Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>The first thing you need to do with this kind of problem is work through where the issues seem to be happening. So take your echoed statement...</p> <blockquote> <p>UPDATE member_units SET photo = "_img.jpg" WHERE id = `</p> </blockquote> <p>This corresponds to...</p> <pre><code>UPDATE $tbl_units SET photo".$_FILES['img']." = \"" . $imagename . "\" WHERE id = " . $_POST['id']; </code></pre> <p>We can see by comparison that it is clear that $_FILES['img'] is and empty variable as far as converting it to a string goes. The same is said for $_POST['id'], while $imagename gives a short <strong>_img.jpg</strong> file name.</p> <p>Tracking back you can then see that $imagename comes from...</p> <pre><code>$_POST['id']."_img".$_FILES['img'].".$ext"; </code></pre> <p>This is where your <strong>photo = "_img.jpg"</strong> comes from. Again, $_FILES['img'] and $_POST['id']</p> <p>The fact that you're reaching the echo statement means that something is uploading, but it is through the $_FILES['userfile'] array, with all of it's associated variables, for example $_FILES['userfile']['name'] which would give you the filename of the image being uploaded.</p> <p>What you need to ask yourself next is where you are expecting $_POST['id'] to come from, since it is missing or empty, and what field in your HTML form delivers that variable. Then you need to ask yourself what you are trying to achieve with your naming system. For example if you want an image file to look like: 1_imgLolCat.jpg then your variable will need to look more like </p> <pre><code>$imagename = $_POST['id']."_img".$_FILES['userfile']['name']; </code></pre> <p>However the final part of my answer below makes me think that instead of the file name, what you're looking for is actually a POST variable that denotes a category or type of image, in which case you may want to work from...</p> <pre><code>$imagename = $_POST['id']."_img".$_POST['img'].".$ext"; </code></pre> <p>...if a HTML field exists with the name "img"!</p> <p>Finally take a look at your SQL statement...</p> <pre><code>SET photo".$_FILES['img']." = \"" . $imagename . "\" </code></pre> <p>And double check your tables, since what you appear to be trying to do is set a unique variable in your table that would depend on something passed from the form. I may be wrong here but I assume (as I said above) you want $_POST['img'] in there.</p> <p>Word of warning, you need...<strong>NEED</strong> to sanitise these variables before you input them in to a SQL statement like this. Someone could easily take </p> <pre><code>SET photo".$_POST['img'] </code></pre> <p>and delete your whole table if permissions were set up for your database use to do so. There are plenty of other answers around as to how to do this properly. :)</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload