0

I wanted to make an edit file form where you choose the a different file to upload and replace the previous file. This is my code. 

<?php
require("config.php");
$id = $_GET['id'];

$sql = "SELECT * FROM contracts WHERE id= '$id'";
$result = $con->query($sql);
while ($row = $result->fetch_assoc())
{   
?>

<html><head></head>
<body>

<form method="GET" action="" enctype="multipart/form-data">

    ID: <?php echo $id; ?><br>
    <input type="hidden" name="id" value="<?php echo $id; ?>" />

    Upload File:
    <input type="file" name="upload" value="<?php echo $row($_FILES['name']) ?>"/><br>  
    <input type="submit" name="submit" value="Submit"/>
</form>
</body>
</html>

<?php
}

if(isset($_GET['edit'])  ){


if ($_FILES['upload']['size'] != 0 ){

$filename = $con->real_escape_string($_FILES['upload']['name']);
$filedata= $con->real_escape_string(file_get_contents($_FILES['upload']['tmp_name']));
$filetype = $con->real_escape_string($_FILES['upload']['type']);
$filesize = intval($_FILES['upload']['size']);

$query = "UPDATE `contracts` set `filename` = '$filename',`filedata` = '$filedata', `filetype` = '$filetype',`filesize` = '$filesize' WHERE `id` = '$id' " ;

if ($con->query($query) == TRUE) {
echo "<br><br> New record created successfully";
} else {
    echo "Error:<br>" . $con->error;
}

} else {

$filename = $con->real_escape_string($_FILES['upload']['name']);
$filetype = $con->real_escape_string($_FILES['upload']['type']);
$filesize = intval($_FILES['upload']['size']);

$query = "UPDATE `contracts` set `filename` = '$filename', `filetype` = '$filetype',`filesize` = '$filesize' WHERE `id` = '$id' " ;

if ($con->query($query) == TRUE) {
echo "<br><br> New record created successfully";
} else {
echo "Error:<br>" . $con->error;
}

}
$con->close(); 
}   

?>

When I went to the page it only shows blank. Like this edit file error

Can someone tell me what did I do wrong?

MechaMetalHead
  • 51
  • 1
  • 12
  • 1
    you can't upload files with a GET method. – Funk Forty Niner Mar 17 '17 at 01:33
  • 1
    **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use manual escaping and string interpolation or concatenation to accomplish this because you will create severe [SQL injection bugs](http://bobby-tables.com/). Accidentally unescaped data is a serious risk. – tadman Mar 17 '17 at 01:34
  • Do try and get out of the habit of cluttering up your code with needless things like `== TRUE`. Many functions are designed to return values that evaluate as true so that literal comparison is redundant. – tadman Mar 17 '17 at 01:35
  • @Fred-ii- I tried using POST method. Still the same problem – MechaMetalHead Mar 17 '17 at 01:47
  • @MechaMetalHead My answer was not right I apologize about that. But i've searched for [answer](http://stackoverflow.com/questions/8323010/putting-default-value-in-input-type-file) and i found it's not possible to add default value to file input. – Amr Aly Mar 17 '17 at 02:26
  • @AmrAly oh no need to sorry. I think I should be the one feeling sorry because what I learn from school is very little. I went to the link to provided but I still having the same problems though. I don't know how to fix it myself. – MechaMetalHead Mar 17 '17 at 02:52

1 Answers1

0

The correct coding should be

Upload File:
    <?php echo $row['filename'] ?>
    <input type="file" name="upload"/><br>  
    <input type="submit" name="edit" value="Submit"/>
MechaMetalHead
  • 51
  • 1
  • 12