How i can retrieve the path for the file that i upload?

Question

hi.

im developing a cms.

the Table clients contains many fields and one of them is the image caption.

When the user uploads a file(image) the file is stored in a public folder.

The image caption field retrieves the final name of the file and stores it in the table.

The problem is when the user wants to update the information. If the user doesnt want to change the image, when he clicks "update", the image caption field is empty, so the path to the image becomes null and now he just shows(no image).

heres what ive been trying to do:

The HTML Form:

    <p>
        <label for="image_caption">Image Caption:</label>
    <input name="image_caption" id="image_caption" type="text" class="formbox" size="60"  disabled="disabled" value="<?php echo htmlentities($row['image_caption']); ?>" /> 
    </p>                                                                                     
    <p>
        <label for="image">Insert image:</label>
        <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MAX_FILE_SIZE; ?>" />
        <input type="file" name="image" id="foto" value="<?php echo htmlentities($row['image_caption']); ?>"/> 
    </p>
    <p>
        <?php 
        if($row['image_caption']!= ""){
        ?>
            <img src="../images/clientes/<?php echo $row['image_caption'];?>" width="194" height="145" title="Imagem cliente" class="floatright"/>
      <?php
        }else{
        ?>
            <img src="../images/sem_imagem.gif" width="194" height="145" title="Imagem não disponível" class="floatright"/><br />                                               
        <?php
        }
        ?>
  </p>        
    <p>
        <input type="submit" name="update" value="Update" />
        <input name="cliente_id" type="hidden" value="<?php echo $row['codigo']; ?>" />
    </p>

And now the upload PHP code(ive just inserted the code that i wanted to show u):

    // This checks if the file input is empty, and if it is, insert the value from the table that was previously inserted

    if(empty($_FILES['image']['name'])){
$image_caption = $row['image_caption'];

}else{

$image = str_replace(' ', '_', $_FILES['image']['name']); 
// move the file to the upload folder and rename it
move_uploaded_file($_FILES['image']['tmp_name'],UPLOAD_DIR.$foto); 
$image_caption = $image;
}

Hope this helps...thanks in advance.

Answer 1

Do you fetch the info from the database after the form is submitted? I mean, does $row['nome_foto'] actually contain the previous path?

Edit: Either way, it would be better to simply not update the path field in the database if no new path is supplied.

Also, you need to add some form of checks to the upload to make sure it is an image - right now I could upload a php script or a virus to the server if I wanted to.

Answer 2

I'm still not sure I understand, but can't you just pass the name of the original file as a hidden field? Then if nothing's uploaded, use that.

EDIT: Having just seen your comment, you already have the name of the original file, so changing your PHP to:

if(empty($_FILES['image']['name'])){
    $image_caption = $_POST['image_caption'];
}else{
    ....(etc)

should work, no?

And, of course, if you're going to do something like that then you should perform some kind of sanitization on the posted variables to ensure there's no nastiness...

Answer 3

I am not sure if I understand correctly but I'll give it a shot, if you populate the update form with data from the database - then the image caption field will not be empty even if the guy only changed his name and left everything.