PHP Versions Question posted in
You can find a list of all versions here.

Php versions – PHP result row as an object not set

I have this PHP code in which I try to edit a row in the database

$sql="SELECT * FROM `event` where `EId`='".$_GET['EId']."'";
$res=$conn->query($sql);
$numrows=mysqli_num_rows($res);
if ($numrows>0)
{
  $obj = mysqli_fetch_object($res);
} 

if ($_REQUEST["mode"]=="save")
{
  if ($_FILES['image']['name']!="")
  {
    del_img("event/",$obj->Picture);
    $Picture=post_img($_FILES['image']['name'], $_FILES['image']['tmp_name'],"event");
  }
  else
    $Picture = $obj->Picture;

  $sqlu="update event set Picture='".$Picture."' where EId='".$_POST['EId']."'";

  $conn->query($sqlu);
  header("refresh:1; url=event_view.php");
  die();

}

function post_img($fileName,$tempFile,$targetFolder)
{ 
  if ($fileName!="")
  {
    if(!(is_dir($targetFolder)))
      mkdir($targetFolder);
    $counter=0;
    $NewFileName=$fileName;
    if(file_exists($targetFolder."/".$NewFileName))
    {
      do
      { 
        $counter=$counter+1;
        $NewFileName=$counter."".$fileName;
      }
      while(file_exists($targetFolder."/".$NewFileName));
    }
    $NewFileName=str_replace(",","-",$NewFileName);
    $NewFileName=str_replace(" ","_",$NewFileName); 
    copy($tempFile, $targetFolder."/".$NewFileName);  
    return $NewFileName;
  }
}

function del_img($targetfolder,$filname)
{
  if (file_exists($targetfolder.$filname))
  {
    unlink($targetfolder.$filname);
  }
}

When this is executed without uploading a new image it removes the present image and saves the row without any image. When uploading a new image it does not delete the current image.

I checked with isset and it tells me that the variable $obj->Picture is not set. I used this code in an older version of PHP and it still works but I can’t seem to get it to work in the current one.
I am quite sure that the problem lies with $obj but I can’t seem figure out what it is.

The HTML is just a form with file upload input and I have already set up a connection to the database with $conn being a new mysqli. The reason I am taking the entire row is because I am editing other stuff too

It feels like I am committing a fundamental mistake? What am I missing?

Tags:

2

Answers


  1. 0

    I’d bet there is some Problem with the num_rows_function.

    Try to structure the code differently or at least make sure you have obj defined and initialised when the part of your code where the object is required is reached.

    Do something like this for xample:

       if ($_REQUEST["mode"]=="save"  && isset($obj))
   {
    if (($_FILES['image']['name']!=""))
   {
    del_img("event/",$obj->Picture);
    $Picture=post_img($_FILES['image']['name'], $_FILES['image']['tmp_name'],"event");
    }
   else
   $Picture = $obj->Picture;

   $sqlu="update event set Picture='".$Picture."' where EId='".$_POST['EId']."'";
  (...)
    Login or Signup to reply.
  2. 0

    Well, here’s how I would fix this up. Your whole logic was messed up; now we have only the two conditions we need: is a valid EId sent, and is a file attached?

    Database API is updated to something a tiny bit more modern, queries are prepared and parameterized for security, and we are properly sanitizing user input before using it to name files.

    <?php
$conn = new PDO("mysql:host=localhost;dbname=database", "user", "password");

$stmt = $conn->prepare("SELECT Picture FROM event WHERE EId = ?");
$result = $stmt->execute([$_POST["EId"]]);
if ($obj = $stmt->fetch(PDO::FETCH_OBJ)) {
    if (!empty($_FILES["image"])) {
        del_img("event/", $obj->Picture);
        $Picture = post_img($_FILES['image'], "event");
        $stmt = $conn->prepare("UPDATE event SET Picture = ? WHERE EId = ?");
        $result = $stmt->execute([$Picture, $_POST["EId"]]);
    }
    header("Location: event_view.php");
    die();
}

function post_img($file, $targetFolder)
{
    if (!(is_dir($targetFolder))) {
        mkdir($targetFolder);
    }
    $fileName = $file["name"];
    $tempFile = $file["tmp_name"];

    $NewFileName = str_replace([",", " "], ["-", "_"], basename($fileName));

    $counter = 0;
    while(file_exists($targetFolder . "/" . $NewFileName)) { 
        $counter += 1;
        $NewFileName = $counter . $fileName;
    }
    move_uploaded_file($tempFile, $targetFolder . "/" . $NewFileName);  
    return $NewFileName;
}

function del_img($targetfolder,$filname)
{
    if (file_exists($targetfolder . $filname)) {
        unlink($targetfolder.$filname);
    }
}
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search