Extecuting Query With The Condition in PHP

Question

I have a page in which user can update their posts.

I need to update the database with different query(for different Conditions).

But every time I run update using this code, image filename changes automatically (even if I have a condition). Am I doing something wrong?

 if(empty($up_image)){
              $up_image = $image;
          $update_query = "UPDATE posts  SET title = '$up_title', image = '$up_image', categories = '$up_categories', tags = '$up_tags', post_data = '$up_post_data', status = '$up_status' WHERE id = $edit_id";
          if(mysqli_query($con, $update_query)){
              $msg = "Post has been Updated";
              $path1 = "img/$up_image";
              header("refresh:1;edit-post.php?edit=$edit_id");
                  if(move_uploaded_file($up_tmp_name, $path1)){
               copy($path1, "../$path1");
            }


          }
          else{
              $error = "Unable to Update Post";
          }

          }

           if(!empty($up_image)){
             $up_image = preg_replace('/\s+/','',$up_image); 

           $image_size = $_FILES['image']['size'];
                $allowed_img_ext = array("jpg", "jpeg", "png", "bmp");
                $ext = pathinfo($up_image, PATHINFO_EXTENSION);
                $trimed_img_name = pathinfo($up_image, PATHINFO_FILENAME);

     if(in_array($ext, $allowed_img_ext))//check valid file extension
     {
        if($image_size < 2097152) {
         $ren_image = substr($trimed_img_name,0,3)."".substr($title,0,11)."_".date("mj")."_".date("Y")."_".date("His").".".$ext;
            $path = "img/".$ren_image;  
          $update_query = "UPDATE posts  SET title = '$up_title', image = '$ren_image', categories = '$up_categories', tags = '$up_tags', post_data = '$up_post_data', status = '$up_status' WHERE id = $edit_id";
                      }
         else{
             $img_error = "Please Upload the Image File Size Less than 2 MB"; 
         }
     }
              else{
                  $img_error = "Invalid Image File";
              }


              if(mysqli_query($con, $update_query)){

              $msg = "Post has been Updated";
              header("refresh:1;edit-post.php?edit=$edit_id");
                    if(move_uploaded_file($up_tmp_name, $path)){
               copy($path, "../$path");
            }

          }
          else{
              $error = "Unable to Update Post";
          }  



          } //End

Well if you have an `empty($up_image)` you update the image in the db to something, maybe to empty string, and if you have `!empty($up_image)` you also update the image (unless it is too large). So yes, the image is usually updated — Adder, Jan 24 '18 at 14:16
Also, please read up on SQL injection: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php/60496#60496 — Adder, Jan 24 '18 at 14:18
So I added a default value to up_image `$up_image = $image` So with this line the image section need to be on default value if empty that is $image. but even if the image section is empty , the query in else if section is excuting — Sachin Chauhan, Jan 24 '18 at 14:28
Because of your change, you need to write `else if(!empty($up_image)){` now, otherwise that case will execute now since `$up_image` now has a non-empty value of `$image`. Or just write `else {` there. — Adder, Jan 24 '18 at 14:46

score 0 · Answer 1 · answered Jan 24 '18 at 14:49

0

So I removed $up_image = $image; and image = $up_image section from first query now it is working. Thanks for your comment

answered Jan 24 '18 at 14:49

Sachin Chauhan

1
1

Extecuting Query With The Condition in PHP

1 Answers1