0

I am trying to allow users to upload a profile image for my site. The file upload part works fine (although there is nothing deterring them form uploading a non-image file). However I can't get it to update the "profile" row in the mysql database. I think it has something to do with the $_SESSION['user_id'] but I'm not sure. Any ideas why it wont update the row?

<?php
if(isset($_POST['submit'])){
$temp = explode(".",$_FILES["file"]["name"]);
$newfilename = ('ProfileImage') . rand(1,99999) . '.' .end($temp);
move_uploaded_file($_FILES['file']['tmp_name'],"images/profile/" . $newfilename);
            $con = mysqli_connect("localhost","root","","testsite");
            $q = mysqli_query($con,"UPDATE user SET profile = '".$newfilename."' WHERE username = '".$_SESSION['user_id']."'");
}
 ?>
         <form action="" method="post" enctype="multipart/form-data" name="">
                    <input type="file" name="file" required>
                    <input type="submit" name="submit" value="Update Image">

            </form>

Just in case you need to see this, this is the "functions.php" page where $_SESSION['user_id'] is defined:

<?php

@session_start();

function loggedin(){
if(isset($_SESSION['user_id']) && !empty($_SESSION['user_id'])){
return true;
} else {
return false;
}
}

function getuser($id, $field){
$query = mysql_query("SELECT $field FROM user WHERE UserID='$id'");
$run = mysql_fetch_array($query);
return $run[$field];

}

?>
Andrew Gage
  • 17
  • 3
  • 1
    Please, [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Apr 24 '15 at 18:28
  • @JayBlanchard Yes I know I really need to do that but is that what is causing my issue? – Andrew Gage Apr 24 '15 at 18:30
  • *It doesn't matter.* You're actually mixing API's using both `mysqli_` and `mysql_` functions. That will not work. – Jay Blanchard Apr 24 '15 at 18:32
  • @JayBlanchard I don't think he's mixing them in the same script. He's using `mysqli` in one script, `mysqli` in a different script. – Barmar Apr 24 '15 at 18:34
  • You don't seem to be calling `session_start()` in the first script. – Barmar Apr 24 '15 at 18:35
  • Ah, I see that now @Barmar – Jay Blanchard Apr 24 '15 at 18:42

1 Answers1

0

I am assuming your error is here:

$q = mysqli_query($con,"UPDATE user SET profile = '".$newfilename."' WHERE username = '".$_SESSION['user_id']."'");

And that it should be like this:

$q = mysqli_query($con,"UPDATE user SET profile = '".$newfilename."' WHERE UserID = '".$_SESSION['user_id']."'");

Looks like you switched out UserId with username.

When it comes to the page where you supposedly is setting $_SESSION['user_id'], the code you displayed here does no such thing.

It defines two functions, but does not call them, and does not assign a value to user_id.

So first, update the query as shown above, then do a var_dump of $_SESSION, to see if you have stored anything in it. If not you need to go back a few steps, and make sure you actually set the session variables.

lshas
  • 1,691
  • 1
  • 19
  • 39