0

I want to update my data in mysql. But, if i want update (ex. firstname), photo_profile will lost.

 <?php
    include 'function_page_user.php';

    if(($_FILES['photo_profile']) and ($_POST['firstname']) and ($_POST['lastname']) and ($_POST['password']))
    {
        session_start();

        include 'connect.php';
        $foldername="assets/img/user/";
        $firstname = mysql_real_escape_string($_POST["firstname"]);
        $lastname = mysql_real_escape_string($_POST["lastname"]);
        $pwd = mysql_real_escape_string($_POST["password"]);

        if((!empty($firstname) and !empty($lastname) and !empty($pwd)) and($_FILES['photo_profile']))
        {
            $image = $foldername . basename ($_FILES['photo_profile'] ['name']);
            mysql_query ("update user set firstname = '".$firstname."' , lastname = '".$lastname."' , password = '".$pwd."' , photo_profile='".$image."' where id_user ='".$_SESSION['id']."'");
            move_uploaded_file($_FILES['photo_profile']['tmp_name'], $image);
            echo "<script>alert ('File Succes To edit');</script>";
            $page="formubahuser.php";

            echo redirectPage($page);   
        }
        else echo "variabel empty";
    }
    else 
        echo ("your data is not complete<a href=formubahuser.php>Fill it again</a>");
?>
joran
  • 169,992
  • 32
  • 429
  • 468
Sinagaman Eidelbert
  • 27
  • 9
  • Apologies for the confusing series of edits. Was trying to review edits with a toddler on my lap. – joran Jul 07 '13 at 18:24

1 Answers1

0

You have a number of major problems in your code. Before you continue, you need to read about the following topics:

1) The php mysql_ functions have been deprecated. That means the functions will be removed in future versions of php. You should use pdo or mysqli instead

2) When you store passwords in your database, they should always, always, always be encrypted.

Regarding your question, I think you are asking how to change the metadata (such as a firstname) without unsetting the photo url. Try something like this:

$updatequery = "UPDATE user SET firstname = '".$firstname."' , lastname = '".$lastname."' , password = '".$pwd."'";
if( $_FILES['photo_profile'])
{ 
   $image = $foldername . basename ($_FILES['photo_profile'] ['name']);
   $updatequery .= ", photo_profile='".$image."'"; 
}
$updatequery .= " where id_user ='".$_SESSION['id']."'";
Community
  • 1
  • 1
Nathaniel Granor
  • 326
  • 1
  • 9