ' . $productid . ' ' . ' Product Name: ' . $product_name . ' ' . ' Product Description: ' . $product_description . ' ' . ' Image Name: ' .
$imagename . ' Origin: ' . $origin . ' Price: ' . $price . '<br>';

if ($result) { // If it ran OK.

		echo '<p>Data has been entered successfully.</p>';

	} else { // If it did not run OK.

		echo '<p>Data has not been processed due to a system error.</p>';

        }

?>

dropdown menu

<html>
<body>

<h3>Homework 2</h3>

<form enctype="multipart/form-data" action="process_menu2.php" method="post">
<p><table border=0>
<TR>
<TD>Sandwich Name: </TD>
<TD>

<?php
  require_once ('mysqli_connect.php');

  $sql = "Select products.productid, product_name
from products, origins, images, prod_origins
Where products.productid = prod_origins.productid
And products.productid = images.productid
And PROD_ORIGINS.ORIGINID = ORIGINS.ORIGINID ORDER BY product_name ASC";

  $result = mysqli_query($dbc, $sql) or die( "Could not execute query: $query" );

  $str = "<SELECT NAME=product_id><BR>\n";
  while ($row = mysqli_fetch_array($result)) {
        $str .= '<OPTION VALUE=' .  $row['product_id'] . '>' . $row['product_name'] . '<BR>' . "\n";
  }
  $str .= '</SELECT>';

  echo $str
?>

</TD>
</TR>

<input type="hidden" name="MAX_FILE_SIZE" value="1000000">
<TR>
<TD>Enter a Sandwich Name:</TD>
<TD><input type="text" name="product_name" size="41"></TD>
</TR>

<TR>
<TR>
<TD>Sandwich Description:</TD>
<TD><input type="text" name="product_description" size="41"></TD>
</TR>
<TR>
<TD>Sandwich Origin:</TD>
<TD><input type="text" name="origin" size="41"></TD>
</TR>
<TR>
<TD>Sandwich Price:</TD>
<TD><input type="text" name="price" size="41"></TD>
</TR>
<TR>
<TR>
<TR>
<TD>Upload sandwich image: </TD>
<TD><input type="file" name="filename" size="41"></TD>
</TR>

</table>
<BR><BR>
<input type="submit" value="Submit">
</form>

</body>
</html>
  • 5 Contributors
  • 6 Replies
  • 118 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by sourcebits
Member Avatar for colweb

On line 87 of the first php file you use if (isset($_POST)). But this won't work. If you want the name of the uploaded file use $_FILES.
To check if any file is selected before the submit button is pressed use is_uploaded_file($_FILES[$filename]);
So in your code you could change this part: (between lines 32 and 33)

$upload_success = FALSE; 
if (is_uploaded_file($_FILES['filename']['tmp_name'])) {
    if (!move_uploaded_file($_FILES['filename']['tmp_name'], $upfile)) {
        echo 'Problem: Could not move file to destination directory';
        exit;
    }
    else {
        $upload_success = TRUE; // added this
    }
}
else {
    echo 'Problem: Possible file upload attack. Filename: ';

and this part: (lines 87 and up)

if ($upload_success) {
    $imagename = $_FILES['filename']['name'];
Edited by colweb because: n/a
Member Avatar for gymangel812

Ok I got the image name to display with the code below. But, I cannot figure out why even when the product name box is blank, it adds a new sandwich instead of updating the dropdown selected one.

<?php

echo '<html>
<head>
<title>Uploading...</title>
</head>
<body>
<h3>Uploading file...</h3>';

if ($_FILES['filename']['error'] > 0)
{
	echo 'Problem: ';
    	switch ($_FILES['filename']['error'])
    	{
      		case 1:  echo 'File exceeded upload_max_filesize';  break;
      		case 2:  echo 'File exceeded max_file_size';  break;
      		case 3:  echo 'File only partially uploaded';  break;
      		case 4:  echo 'No file uploaded';  break;
    	}
    	exit;
}

// put the file where we'd like it
$upfile = './images/'.$_FILES['filename']['name'];

if (is_uploaded_file($_FILES['filename']['tmp_name']))
{
     	if (!move_uploaded_file($_FILES['filename']['tmp_name'], $upfile))
     	{
        	echo 'Problem: Could not move file to destination directory';
        	exit;
     	}
}
else
{
    	echo 'Problem: Possible file upload attack. Filename: ';
    	echo $_FILES['filename']['name'];
    	exit;
}

echo '<p>File uploaded successfully<br><br>';

if (isset($_POST['description'])) {
	$description = $_POST['description'];
} else {
        $description = $_FILES['filename']['name'];
}

// show what was uploaded
echo '<p>Preview of uploaded file:<br><hr>';
echo "<a href='$upfile'>$description</a>";
echo '<br><hr>';
echo '</body></html>';

$imagename = $description;

// Set up the database connection.
require_once ('mysqli_connect.php');

    //if name selected from drop down box
	if (isset($_POST['product_name']))
	{
		if (isset($_POST['product_name']) && isset($_POST['product_description']) && isset($_POST['price']))
		{

			// add new sandwich
			$product_name = $_POST['product_name'];
			$product_description = $_POST['product_description'];
			$price = $_POST['price'];

			$query = "INSERT INTO products (product_name, product_description, price)
								   VALUES ('$product_name', '$product_description', '$price')";

			$result = mysqli_query ($dbc, $query);

			$productid = mysqli_insert_id($dbc);

			if (isset($_POST['origin']))
			{

				$origin = $_POST['origin'];

				$query = "INSERT INTO origins (origin, productid) VALUES ('$origin', '$productid')";

				$result = mysqli_query ($dbc, $query);
			}

			if (isset($_POST['filename']))
			{

				$query = "INSERT INTO images (productid, image_name) VALUES ('$productid', '$imagename')";

				$result = mysqli_query ($dbc, $query);
			}
		}

		else
		{
			echo '<p>Error - All fields are required!</p>';
		}
		echo 'Productid: ' . $productid . ' ' . ' Product Name: ' . $product_name . ' ' . ' Product Description: ' . $product_description . ' ' . ' Image Name: ' .
		$imagename . ' Origin: ' . $origin . ' Price: ' . $price . '<br>';
	}
	else
	{
			// update product_name selected

			if (isset($_POST['product_id']) && isset($_POST['product_description']) && isset($_POST['price']))
			{

				$product_id = $_POST[product_id];
				$product_description = $_POST['product_description'];
				$price = $_POST['price'];

				$query = "UPDATE products SET product_description='$product_description', price='$price',
									   WHERE product_id='$product_id'";

				$result = mysqli_query ($dbc, $query);
				echo 'products table updated';

				if (isset($_POST['origin']))
				{

					$origin = $_POST['origin'];

					$query = "INSERT INTO origins (origin, productid) VALUES ('$origin', '$productid')";

					$result = mysqli_query ($dbc, $query);
					echo 'origins table updated';
				}

				if (isset($_POST['filename']))
				{

					$imagename = $description;

					$query = "UPDATE images SET image_name='$imagename' WHERE product_id='$product_id'";

					$result = mysqli_query ($dbc, $query);
					echo 'images table updated';
				}
			}

			else
			{
				echo '<p>Error!</p>';
			}

	}


?>
Edited by gymangel812 because: n/a
Member Avatar for JRM

I'm a bit confused about the definition of $productid on line 73 and then its use in a query on line 83.

Member Avatar for rajarajan2017

When you select the dropdown list the product name get filled or you have a default name to be stored when you not typed anything? or the product name field showing blank after submit?

Edited by rajarajan2017 because: n/a
Member Avatar for gymangel812

I'm a bit confused about the definition of $productid on line 73 and then its use in a query on line 83.

Product ID is an auto incremented field. I use line 73 to get the product id. i need to add a product id with the other fields because it is a primary key.

When you select the dropdown list the product name get filled or you have a default name to be stored when you not typed anything? or the product name field showing blank after submit?

If a user selects from the drop down box, a (hidden) product id is actually selected. I use that product id to determine which records to update (this is the part not working, the code never reaches the else statement). If the product name box is not blank, I add a new sandwich to the DB.

Member Avatar for sourcebits

Please see i have made changes in one or two lines, it should work fine.

<?php
echo '<html>
<head>
<title>Uploading...</title>
</head>
<body>
<h3>Uploading file...</h3>';

if ($_FILES['filename']['error'] > 0)
{
    echo 'Problem: ';
        switch ($_FILES['filename']['error'])
        {
            case 1:  echo 'File exceeded upload_max_filesize';  break;
            case 2:  echo 'File exceeded max_file_size';  break;
            case 3:  echo 'File only partially uploaded';  break;
            case 4:  echo 'No file uploaded';  break;
        }
        exit;
}

// put the file where we'd like it
$upfile = './images/'.$_FILES['filename']['name'];

if (is_uploaded_file($_FILES['filename']['tmp_name']))
{
        if (!move_uploaded_file($_FILES['filename']['tmp_name'], $upfile))
        {
            echo 'Problem: Could not move file to destination directory';
            exit;
        }
}
else
{
        echo 'Problem: Possible file upload attack. Filename: ';
        echo $_FILES['filename']['name'];
        exit;
}

echo '<p>File uploaded successfully<br><br>';

if (isset($_POST['description'])) {
    $description = $_POST['description'];
} else {
        $description = $_FILES['filename']['name'];
}

// show what was uploaded
echo '<p>Preview of uploaded file:<br><hr>';
echo "<a href='$upfile'>$description</a>";
echo '<br><hr>';
echo '</body></html>';


// Set up the database connection.
require_once ('mysqli_connect.php');

    //if name selected from drop down box
    if (isset($_POST['product_name']))
    {
        if (isset($_POST['product_name']) && isset($_POST['product_description']) && isset($_POST['price']))
        {

            // add new sandwich
            $product_name = $_POST['product_name'];
            $product_description = $_POST['product_description'];
            $price = $_POST['price'];

            $query = "INSERT INTO products (product_name, product_description, price) VALUES ('$product_name', '$product_description', '$price')";

            $result = mysqli_query ($dbc, $query);

            $productid = mysqli_insert_id($dbc);

            if (isset($_POST['origin']))
            {

                $origin = $_POST['origin'];

                $query = "INSERT INTO origins (origin, productid) VALUES ('$origin', '$productid')";

                $result = mysqli_query ($dbc, $query);
            }

            if (isset($_POST['filename']))
            {
                //$imagename = $_POST['filename'];
                $imagename = $_FILES['filename']['name'];
                $query = "INSERT INTO images(productid,image_name) VALUES('$productid','$imagename')";
                $result = mysqli_query ($dbc, $query);
            }
            else
            {
              echo '<p>Error - All fields are required!</p>';
            }
    }
else
    {
            // update product_name selected

            if (isset($_POST['product_id']) && isset($_POST['product_description']) && isset($_POST['price']))
            {

                $product_id = $_POST[product_id];
                $product_description = $_POST['product_description'];
                $price = $_POST['price'];

                $query = "UPDATE products SET product_description='$product_description', price='$price',
                                       WHERE product_id='$product_id'";

                $result = mysqli_query ($dbc, $query);

                if (isset($_POST['origin']))
                {

                    $origin = $_POST['origin'];

                    $query = "INSERT INTO origins (origin, productid) VALUES ('$origin', '$productid')";

                    $result = mysqli_query ($dbc, $query);
                }

                if (isset($_POST['filename']))
                {

                    $imagename = $_POST['filename'];

                    $query = "UPDATE images SET image_name='$imagename' WHERE product_id='$product_id'";

                    $result = mysqli_query ($dbc, $query);
                }
            }

            else
            {
                echo '<p>Error!</p>';
            }

    }
}

echo 'Productid: ' . $productid . ' ' . ' Product Name: ' . $product_name . ' ' . ' Product Description: ' . $product_description . ' ' . ' Image Name: ' .
$imagename . ' Origin: ' . $origin . ' Price: ' . $price . '<br>';

if ($result) { // If it ran OK.

        echo '<p>Data has been entered successfully.</p>';

    } else { // If it did not run OK.

        echo '<p>Data has not been processed due to a system error.</p>';

        }

?>


<html>
<body>

<h3>Homework 2</h3>

<form enctype="multipart/form-data" action="process_menu2.php" method="post">
<p><table border=0>
<TR>
<TD>Sandwich Name: </TD>
<TD>

<?php
  require_once ('mysqli_connect.php');

  $sql = "Select products.productid, product_name
from products, origins, images, prod_origins
Where products.productid = prod_origins.productid
And products.productid = images.productid
And PROD_ORIGINS.ORIGINID = ORIGINS.ORIGINID ORDER BY product_name ASC";

  $result = mysqli_query($dbc, $sql) or die( "Could not execute query: $query" );

  $str = '<select name="product_id"><BR>'."\n";
  while($row = mysqli_fetch_array($result)){
        $str .= '<option value='.$row['product_id'].'>'.$row['product_name'].'<br>'."\n";
  }
  $str .= '</select>';

  echo $str
?>

</TD>
</TR>

<input type="hidden" name="MAX_FILE_SIZE" value="1000000">
<TR>
<TD>Enter a Sandwich Name:</TD>
<TD><input type="text" name="product_name" size="41"></TD>
</TR>

<TR>
<TR>
<TD>Sandwich Description:</TD>
<TD><input type="text" name="product_description" size="41"></TD>
</TR>
<TR>
<TD>Sandwich Origin:</TD>
<TD><input type="text" name="origin" size="41"></TD>
</TR>
<TR>
<TD>Sandwich Price:</TD>
<TD><input type="text" name="price" size="41"></TD>
</TR>
<TR>
<TR>
<TR>
<TD>Upload sandwich image: </TD>
<TD><input type="file" name="filename" size="41"></TD>
</TR>

</table>
<BR><BR>
<input type="submit" value="Submit">
</form>

</body>
</html>
Edited by mike_2000_17 because: Fixed formatting
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.