Creating an isset if fuction using php to avoid and update if the input is empty for a MYSQL update.

Question

Hi I am newish to php and I have created an update page for Content Management System. I have a file upload in this case a picture. I have other inputs that contain text and I can get them to populate my form and thats fine and works great because the user can see what has already been entered. But the file name for the photo can not have a value so if the user doesn't pick the picture from the directory again it will update minus the picture. What I think I need is a isset fuction that says if the file (picture) input is left blank don't update this field and use whatever what already in the database for it, that way if it was left blank when created it will still be, and if the user has changed it this time it will change; or if they want to leave it the same it won't leave their picture blank. Hope that makes sence.

Here is my coding currently for the Form:

 <p>
              Photo:
            </p>
            <input type="hidden" name="MAX_FILE_SIZE" value="350000">
            <input type="file" name="photo"/>

Below is my php code for my update if the update button is pressed:

   $con = mysql_connect("localhost","******","********");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("*******", $con);

  // run this only, once the user has hit the "Update" button

  if (isset($_POST['update'])) {

    // assign form inputs

    $name = $_POST['nameMember'];

    $position = $_POST['bandMember'];

    $pic = $_POST['photo'];

    $about = $_POST['aboutMember'];

    $bands = $_POST['otherBands'];

      // add member to database

    $result = mysql_query("UPDATE dbProfile SET nameMember='".$name."',bandMember='".$position."',photo='".$pic."',aboutMember='".$about."',otherBands='".$bands."' WHERE id='".$id."'");

        mysql_close($con);


      Header("Location: listMember.php"); 

      exit; 

    }


  else { // read member data from database

    $result = mysql_query ("SELECT * FROM dbProfile WHERE id='".$id."'");

    while($row = mysql_fetch_array($result))


{


   $name = $row['nameMember'];

    $position = $row['bandMember'];

    $pic = $row['photo'];

    $about = $row['aboutMember'];

    $bands = $row['otherBands'];

  }
  }
  mysql_close($con);
?>

If you could help I would be very please and greatful.

Cheers

Cool Hand Luke

Answer 1

You have to use the $_FILES variable for uploaded files. For further information, see Handling file uploads in the PHP manual.

Answer 2

Try:

if(is_uploaded_file($_FILES['photo']['tmp_name']))

From the manual:

Returns TRUE if the file named by filename was uploaded via HTTP POST. This is useful to help ensure that a malicious user hasn't tried to trick the script into working on files upon which it should not be working--for instance, /etc/passwd.