i am fairly new to php and i don't really know how to solve my problem. i allow users to post their products for sale. the post includes the posting title, description, post_id, user_id, and image info(image is not required)... if an image is uploaded, the file goes to the directory and the name of the file is stored in the db.
now, the problem is that i want to allow users to click their current posts and either edit or delete these posts... this is where i'm stuck.
the possible scenarios: user never entered an image with the original post, but then they edit and add an image. user is changing the image to a new image. user wants to remove the image from the original post and just show no image. user never entered image, edits the info, but still leaves image blank.
my code for the update post page (it does not remove the current file, if any, from my dir... it will; however, properly update the image file if an image is added... if text is changed, then nothing happens and the update form will not process...
any suggestions? thank you!
Code: Select all
// define a constant for the maximum upload size
define ('MAX_FILE_SIZE', 51200);
// define constant for upload folder
$uploadDIR = "/home/me/domains/mysite.com/public_html/upload";
// Grab the file extension
$ext = substr(strrchr($_FILES['image_data']['name'], '.'), 1);
// Generate a unique 8 character string
$filename = substr(sha1($_FILES['image_data']['name']), 0, 8);
// Ammend the timestamp and extension onto the string
$filename .= time() . '.' .$ext;
// Temporary Variable
$fileTemp = $_FILES['image_data']['tmp_name'];
// convert the maximum size to KB
$max = number_format(MAX_FILE_SIZE/1024, 1).'KB';
$filetypes = array($_FILES["image_data"]["type"] == "image/gif",
($_FILES["image_data"]["type"] == "image/jpeg"),
($_FILES["image_data"]["type"] == "image/pjpeg"),
($_FILES["image_data"]["type"] == "image/png" ));
if(!in_array($_FILES['image_data']['type'], $filetypes)) {
// Invalid filetype, add an error
$error[] = 'File must be either a gif, jpeg, pjpeg or png';
}
// Check the file size isn't more than the limit (6.2mb)
if($_FILES['image_type']['size'] > MAX_FILE_SIZE) {
// Size too large, add an error
$error[] = 'Files must be less than ' . MAX_FILE_SIZE . 'KB';
}
// If there are no errors then proceed
if(!$error) {
$username = $_SESSION['MM_Username'];
ini_set('date.timezone','America/Los Angeles');
$now = date('Y-m-d-His');
$emptyOK = false;
if (empty($filename) && empty($_FILES['image_data']['type'])) {
$emptyOK = true;
}
if (!empty($filename) && !empty($_FILES['image_data']['type'])) {
if (!is_dir("$uploadDIR/$username")) {
mkdir("$uploadDIR/$username", 0777, true);
}
// Generate Safe INSERT query
$updateSQL = sprintf("UPDATE postingTable SET post_title=%s, product_name=%s, user_id=%s, buy_or_share=%s, category_name=%s, image_data=%s, image_type=%s WHERE post_id=%s",
GetSQLValueString($_POST['post_title'], "text"),
GetSQLValueString($_POST['product_name'], "text"),
GetSQLValueString($_POST['user_id'], "int"),
GetSQLValueString($_POST['buy_or_share'], "text"),
GetSQLValueString($_POST['category_name'], "text"),
GetSQLValueString($filename, "text"),
GetSQLValueString($_FILES['image_data']['type'], "text"),
GetSQLValueString($_POST['post_id'], "int"));
mysql_select_db($database_connUser, $connUser);
$Result1 = mysql_query($updateSQL, $connUser) or die(mysql_error());
$updateGoTo = "userprofile.php";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
if (!file_exists("$uploadDIR/$username/$filename")) {
move_uploaded_file($fileTemp, "$uploadDIR/$username/$filename");
} else {
mkdir("$uploadDIR/$username/$now");
move_uploaded_file($fileTemp, "$uploadDIR/$username/$now/$filename");
}
header(sprintf("Location: %s", $updateGoTo));
}
}
}