Hello,

I am trying to input pictures in student profile yet it doesn't work yet. I wonder why?

studentinfo.php

<?php

    include('includes/koneksi.php');

    $student_id = isset($_GET['student_id']) ? $_GET['student_id'] : '';  
    $group_id = isset($_POST['group_id']) ? $_POST['group_id'] : ''; 
    $access_level_id = isset($_POST['access_level_id']) ? $_POST['access_level_id'] : '';  
    $stu_fname = isset($_POST['stu_fname']) ? $_POST['stu_fname'] : '';  
    $stu_lname = isset($_POST['stu_fname']) ? $_POST['stu_lname'] : '';
    $stu_email = isset($_POST['stu_email']) ? $_POST['stu_email'] : ''; 
    $stu_address = isset($_POST['stu_address']) ? $_POST['stu_address'] : ''; 
    $stu_telp = isset($_POST['stu_telp']) ? $_POST['stu_telp'] : '';
    $stu_hp = isset($_POST['stu_hp']) ? $_POST['stu_hp'] : ''; 
    $stu_wa = isset($_POST['stu_wa']) ? $_POST['stu_wa'] : '';
    $stu_skype = isset($_POST['stu_skype']) ? $_POST['stu_skype'] : '';
    $stu_facebook = isset($_POST['stu_facebook']) ? $_POST['stu_facebook'] : '';
    $stu_twitter = isset($_POST['stu_twitter']) ? $_POST['stu_twitter'] : '';
    $confirmation = isset($_POST['confirmation']) ? $_POST['confirmation'] : '';
    $confirmation2 = isset($_POST['confirmation2']) ? $_POST['confirmation2'] : '';
    $newfilename = isset($_POST['file']) ? $_POST['file'] : '';

    //Simpan student profile 
    if (isset($_POST['ok'])){

        //echo "Check what's inside files : ".$_FILES['file'];

        if (empty($_GET['student_id']))
            {

            // Picture Upload

            $allowedExts = array("gif", "jpeg", "jpg", "png");
            $temp = explode(".", $_FILES["file"]["name"]);
            $extension = end($temp);

            if ((($_FILES["file"]["type"] == "image/gif")
            || ($_FILES["file"]["type"] == "image/jpeg")
            || ($_FILES["file"]["type"] == "image/jpg")
            || ($_FILES["file"]["type"] == "image/pjpeg")
            || ($_FILES["file"]["type"] == "image/x-png")
            || ($_FILES["file"]["type"] == "image/png"))
            && ($_FILES["file"]["size"] < 41943040)  //40MB
            && in_array($extension, $allowedExts)) {
            if ($_FILES["file"]["error"] > 0) {
                echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
            } else {
                echo "Successfully upload pictures";
                //echo "Upload: " . $_FILES["file"]["name"] . "<br>";
                //echo "Type: " . $_FILES["file"]["type"] . "<br>";
                //echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
                //echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
            if (file_exists("upload/" . $_FILES["file"]["name"]))
            {

            $filename = $_FILES["file"]["name"];
            $i = (rand());
            $ii = (rand());
            $iii = (rand());
            $newfilename = $ii.$iii.$i.$filename;

            //echo $_FILES["file"]["name"] . " new file name is $newfilename. ";
            } else {

            $filename = $_FILES["file"]["name"];
            $i = (rand());
            $newfilename = $i.$filename;



            move_uploaded_file($_FILES["file"]["tmp_name"],
            "../upload/" . $newfilename);
            //echo "Stored in: " . "upload/" . $newfilename;
            }
            }
            } else {
                echo "No picture Uploaded";
            }

            $filename = $_FILES["file"]["name"];


            $username = substr($stu_fname, 0, 1).$stu_lname;
            $username = strtolower($username);

            // default password for new student
            $encrypteddefaultpassword = MD5('squprime');

            $sqlstr = "INSERT INTO student(group_id, access_level_id, newfilename, filename, stu_username, stu_password, stu_fname, stu_lname, stu_email, stu_address, stu_telp, stu_hp, stu_wa, stu_skype, stu_facebook, stu_twitter) VALUES('".$group_id."','".$access_level_id."' , '".$newfilename."', '".$filename."', '".$username."', '".$encrypteddefaultpassword."', '".$stu_fname."','".$stu_lname."', '".$stu_email."', '".$stu_address."','".$stu_telp."','".$stu_hp."','".$stu_wa."','".$stu_skype."','".$stu_facebook."','".$stu_twitter."')";

            $studentidResult = mysql_query("SELECT student_id FROM student ORDER BY student_id DESC") or die(mysql_error());
            $dataid = mysql_fetch_array($studentidResult);
            $student_id = $dataid['student_id'];            

            $sqlstr2 = "INSERT INTO study_report(group_id, student_id, stu_fname, stu_lname) VALUES('".$group_id."', '".$student_id."', '".$stu_fname."','".$stu_lname."')";

            }
        else
        {   

            // Picture Upload 

            $allowedExts = array("gif", "jpeg", "jpg", "png");
            $temp = explode(".", $_FILES["file"]["name"]);
            $extension = end($temp);

            if ((($_FILES["file"]["type"] == "image/gif")
            || ($_FILES["file"]["type"] == "image/jpeg")
            || ($_FILES["file"]["type"] == "image/jpg")
            || ($_FILES["file"]["type"] == "image/pjpeg")
            || ($_FILES["file"]["type"] == "image/x-png")
            || ($_FILES["file"]["type"] == "image/png"))
            && ($_FILES["file"]["size"] < 41943040)  //40MB
            && in_array($extension, $allowedExts)) {
            if ($_FILES["file"]["error"] > 0) {
                echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
            } else {
                //echo "Successfully upload pictures";
                //echo "Upload: " . $_FILES["file"]["name"] . "<br>";
                //echo "Type: " . $_FILES["file"]["type"] . "<br>";
                //echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
                //echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
            if (file_exists("upload/" . $_FILES["file"]["name"]))
            {

            $filename = $_FILES["file"]["name"];
            $i = (rand());
            $ii = (rand());
            $iii = (rand());
            $newfilename = $ii.$iii.$i.$filename;

            //echo $_FILES["file"]["name"] . " new file name is $newfilename. ";
            } else {

            $filename = $_FILES["file"]["name"];
            $i = (rand());
            $newfilename = $i.$filename;



            move_uploaded_file($_FILES["file"]["tmp_name"],
            "../upload/" . $newfilename);
            //echo "Stored in: " . "upload/" . $newfilename;
            }
            }
            } else {
                echo "No picture uploaded";
            }

            $filename = $_FILES["file"]["name"];

            $username = substr($stu_fname, 0, 1).$stu_lname;
            $username = strtolower($username);

            $student_id = $_REQUEST['student_id'];

            // Query to get student picture filename
            $result = mysql_query("SELECT newfilename FROM student WHERE student_id =".$student_id) or die(mysql_error());
            $data1 = mysql_fetch_assoc($result);
            $pic_filename = $data1['newfilename'];

            if($result){
                unlink('../upload/'.$pic_filename);
            }

            $sqlstr = "UPDATE `student` SET group_id='".$group_id."', access_level_id='".$access_level_id."', newfilename='".$newfilename."', filename='".$filename."', stu_username='".$username."', stu_fname='".$stu_fname."', stu_lname='".$stu_lname."', stu_email='".$stu_email."', stu_address='".$stu_address."', stu_telp='".$stu_telp."', stu_hp='".$stu_hp."', stu_wa='".$stu_wa."', stu_skype='".$stu_skype."', stu_facebook='".$stu_facebook."', stu_twitter='".$stu_twitter."' WHERE student_id=".$_GET['student_id'];

            $sqlstr2 = "UPDATE `study_report` SET group_id='".$group_id."', stu_fname='".$stu_fname."', stu_lname='".$stu_lname."' WHERE student_id='".$_GET['student_id']."'";

        }

        $result = mysql_query($sqlstr) or die(mysql_error());
        $result2 = mysql_query($sqlstr2) or die(mysql_error());

        //Jika mode edit, maka tidak akan dikirimkan konfirmasi kepada subscriber
        //if (empty($_REQUEST['id']))   kirimEmail($idKategori, $judul, $news);
        $confirmation = ($result) ? "Data has been saved." : "Fail to save data.";
        //$confirmation2 = ($result2) ? "Study Report Data has been saved." : "Fail to save study report data.";
    }

        //Load Student Profile
    if (!empty($_GET['student_id'])){
        $result = mysql_query("SELECT * FROM student WHERE student_id =".$_GET['student_id']) or die(mysql_error());
        $data = mysql_fetch_array($result);
        $student_id = $data['student_id'];
        $stu_fname = $data['stu_fname'];
        $stu_lname = $data['stu_lname'];
        $stu_email = $data['stu_email'];
        $stu_address = $data['stu_address'];
        $stu_telp = $data['stu_telp'];
        $stu_hp = $data['stu_hp'];
        $stu_wa = $data['stu_wa'];
        $stu_skype = $data['stu_skype'];
        $stu_facebook = $data['stu_facebook'];
        $stu_twitter = $data['stu_twitter'];
        $stu_picture = $data['stu_picture'];
        $newfilename = $data['newfilename'];
        $access_level_id = $data['access_level_id'];
    }
    else {
    //echo "unable to select data".'<br>';
    //echo "student_id is empty";
    }
    ?>
    <div align="center">
        <div style="width:800px;text-align:left;">
        <?php echo $confirmation;?>
        <?php //echo $confirmation2;?>
        <form method="post" action="<?php echo $_SERVER['PHP_SELF'] .'?student_id='. $student_id;?>" enctype="multipart/form-data">
            <!-- <input type="hidden" name="id" value="<?php// echo $id; ?>"/>-->
            <table>
                <tr>
                    <td>Student Picture</td>              
                    <td>
                    <?php echo "<img src='../upload/".$newfilename."'>"; ?><br>
                    <input type="file" value="upload" name="file"/><br><br>
                    </td>
                </tr>
                <tr>
                    <td>Group Name</td>               
                    <td>
                    <?php

                    $rs = mysql_query("SELECT * FROM `group`") or die(mysql_error());                   
                    echo "<select name='group_id'>";
                    while($data = mysql_fetch_array($rs)){
                        echo "<option value='".$data['group_id']."'>".$data['group_name']."</option>";
                        }
                    echo "</select>";

                    ?>
                    </td>
                </tr>
                <tr>
                    <td>Access</td>               
                    <td>
                        <?php
                            echo '<select name="access_level_id">';
                            echo '<option value="3" ';
                            if($access_level_id=="3"){echo 'selected="selected" ';}
                            echo '>Student</option>';
                            echo '<option value="4" ';
                            if($access_level_id=="4"){echo 'selected="selected" ';}
                            echo '>Student Group Master</option>';
                            echo '</select>'; 
                        ?>
                    </td>
                </tr>
                <tr>
                    <td>First Name</td>               
                    <td><input type="text" size="50px" name="stu_fname" value="<?php echo $stu_fname; ?>"></td>
                </tr>
                <tr>
                    <td>Last Name</td>                
                    <td><input type="text" size="50px" name="stu_lname" value="<?php echo $stu_lname; ?>"></td>
                </tr>
                <tr>
                    <td>Email</td>                
                    <td><input type="text" size="50px" name="stu_email" value="<?php echo $stu_email; ?>"></td>
                </tr>
                <tr>
                    <td>Student Address</td>
                    <td><input type="text" size="50px" name="stu_address" value="<?php echo $stu_address; ?>"/></td>
                </tr>
                <tr>
                    <td>Student Telp</td>
                    <td><input type="text" size="30px" name="stu_telp" value="<?php echo $stu_telp; ?>"/></td>
                </tr>
                <tr>
                    <td>Student Hp</td>
                    <td><input type="text" size="30px" name="stu_hp" value="<?php echo $stu_hp; ?>"/></td>
                </tr>
                <tr>
                    <td>Whatsapp</td>
                    <td><input type="text" size="50px" name="stu_wa" value="<?php echo $stu_wa; ?>"/></td>
                </tr>
                <tr>
                    <td>Skype</td>
                    <td><input type="text" size="50px" name="stu_skype" value="<?php echo $stu_skype; ?>"/></td>
                </tr>
                <tr>
                    <td>Facebook</td>
                    <td><input type="text" size="50px" name="stu_facebook" value="<?php echo $stu_facebook; ?>"/></td>
                </tr>
                <tr>
                    <td>Twitter</td>
                    <td><input type="text" size="50px" name="stu_twitter" value="<?php echo $stu_twitter; ?>"/></td>
                </tr>
                <tr>             
                    <td></td>
                    <td><br><input type="submit" name="ok" value="Save" class="abutton"/></td>

                    <?php
                    //$username = substr($stu_fname, 0, 1).$stu_lname;
                    //echo strtolower($username);
                    ?>

                </tr>
            </table>
        </form>
        </div>
    </div>
</div>

Nevermind, it now works, I just do not how to limit the picture size so that the picture is not too large.

You can easily do this with the temporary file using the getimagesize() function

$image_info = getimagesize($_FILES["file"]["name"]);
$image_width = $image_info[0];
$image_height = $image_info[1];

The easiest way is to take the above, and use an IF statement to check it with whatever limit you want. For example:

if($image_width > 30)
{
    echo "Image too big";
    exit();
}

The other, cleverer, option, is to resize the image yourself upon upload. Take a look at this tutorial if you are interested. As I say, this is a bit more complicated though.

okay,

I'll try this:

I wonder why after pressing "Save" button I started being carried to the next page (a blank page with this url: http://localhost/SquprimeRevise/administrator/admin/%3Cbr%20/%3E%3Cb%3ENotice%3C/b%3E:%20%20Undefined%20variable:%20image_id%20in%20%3Cb%3EC:%5Cxampp%5Chtdocs%5CSquprimeRevise%5Cadministrator%5Cadmin%5Cupdate_image2.php%3C/b%3E%20on%20line%20%3Cb%3E274%3C/b%3E%3Cbr%20/%3E/SquprimeRevise/administrator/admin/update_image2.php?image_id=).

The initial url is: http://localhost/SquprimeRevise/administrator/admin/update_image2.php?image_id=1

update_image2.php

        <?php

        include('includes/koneksi.php');    

        Location:
        echo '<div id="location"><b>Location: <input type="text" size="50px" name="location" value="300 x 300" disabled></b></div>';


        ?><br><br>
        </div>

        <?php            

        if(isset($_POST['ok'])){


        if (empty($_GET['image_id']))
            {

            // Picture Upload

            $allowedExts = array("gif", "jpeg", "jpg", "png");
            $temp = explode(".", $_FILES["file"]["name"]);

            $image_info = getimagesize($_FILES["file"]["name"]);
            $image_width = $image_info[0];
            $image_height = $image_info[1];

            $extension = end($temp);

            if ((($_FILES["file"]["type"] == "image/gif")
            || ($_FILES["file"]["type"] == "image/jpeg")
            || ($_FILES["file"]["type"] == "image/jpg")
            || ($_FILES["file"]["type"] == "image/pjpeg")
            || ($_FILES["file"]["type"] == "image/x-png")
            || ($_FILES["file"]["type"] == "image/png"))
            && ($_FILES["file"]["size"] < 41943040)  //40MB
            && in_array($extension, $allowedExts)) {
            if ($_FILES["file"]["error"] > 0) {
                echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
            } else {
                echo "Successfully upload pictures";
                //echo "Upload: " . $_FILES["file"]["name"] . "<br>";
                //echo "Type: " . $_FILES["file"]["type"] . "<br>";
                //echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
                //echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
            if (file_exists("upload/" . $_FILES["file"]["name"]))
            {

            $filename = $_FILES["file"]["name"];
            $i = (rand());
            $ii = (rand());
            $iii = (rand());
            $newfilename = $ii.$iii.$i.$filename;

            //echo $_FILES["file"]["name"] . " new file name is $newfilename. ";
            } else {

            $filename = $_FILES["file"]["name"];
            $i = (rand());
            $newfilename = $i.$filename;



            move_uploaded_file($_FILES["file"]["tmp_name"],
            "../upload/" . $newfilename);
            //echo "Stored in: " . "upload/" . $newfilename;
            }
            }
            } else {
                echo "No picture Uploaded";
            }

            $filename = $_FILES["file"]["name"];


            $username = substr($stu_fname, 0, 1).$stu_lname;
            $username = strtolower($username);

            // default password for new student
            $encrypteddefaultpassword = MD5('squprime');

            $sqlstr = "INSERT INTO image_upload(image_id, image, location) VALUES('".$image_id."','".$image."' , '".$location."')";

            if($image_width > 300 or $image_height > 300)
                {
                echo "Image is too big";
                exit();
                }       

            }
        else
        {   

            // Picture Upload 

            $allowedExts = array("gif", "jpeg", "jpg", "png");
            $temp = explode(".", $_FILES["file"]["name"]);
            $extension = end($temp);

            if ((($_FILES["file"]["type"] == "image/gif")
            || ($_FILES["file"]["type"] == "image/jpeg")
            || ($_FILES["file"]["type"] == "image/jpg")
            || ($_FILES["file"]["type"] == "image/pjpeg")
            || ($_FILES["file"]["type"] == "image/x-png")
            || ($_FILES["file"]["type"] == "image/png"))
            && ($_FILES["file"]["size"] < 41943040)  //40MB
            && in_array($extension, $allowedExts)) {
            if ($_FILES["file"]["error"] > 0) {
                echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
            } else {
                //echo "Successfully upload pictures";
                //echo "Upload: " . $_FILES["file"]["name"] . "<br>";
                //echo "Type: " . $_FILES["file"]["type"] . "<br>";
                //echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
                //echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
            if (file_exists("upload/" . $_FILES["file"]["name"]))
            {

            $filename = $_FILES["file"]["name"];
            $i = (rand());
            $ii = (rand());
            $iii = (rand());
            $newfilename = $ii.$iii.$i.$filename;

            //echo $_FILES["file"]["name"] . " new file name is $newfilename. ";
            } else {

            $filename = $_FILES["file"]["name"];
            $i = (rand());
            $newfilename = $i.$filename;



            move_uploaded_file($_FILES["file"]["tmp_name"],
            "../upload/" . $newfilename);
            //echo "Stored in: " . "upload/" . $newfilename;
            }
            }
            } else {
                echo "No picture uploaded";
            }

            $filename = $_FILES["file"]["name"];

            $username = substr($stu_fname, 0, 1).$stu_lname;
            $username = strtolower($username);

            $image_id = $_REQUEST['image_id'];

            // Query to get student picture filename
            $result = mysql_query("SELECT image FROM image_upload WHERE image_id =".$image_id) or die(mysql_error());
            $data1 = mysql_fetch_assoc($result);
            $pic_filename = $data1['newfilename'];

            if($result){
                unlink('../upload/'.$pic_filename);
            }

            $sqlstr = "UPDATE `image_upload` SET image_id='".$image_id."', image='".$image."', location='".$location."'";

        }

        $result = mysql_query($sqlstr) or die(mysql_error());
        $result2 = mysql_query($sqlstr2) or die(mysql_error());

        //Jika mode edit, maka tidak akan dikirimkan konfirmasi kepada subscriber
        //if (empty($_REQUEST['id']))   kirimEmail($idKategori, $judul, $news);
        $confirmation = ($result) ? "Data has been saved." : "Fail to save data.";



        }


        ?>  

Notice: Undefined variable: image_id in update_image2.php

Means exactly that. There is no $image_id either being defined or assigned. So this might mean that there is no $_GET or $_POST called image_id, or the bit of your code used to provide the form action (which we can't see) is being referenced wrong.

Start by confirming update_images.php is being loaded with image_id data included somewhere (get method in url or post in forms).

I still do not understand how to fix it. What should I add or substract in my code?

update_image2.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Squprime</title>

<!-- CSS -->
<link href="style/css/transdmin.css" rel="stylesheet" type="text/css" media="screen" />
<!--[if IE 6]><link rel="stylesheet" type="text/css" media="screen" href="style/css/ie6.css" /><![endif]-->
<!--[if IE 7]><link rel="stylesheet" type="text/css" media="screen" href="style/css/ie7.css" /><![endif]-->

<!-- JavaScripts-->
<script type="text/javascript" src="style/js/jquery.js"></script>
<script type="text/javascript" src="style/js/jNice.js"></script>
</head>

<body>
    <div id="wrapper">
        <!-- h1 tag stays for the logo, you can use the a tag for linking the index page -->
        <h1><a href="#"><span>Transdmin Light</span></a></h1>
        <img src="images/logo2.png" height="70px" style="margin: -45px 0 0 -180px; position: absolute;"><br><!--<img src="images/admin.png" height="60px" style="margin: -20px 0 0 430px">--><br><br>
        <!-- You can name the links with lowercase, they will be transformed to uppercase by CSS, we prefered to name them with uppercase to have the same effect with disabled stylesheet -->

        <?php include('top_nav.php'); ?>

        <!-- // #end mainNav -->

        <div id="containerHolder">
            <div id="container">
                <div id="sidebar">

                    <?php include("admin_nav.php"); ?>

                    <!-- // .sideNav -->
                </div>    
                <!-- // #sidebar -->

                <div style="margin: -10px 0 0 230px; width: 700px; position: absolute;">
                <!-- h2 stays for breadcrumbs -->
                <h2><a href="#">Dashboard</a> &raquo; <a href="#" class="active">Image Gallery</a></h2>
                </div>


                <!-- // #main -->



                <!-- Insert New -->

<div id="menu" style="margin: -80px 0 0 300px; position: absolute;">

      <p>&nbsp;</p>

<br><br><br><br><br><br><br><br><br><br><br><br>      

      <!-- begin extra -->

    <!-- begin styles -->
    <link href="css/styles.css" rel="stylesheet" type="text/css" media="all" /><!-- end styles -->

    <!-- begin javascript -->
    <script type="text/javascript" src="js/ajax.js"></script><!-- end javascript -->


  <body>

   <!-- begin logo -->
   <!--<a href="http://demo.zmeutz.com/image_upload/" class="logo"></a><!-- end logo -->

    <!-- begin content -->
    <div id="content" class="corners">

      <!-- begin form -->
      <form action="upload.php" method="post" name="image_upload" id="image_upload" enctype="multipart/form-data">

        <div style="margin-left: -100px;">
        <?php

        include('includes/koneksi.php');    

        Location:
        echo '<div id="location"><b>Location: <input type="text" size="50px" name="location" value="300 x 300" disabled></b></div>';


        ?><br><br>
        </div>

        <?php            

        if(isset($_POST['ok'])){


        if (empty($_GET['image_id']))
            {

            // Picture Upload

            $allowedExts = array("gif", "jpeg", "jpg", "png");
            $temp = explode(".", $_FILES["file"]["name"]);

            $image_info = getimagesize($_FILES["file"]["name"]);
            $image_width = $image_info[0];
            $image_height = $image_info[1];

            $extension = end($temp);

            if ((($_FILES["file"]["type"] == "image/gif")
            || ($_FILES["file"]["type"] == "image/jpeg")
            || ($_FILES["file"]["type"] == "image/jpg")
            || ($_FILES["file"]["type"] == "image/pjpeg")
            || ($_FILES["file"]["type"] == "image/x-png")
            || ($_FILES["file"]["type"] == "image/png"))
            && ($_FILES["file"]["size"] < 41943040)  //40MB
            && in_array($extension, $allowedExts)) {
            if ($_FILES["file"]["error"] > 0) {
                echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
            } else {
                echo "Successfully upload pictures";
                //echo "Upload: " . $_FILES["file"]["name"] . "<br>";
                //echo "Type: " . $_FILES["file"]["type"] . "<br>";
                //echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
                //echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
            if (file_exists("upload/" . $_FILES["file"]["name"]))
            {

            $filename = $_FILES["file"]["name"];
            $i = (rand());
            $ii = (rand());
            $iii = (rand());
            $newfilename = $ii.$iii.$i.$filename;

            //echo $_FILES["file"]["name"] . " new file name is $newfilename. ";
            } else {

            $filename = $_FILES["file"]["name"];
            $i = (rand());
            $newfilename = $i.$filename;



            move_uploaded_file($_FILES["file"]["tmp_name"],
            "../upload/" . $newfilename);
            //echo "Stored in: " . "upload/" . $newfilename;
            }
            }
            } else {
                echo "No picture Uploaded";
            }

            $filename = $_FILES["file"]["name"];


            $username = substr($stu_fname, 0, 1).$stu_lname;
            $username = strtolower($username);

            // default password for new student
            $encrypteddefaultpassword = MD5('squprime');

            $sqlstr = "INSERT INTO image_upload(image_id, image, location) VALUES('".$image_id."','".$image."' , '".$location."')";

            if($image_width > 300 or $image_height > 300)
                {
                echo "Image is too big";
                exit();
                }       

            }
        else
        {   

            // Picture Upload 

            $allowedExts = array("gif", "jpeg", "jpg", "png");
            $temp = explode(".", $_FILES["file"]["name"]);
            $extension = end($temp);

            if ((($_FILES["file"]["type"] == "image/gif")
            || ($_FILES["file"]["type"] == "image/jpeg")
            || ($_FILES["file"]["type"] == "image/jpg")
            || ($_FILES["file"]["type"] == "image/pjpeg")
            || ($_FILES["file"]["type"] == "image/x-png")
            || ($_FILES["file"]["type"] == "image/png"))
            && ($_FILES["file"]["size"] < 41943040)  //40MB
            && in_array($extension, $allowedExts)) {
            if ($_FILES["file"]["error"] > 0) {
                echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
            } else {
                //echo "Successfully upload pictures";
                //echo "Upload: " . $_FILES["file"]["name"] . "<br>";
                //echo "Type: " . $_FILES["file"]["type"] . "<br>";
                //echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
                //echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
            if (file_exists("upload/" . $_FILES["file"]["name"]))
            {

            $filename = $_FILES["file"]["name"];
            $i = (rand());
            $ii = (rand());
            $iii = (rand());
            $newfilename = $ii.$iii.$i.$filename;

            //echo $_FILES["file"]["name"] . " new file name is $newfilename. ";
            } else {

            $filename = $_FILES["file"]["name"];
            $i = (rand());
            $newfilename = $i.$filename;



            move_uploaded_file($_FILES["file"]["tmp_name"],
            "../upload/" . $newfilename);
            //echo "Stored in: " . "upload/" . $newfilename;
            }
            }
            } else {
                echo "No picture uploaded";
            }

            $filename = $_FILES["file"]["name"];

            $username = substr($stu_fname, 0, 1).$stu_lname;
            $username = strtolower($username);

            $image_id = $_REQUEST['image_id'];

            // Query to get student picture filename
            $result = mysql_query("SELECT image FROM image_upload WHERE image_id =".$image_id) or die(mysql_error());
            $data1 = mysql_fetch_assoc($result);
            $pic_filename = $data1['newfilename'];

            if($result){
                unlink('../upload/'.$pic_filename);
            }

            $sqlstr = "UPDATE `image_upload` SET image_id='".$image_id."', image='".$image."', location='".$location."'";

        }

        $result = mysql_query($sqlstr) or die(mysql_error());
        $result2 = mysql_query($sqlstr2) or die(mysql_error());

        //Jika mode edit, maka tidak akan dikirimkan konfirmasi kepada subscriber
        //if (empty($_REQUEST['id']))   kirimEmail($idKategori, $judul, $news);
        $confirmation = ($result) ? "Data has been saved." : "Fail to save data.";



        }


        ?>          

     </form><!-- end form -->

    </div><!-- end content -->
  </body>

  <!-- end extra --> 



<br><br><br><br>    

                <?php
                //LOAD IMAGE TABLE

                $result = mysql_query("SELECT image FROM image_upload WHERE image_id='".$_GET['image_id']."'") or die(mysql_error());

                $data = mysql_fetch_array($result);

                ?>

                <form method="post" action="<?php echo $_SERVER['PHP_SELF'] .'?image_id='. $image_id;?>" enctype="multipart/form-data">

                            <?php

                            echo '<div id="updateimage"><img src="images/'.$data['image'].'" height="250px"></updateimage>';

                            echo '<br><br><br>.<input type="file" value="upload" name="file"/><br><br>';

                            ?>

                <td><br><input type="submit" name="ok" value="Save" class="abutton"/></td>

                </form>

<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>



<p>&nbsp;</p>

</body>
</div>


                <!-- End Insert -->  

                <div class="clear"></div>
            </div>
            <!-- // #container -->
        </div>   
        <!-- // #containerHolder -->

        <p id="footer"></p>
    </div>
    <!-- // #wrapper -->
</body>
</html>
Member Avatar for iamthwee

Davy you could really benefit from using a php framework... Look how easy it is in codeigniter to upload a file.

https://ellislab.com/codeigniter/user-guide/libraries/file_uploading.html

The small cost it would take to get started to far outweigh the cons in the long run.

Just looking at your code make me cringe... All those sql queries concatenated with '.' sometimes failing to to use mysql_real_escape(), still using mysql instead of mysqli... the list goes on.

I should be moving to use PDO later on. I only know basic CI. It will be future plan for me to deepen my knowledge of CI.

As of now, I just need to get this project done - it's 95% done.

Therefore, to keep it consistent with the previous code - I use pure PHP.

I use pure PHP.

Mangled in with HTML. I completely agree with @iamthwee, your future projects would seriously benefit from some sort of framework.

IF you are doing this for someone else, it's in the worlds interests that your script will be safe (for clients and visitors alike), and by having such massive security holes is just asking for it.

CodeIgniter (or any other framework) will take so little time to learn, but the lives it saves through protecting code and maximising efficiency. If I were you, it's not just for ease of coding we're suggesting this, but for serious practical reasons as well.

commented: agree +14
Member Avatar for diafol

Frameworks are a matter of preference. In order to use one, you have to be able to understand php to a reasonable level. I'm not sure that this is appropriate here. Anyhow a few thoughts on the last code post by davy...

Do you need to use XHTML, why not use HTML5?

<!DOCTYPE HTML>
<html>

A reason for <br>? Don't use <br> for spacing, use CSS. Also I don't understand the need for inline styling - shove it into the CSS file. Maintaining styling and layout in two different locations (css files and html/php files) makes no sense to me.

<img src="images/logo2.png" height="70px" style="margin: -45px 0 0 -180px; position: absolute;"><br><!--<img src="images/admin.png" height="60px" style="margin: -20px 0 0 430px">--><br><br>

You have poor indenting of markup up to the menu section - I suggest you tidy it up.

The menu section again contain inline styling, poor indenting and mad use of <br>. In addition, for some reason a css file is slapped in here too - it should go in the head section. Also a js file is randomly placed here. Place in either in the head section or right at the end of the file, just before the </body> tag

<div id="menu" style="margin: -80px 0 0 300px; position: absolute;">
      <p> </p>
<br><br><br><br><br><br><br><br><br><br><br><br>      
      <!-- begin extra -->
    <!-- begin styles -->
    <link href="css/styles.css" rel="stylesheet" type="text/css" media="all" /><!-- end styles -->
    <!-- begin javascript -->
    <script type="text/javascript" src="js/ajax.js"></script><!-- end javascript -->
  <body>

Inline styling:

    <div style="margin-left: -100px;">

'Location:' within PHP code?? This will trhow an error surely? Comment it out.
Why using php to echo static text? There is no variable part to this string - it is pure markup.
Again you use <br> to space.

    <?php
    include('includes/koneksi.php');    

    Location:
    echo '<div id="location"><b>Location: <input type="text" size="50px" name="location" value="300 x 300" disabled></b></div>';
    ?><br><br>
    </div>

Poor indenting of code:

<?php            
if(isset($_POST['ok'])){
if (empty($_GET['image_id']))
   {

NEVER use explode to get the extension use pathinfo().

// Picture Upload
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$image_info = getimagesize($_FILES["file"]["name"]);
$image_width = $image_info[0];
$image_height = $image_info[1];
$extension = end($temp);

Like this:

$extension = pathinfo($_FILES["file"]["name"],PATHINFO_EXTENSION);

Your randomizer is not recommended:

$filename = $_FILES["file"]["name"];
$i = (rand());
$ii = (rand());
$iii = (rand());
$newfilename = $ii.$iii.$i.$filename;

And:

$filename = $_FILES["file"]["name"];
$i = (rand());
$newfilename = $i.$filename;
move_uploaded_file($_FILES["file"]["tmp_name"],
"../upload/" . $newfilename);

There are far better ways to create a random filename.
What even happens here? There doesn't seem to be any point to the first conditional branch:

if (file_exists("upload/" . $_FILES["file"]["name"]))
{
$filename = $_FILES["file"]["name"];
$i = (rand());
$ii = (rand());
$iii = (rand());
$newfilename = $ii.$iii.$i.$filename;
//echo $_FILES["file"]["name"] . " new file name is $newfilename. ";
} else {
$filename = $_FILES["file"]["name"];
$i = (rand());
$newfilename = $i.$filename;
move_uploaded_file($_FILES["file"]["tmp_name"],
"../upload/" . $newfilename);
//echo "Stored in: " . "upload/" . $newfilename;
}

A repeat of assigning $filename for some reason? Haven't you done this already?
Also you use $REQUEST - a common feature in most of your posts. We have advised you to
be specific ($_POST or $_GET) and have told you why many times in the past, yet you
persist. In addition, you are using substr() and strtolower() as oppsed to their
mb
* counterparts. This means that accented characters of non-latin characters
may not be processed correctly. Look this up.

$filename = $_FILES["file"]["name"];
$username = substr($stu_fname, 0, 1).$stu_lname;
$username = strtolower($username);
$image_id = $_REQUEST['image_id'];

As pointed out by others, mysql_* functions have been deprecated. Code for 2013 if you
want, but when it comes to mysql_* being DROPPED, you will rue the day.
You also use tainted input in the SQL, leaving yourself open to SQL injections - THIS IS
SERIOUS!!!! At least use mysql_real_escape_string().
I would also ensure that the UPDATE was successful before deleting the old file - check to
see if it was successful with something like mysql_insert_id().

// Query to get student picture filename
$result = mysql_query("SELECT image FROM image_upload WHERE image_id =".$image_id) or die(mysql_error());
$data1 = mysql_fetch_assoc($result);
$pic_filename = $data1['newfilename'];
if($result){
    unlink('../upload/'.$pic_filename);
}
$sqlstr = "UPDATE `image_upload` SET image_id='".$image_id."', image='".$image."', location='".$location."'";

Perhaps I missed it, but where is $sqlstr2?

$result = mysql_query($sqlstr) or die(mysql_error());
$result2 = mysql_query($sqlstr2) or die(mysql_error());
    //Jika mode edit, maka tidak akan dikirimkan konfirmasi kepada subscriber
    //if (empty($_REQUEST['id']))   kirimEmail($idKategori, $judul, $news);

All this PHP code is placed inside html markup. Why? This makes code maintanance extremely difficult.
This markup comes after the </body> tag:

<!-- end extra --> 
<br><br><br><br>    
(etc.)

OK, I'm getting really tired now...
Multiple <br>

<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>

And we have ANOTHER </body> tag to finish.

Those were the things that jumped out at me. There are probably many more.
To say this is a shoddy piece of markup/code would be putting it mildly. Please do not use this.

commented: agree +14

Thanks diafol.

From what you said, I try to revise my code :

update_image2.php

<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Squprime</title>

<!-- CSS -->
<link href="style/css/transdmin.css" rel="stylesheet" type="text/css" media="screen" />
<!--[if IE 6]><link rel="stylesheet" type="text/css" media="screen" href="style/css/ie6.css" /><![endif]-->
<!--[if IE 7]><link rel="stylesheet" type="text/css" media="screen" href="style/css/ie7.css" /><![endif]-->

<!-- JavaScripts-->
<script type="text/javascript" src="style/js/jquery.js"></script>
<script type="text/javascript" src="style/js/jNice.js"></script>
</head>

<body>
    <div id="wrapper">
        <!-- h1 tag stays for the logo, you can use the a tag for linking the index page -->
        <h1><a href="#"><span>Transdmin Light</span></a></h1>
        <img src="images/logo2.png" height="70px" style="margin: -45px 0 0 -180px; position: absolute;"><br><!--<img src="images/admin.png" height="60px" style="margin: -20px 0 0 430px">--><br><br>
        <!-- You can name the links with lowercase, they will be transformed to uppercase by CSS, we prefered to name them with uppercase to have the same effect with disabled stylesheet -->

        <?php include('top_nav.php'); ?>

        <!-- // #end mainNav -->

        <div id="containerHolder">
            <div id="container">
                <div id="sidebar">

                    <?php include("admin_nav.php"); ?>

                    <!-- // .sideNav -->
                </div>    
                <!-- // #sidebar -->

                <div style="margin: -10px 0 0 230px; width: 700px; position: absolute;">
                <!-- h2 stays for breadcrumbs -->
                <h2><a href="#">Dashboard</a> &raquo; <a href="#" class="active">Image Gallery</a></h2>
                </div>


                <!-- // #main -->



                <!-- Insert New -->

<div id="menu" style="margin: -80px 0 0 300px; position: absolute;">

      <p>&nbsp;</p>

<br><br><br><br><br><br><br><br><br><br><br><br>      

      <!-- begin extra -->

    <!-- begin styles -->
    <link href="css/styles.css" rel="stylesheet" type="text/css" media="all" /><!-- end styles -->

    <!-- begin javascript -->
    <script type="text/javascript" src="js/ajax.js"></script><!-- end javascript -->


  <body>

   <!-- begin logo -->
   <!--<a href="http://demo.zmeutz.com/image_upload/" class="logo"></a><!-- end logo -->

    <!-- begin content -->
    <div id="content" class="corners">

      <!-- begin form -->
      <form action="upload.php" method="post" name="image_upload" id="image_upload" enctype="multipart/form-data">

        <div style="margin-left: -100px;">
        <?php

        include('includes/koneksi.php');    

        echo '<div id="location"><b>Location: <input type="text" size="50px" name="location" value="300 x 300" disabled></b></div>';


        ?><br><br>
        </div>

        <?php            

        if(isset($_POST['ok'])){

            if (empty($_GET['image_id']))
                {

                // Picture Upload

                $allowedExts = array("gif", "jpeg", "jpg", "png");
                //$temp = explode(".", $_FILES["file"]["name"]);

                $image_info = getimagesize($_FILES["file"]["name"]);
                $image_width = $image_info[0];
                $image_height = $image_info[1];

                $extension = pathinfo($_FILES["file"]["name"],PATHINFO_EXTENSION);  
                //$extension = end($temp);

                if ((($_FILES["file"]["type"] == "image/gif")
                || ($_FILES["file"]["type"] == "image/jpeg")
                || ($_FILES["file"]["type"] == "image/jpg")
                || ($_FILES["file"]["type"] == "image/pjpeg")
                || ($_FILES["file"]["type"] == "image/x-png")
                || ($_FILES["file"]["type"] == "image/png"))
                && ($_FILES["file"]["size"] < 41943040)  //40MB
                && in_array($extension, $allowedExts)) {

                if ($_FILES["file"]["error"] > 0) {
                echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
                } else {
                echo "Successfully upload pictures";
                //echo "Upload: " . $_FILES["file"]["name"] . "<br>";
                //echo "Type: " . $_FILES["file"]["type"] . "<br>";
                //echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
                //echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
                if (file_exists("upload/" . $_FILES["file"]["name"]))
                    {

                    $filename = $_FILES["file"]["name"];
                    $i = (rand());
                    $ii = (rand());
                    $iii = (rand());
                    $newfilename = $ii.$iii.$i.$filename;

                    //echo $_FILES["file"]["name"] . " new file name is $newfilename. ";
                    } else {

                    $filename = $_FILES["file"]["name"];
                    $i = (rand());
                    $newfilename = $i.$filename;


                    move_uploaded_file($_FILES["file"]["tmp_name"],
                    "../upload/" . $newfilename);
                    //echo "Stored in: " . "upload/" . $newfilename;
                    }


                } 

                $filename = $_FILES["file"]["name"];


                $username = substr($stu_fname, 0, 1).$stu_lname;
                $username = strtolower($username);

                // default password for new student
                $encrypteddefaultpassword = MD5('squprime');

                // counter mysql injection
                $image_id = mysql_real_escape_string($image_id);
                $image = mysql_real_escape_string($image);
                $location = mysql_real_escape_string($location);

                $sqlstr = "INSERT INTO image_upload(image_id, image, location) VALUES('".$image_id."','".$image."' , '".$location."')";

                if($image_width > 300 or $image_height > 300)
                    {
                    echo "Image is too big";
                    exit();
                    }       
                }
            }
        else
        {   

            // Picture Upload 

            $allowedExts = array("gif", "jpeg", "jpg", "png");
            $temp = explode(".", $_FILES["file"]["name"]);
            $extension = end($temp);

            if ((($_FILES["file"]["type"] == "image/gif")
            || ($_FILES["file"]["type"] == "image/jpeg")
            || ($_FILES["file"]["type"] == "image/jpg")
            || ($_FILES["file"]["type"] == "image/pjpeg")
            || ($_FILES["file"]["type"] == "image/x-png")
            || ($_FILES["file"]["type"] == "image/png"))
            && ($_FILES["file"]["size"] < 41943040)  //40MB
            && in_array($extension, $allowedExts)) {
            if ($_FILES["file"]["error"] > 0) {
                echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
                } else {
                //echo "Successfully upload pictures";
                //echo "Upload: " . $_FILES["file"]["name"] . "<br>";
                //echo "Type: " . $_FILES["file"]["type"] . "<br>";
                //echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
                //echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
                if (file_exists("upload/" . $_FILES["file"]["name"]))
                {

                $filename = $_FILES["file"]["name"];
                $i = (rand());
                $ii = (rand());
                $iii = (rand());
                $newfilename = $ii.$iii.$i.$filename;

                //echo $_FILES["file"]["name"] . " new file name is $newfilename. ";
                } else {

                $filename = $_FILES["file"]["name"];
                $i = (rand());
                $newfilename = $i.$filename;

                move_uploaded_file($_FILES["file"]["tmp_name"],
                "../upload/" . $newfilename);
                //echo "Stored in: " . "upload/" . $newfilename;
                }
                }
            } else {
                echo "No picture uploaded";
            }

            //$filename = $_FILES["file"]["name"];

            //$username = substr($stu_fname, 0, 1).$stu_lname;
            //$username = strtolower($username);

            //$image_id = $_REQUEST['image_id'];

            // Query to get student picture filename
            $result = mysql_query("SELECT image FROM image_upload WHERE image_id =".$image_id) or die(mysql_error());
            $data1 = mysql_fetch_assoc($result);
            $pic_filename = $data1['newfilename'];

            if($result){
                unlink('../upload/'.$pic_filename);
            }

            $sqlstr = "UPDATE `image_upload` SET image_id='".$image_id."', image='".$image."', location='".$location."'";

        }

        $result = mysql_query($sqlstr) or die(mysql_error());

        //Jika mode edit, maka tidak akan dikirimkan konfirmasi kepada subscriber
        //if (empty($_REQUEST['id']))   kirimEmail($idKategori, $judul, $news);
        $confirmation = ($result) ? "Data has been saved." : "Fail to save data.";



        }


        ?>          

     </form><!-- end form -->

    </div><!-- end content -->
  </body>

  <!-- end extra --> 



<br><br><br><br>    

                <?php
                //LOAD IMAGE TABLE

                $result = mysql_query("SELECT image FROM image_upload WHERE image_id='".$_GET['image_id']."'") or die(mysql_error());

                $data = mysql_fetch_array($result);

                $image_id = $_GET['image_id'];

                ?>

                <form method="post" action="<?php echo $_SERVER['PHP_SELF'] .'?image_id='. $image_id;?>" enctype="multipart/form-data">

                            <?php

                            echo '<div id="updateimage"><img src="images/'.$data['image'].'" height="250px"></updateimage>';

                            echo '<br><br><br>.<input type="file" value="upload" name="file"/><br><br>';

                            ?>

                <td><br><input type="submit" name="ok" value="Save" class="abutton"/></td>

                </form>

<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>



<p>&nbsp;</p>

</body>
</div>


                <!-- End Insert -->  

                <div class="clear"></div>
            </div>
            <!-- // #container -->
        </div>   
        <!-- // #containerHolder -->

        <p id="footer"></p>
    </div>
    <!-- // #wrapper -->
</body>
</html>

I still being carried to this url after pressing saves: http://localhost/SquprimeRevise/administrator/admin/%3Cbr%20/%3E%3Cb%3ENotice%3C/b%3E:%20%20Undefined%20variable:%20image_id%20in%20%3Cb%3EC:%5Cxampp%5Chtdocs%5CSquprimeRevise%5Cadministrator%5Cadmin%5Cupdate_image2.php%3C/b%3E%20on%20line%20%3Cb%3E269%3C/b%3E%3Cbr%20/%3E/SquprimeRevise/administrator/admin/update_image2.php?image_id=

I still wonder how to fix it.

Member Avatar for iamthwee

Frameworks are a matter of preference. In order to use one, you have to be able to understand php to a reasonable level.

I agree, sometimes the OOP side of things can be confusing... But the sooner a person picks it up and start learning it, it will help them. And I've heard of people just following the tutorials and guide (which is excellent) without knowing PHP that well.

I'm not sure that this is appropriate here

Again this is subjective, as far as I can tell the OP is struggling with simple core concepts that a framework would resolve straight away and force him into good habits. The longer he waits, the more chance he will be used to writing bad code and as the project grows the harder it will be to migrate.

That being said I'm sure we've all started with vanilla php and mysql, we've all mixed html and php and sometimes forgot to escape our sql queries and not secured certain pages with sessions.

Since picking up codeigniter I doubt I will ever begin a new project without it now. I feel it has helped me separate my php and html properly, and it is easier to read.

Member Avatar for diafol

Trouble is if you learn a framework and not PHP to any reasonable level, what good are you as a coder? What do you do when something doesn't work? You don't understand the language well enough to be able to see glaring issues.

the OP is struggling with simple core concepts that a framework would resolve straight away and force him into good habits

I disagree. Following a set method in a single framework won't make him a better coder or develop core concepts IMHO. Just like my javascript skills have not improved due to an over-reliance on jQuery.

Member Avatar for diafol

@davy.

There are still issues with your markup/code , e.g. double body tags, js files swanning around in the middle of the markup...

I remove the double body tags. and I think I choose to leave the js files in the middle as to distinguish that it is a special file that I insert so that I wouldn't mix it up with the original file.

Anyway, I receive this error:

Warning: unlink(../upload/): Permission denied in C:\xampp\htdocs\SquprimeRevise\administrator\admin\update_image2.php on line 233

Notice: Undefined variable: image in C:\xampp\htdocs\SquprimeRevise\administrator\admin\update_image2.php on line 236

Notice: Undefined variable: location in C:\xampp\htdocs\SquprimeRevise\administrator\admin\update_image2.php on line 236
Duplicate entry '1' for key 'PRIMARY'

update_image2.php

if($result){
                unlink('../upload/'.$pic_filename);
            }

            $sqlstr = "UPDATE `image_upload` SET image_id='".$image_id."', image='".$image."', location='".$location."'";
Member Avatar for diafol

Aren't the errors self explanatory?

chmod to 0777

the vars $image and $location don't exist

BTW, I suggested delete file after successful update

ok, I'll try this to get the value of location. I wonder why I still cannot get the value of location?

update_image2.php

       <?php            

        if(isset($_POST['ok'])){

            if (empty($_GET['image_id']))
                {

                // Picture Upload

                $allowedExts = array("gif", "jpeg", "jpg", "png");
                //$temp = explode(".", $_FILES["file"]["name"]);

                $image_info = getimagesize($_FILES["file"]["name"]);
                $image_width = $image_info[0];
                $image_height = $image_info[1];

                $extension = pathinfo($_FILES["file"]["name"],PATHINFO_EXTENSION);  
                //$extension = end($temp);

                if ((($_FILES["file"]["type"] == "image/gif")
                || ($_FILES["file"]["type"] == "image/jpeg")
                || ($_FILES["file"]["type"] == "image/jpg")
                || ($_FILES["file"]["type"] == "image/pjpeg")
                || ($_FILES["file"]["type"] == "image/x-png")
                || ($_FILES["file"]["type"] == "image/png"))
                && ($_FILES["file"]["size"] < 41943040)  //40MB
                && in_array($extension, $allowedExts)) {

                if ($_FILES["file"]["error"] > 0) {
                echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
                } else {
                echo "Successfully upload pictures";
                //echo "Upload: " . $_FILES["file"]["name"] . "<br>";
                //echo "Type: " . $_FILES["file"]["type"] . "<br>";
                //echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
                //echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
                if (file_exists("upload/" . $_FILES["file"]["name"]))
                    {

                    $filename = $_FILES["file"]["name"];
                    $i = (rand());
                    $ii = (rand());
                    $iii = (rand());
                    $newfilename = $ii.$iii.$i.$filename;

                    //echo $_FILES["file"]["name"] . " new file name is $newfilename. ";
                    } else {

                    $filename = $_FILES["file"]["name"];
                    $i = (rand());
                    $newfilename = $i.$filename;


                    move_uploaded_file($_FILES["file"]["tmp_name"],
                    "../upload/" . $newfilename);
                    //echo "Stored in: " . "upload/" . $newfilename;
                    }


                } 

                $filename = $_FILES["file"]["name"];


                $username = substr($stu_fname, 0, 1).$stu_lname;
                $username = strtolower($username);

                // default password for new student
                $encrypteddefaultpassword = MD5('squprime');

                // counter mysql injection
                $image_id = mysql_real_escape_string($image_id);
                $image = mysql_real_escape_string($image);
                $location = mysql_real_escape_string($location);

                $sqlstr = "INSERT INTO image_upload(image_id, image, newfilename, location) VALUES('".$image_id."','".$image."' , '".$newfilename."', '".$location."')";

                if($image_width > 300 or $image_height > 300)
                    {
                    echo "Image is too big";
                    exit();
                    }       
                }
            }
        else
        {   

            // Picture Upload 

            $allowedExts = array("gif", "jpeg", "jpg", "png");
            $temp = explode(".", $_FILES["file"]["name"]);
            $extension = end($temp);

            if ((($_FILES["file"]["type"] == "image/gif")
            || ($_FILES["file"]["type"] == "image/jpeg")
            || ($_FILES["file"]["type"] == "image/jpg")
            || ($_FILES["file"]["type"] == "image/pjpeg")
            || ($_FILES["file"]["type"] == "image/x-png")
            || ($_FILES["file"]["type"] == "image/png"))
            && ($_FILES["file"]["size"] < 41943040)  //40MB
            && in_array($extension, $allowedExts)) {
            if ($_FILES["file"]["error"] > 0) {
                echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
                } else {
                //echo "Successfully upload pictures";
                //echo "Upload: " . $_FILES["file"]["name"] . "<br>";
                //echo "Type: " . $_FILES["file"]["type"] . "<br>";
                //echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
                //echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
                if (file_exists("upload/" . $_FILES["file"]["name"]))
                {

                $filename = $_FILES["file"]["name"];
                $i = (rand());
                $ii = (rand());
                $iii = (rand());
                $newfilename = $ii.$iii.$i.$filename;

                //echo $_FILES["file"]["name"] . " new file name is $newfilename. ";
                } else {

                $filename = $_FILES["file"]["name"];
                $i = (rand());
                $newfilename = $i.$filename;

                move_uploaded_file($_FILES["file"]["tmp_name"],
                "../upload/" . $newfilename);
                //echo "Stored in: " . "upload/" . $newfilename;
                }
                }
            } /*else {
                echo "No picture uploaded";
            } */

            //$filename = $_FILES["file"]["name"];

            //$username = substr($stu_fname, 0, 1).$stu_lname;
            //$username = strtolower($username);

            $image_id = $_REQUEST['image_id'];

            // Query to get student picture filename
            $result = mysql_query("SELECT * FROM image_upload WHERE image_id =".$image_id) or die(mysql_error());
            $data1 = mysql_fetch_assoc($result);
            $pic_filename = $data1['newfilename'];

            if($result){
                unlink('../upload/'.$pic_filename);
            }


            //LOAD IMAGE TABLE

            $result = mysql_query("SELECT image FROM image_upload WHERE image_id='".$_GET['image_id']."'") or die(mysql_error());

            $data = mysql_fetch_array($result);

            $image = $data['image'];
            $location = $_POST['location'];

            //counter mysql injection           

            $image = mysql_real_escape_string($image);

            $sqlstr = "UPDATE `image_upload` SET image_id='".$image_id."', image='".$image."', location='".$location."'";

        }

        $result = mysql_query($sqlstr) or die(mysql_error());

        //Jika mode edit, maka tidak akan dikirimkan konfirmasi kepada subscriber
        //if (empty($_REQUEST['id']))   kirimEmail($idKategori, $judul, $news);
        $confirmation = ($result) ? "Data has been saved." : "Fail to save data.";



        }


        ?>          



  <!-- end extra --> 



<br><br><br><br>    

                <?php
                //LOAD IMAGE TABLE

                $result = mysql_query("SELECT image FROM image_upload WHERE image_id='".$_GET['image_id']."'") or die(mysql_error());

                $data = mysql_fetch_array($result);

                $image_id = $_GET['image_id'];

                ?>

                <form method="post" action="<?php echo $_SERVER['PHP_SELF'] .'?image_id='. $image_id;?>" enctype="multipart/form-data">

                            <?php
                                                                                                            echo '<div id="location"><b>Location: <input type="text" size="50px" name="location" value="300 x 300" disabled></b></div><br><br><br>';

                            echo '<div id="updateimage"><img src="images/'.$data['image'].'" height="250px"></updateimage>';

                            echo '<br><br><br>.<input type="file" value="upload" name="file"/><br><br>';

                            ?>

                <td><br><input type="submit" name="ok" value="Save" class="abutton"/></td>

                </form>

I think I find out the problem:

<?php

    echo '<div id="location"><b>Location: <input type="text" size="50px" name="location" value="300 x 300"></b></div><br><br><br>';

?>

It's when I add disabled besides value then, I cannot record the value. Is there any way where I let the value remains disabled but still able to record the value?

Nevermind, I figure it out.

echo '<div id="location"><b>Location: <input type="text" size="50px" name="location" value="300 x 300" disabled></b></div><br><br><br>';

echo '<input type="text" size="50px" name="location" value="300 x 300" hidden>';
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.