1

This is my edit file,

This is my $ _POST 

<?php 

            if(isset($_POST['submit']) ){

              $id          = $connect->real_escape_string($_POST['id']);
              $name        = $connect->real_escape_string($_POST['name']);
              $description =$connect->real_escape_string($_POST['description']);

              $image    = $_FILES['image'];
              $tmp_file = $_FILES['image']['tmp_name'];
              $file_size= $_FILES['image']['size'];
              $type_file= $_FILES['image'] ['type'];

                  if(edit_portfolio($id, $name, $description, $image)) {#1
                        $type     = "msg-scs";
                        $location = "mp_showdata.php";
                        $message  = "portfolio successfully edited";
                        redirect($type,$location, $message);      
                    }else{#1
                        $type     = "msg-fail";
                        $location = "mp_showdata.php";
                        $message  = "portfolio failed to edit";
                        redirect($type,$location, $message);    
                  }     
          }

      ?>

this is my function

function edit_portfolio($id, $name, $description, $image, $type_file){
       global $connect;   
       $filePath = "images/portfolios/".basename($image["name"]);
       move_uploaded_file($image["tmp_name"], $filePath);

  if(!empty($image['name'])){
         $sql = "UPDATE ms_portfolios SET name='$name', description='$description', image='$filePath' WHERE id='$id'";
         if($connect->query($sql) === TRUE)
            return true; else
            return false;
      }else{
         $sql = "UPDATE ms_portfolios SET name='$name', description='$description' WHERE id='$id'";
         if($connect->query($sql) === TRUE)
            return true; else
            return false; 
      }
  }

?>

THIS IS MY HTML 

<div class="form-group">
<label><?php echo "old image <span style=color:red>$row->image</span>" ?></label>
<input type="file" name="image">
<input type="hidden" name="temp_img" value="<?php echo $row->image ?>">
<input type="hidden" name="id" value="<?php echo $row->id ?>">
</div>

my problem here is, where i have to put the code php for the allowed files only jpg, png, jpeg. I've tried in the function and in $ _POST in many experiments

thank for help :)

ron
  • 43
  • 6
  • I'd say below this line: `$type_file= $_FILES['image'] ['type'];`. File type comparison seems to be a hard fail in your question, so might as well do it as early as possible. – Loek Jun 01 '18 at 09:27
  • my problem here is, when i did not edit the image. but the return becomes false – ron Jun 01 '18 at 09:31
  • So add another `if` to check whether a new image was uploaded :) – Loek Jun 01 '18 at 09:33

1 Answers1

1

There are 2 things that you can do. The first (client-side) is the file input element on your web page use the accept attribute so the browser will restrict the user to your specified file types (https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input#attr-accept). The server-side needs to check the actual file - not the extension. You can use the pathinfo() (php check file extension in upload form)

  • AFAIK, `pathinfo` does check the path and thus the extension instead of the file. You'd need MIME checking for that. – Loek Jun 01 '18 at 09:34