0

I am having a problem in which I cannot update details for my user without updating the profile picture. If I click on the submit button without uploading any picture, error such as below will appear. I can update the details if I also updated the profile picture at the same time.

Here are my codes for edit-profile-upload.php. Sorry for the long codes. I think everything is equally important in this file:

<?php
    $target_dir = "../include/img/uploads/";
    $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
    $uploadOk = 1;
    $imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));

    // Check if image file is a actual image or fake image
    if (isset($_POST["submit"])) 
    {
        $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);

        if ($check !== false) 
        {
            $uploadOk = 1;
            $profile_pic = $_FILES["fileToUpload"]["tmp_name"];
            $imgContent = addslashes(file_get_contents($profile_pic));
            $sql = "UPDATE users SET email = :email, phone = :phone, address = :address, postal_code = :postal_code, state = :state, city = :city, country = :country,  
                    profile_pic = '" . $imgContent . "' WHERE username = '" . $_SESSION['username'] . "'";
            $insert_statement = $db->prepare($sql); 
            $insert_statement->bindParam(':email', $_POST['email'], PDO::PARAM_STR);       
            $insert_statement->bindParam(':phone', $_POST['phone'], PDO::PARAM_STR);
            $insert_statement->bindParam(':address', $_POST['address'], PDO::PARAM_STR);       
            $insert_statement->bindParam(':postal_code', $_POST['postal_code'], PDO::PARAM_STR); 
            $insert_statement->bindParam(':state', $_POST['state_id'], PDO::PARAM_STR); 
            $insert_statement->bindParam(':city', $_POST['city_id'], PDO::PARAM_STR);
            $insert_statement->bindParam(':country', $_POST['country_id'], PDO::PARAM_STR);                  
            $insert_statement->execute();

            if ($insert_statement) 
            {
                echo "<script>alert('Your profile picture " . basename($_FILES["fileToUpload"]["name"]) . " has been changed.');";
                echo 'window.location= "../include/edit-profile.php"';
                echo '</script>';
            } 
            else 
            {
                echo "<script>alert('Your profile picture failed to upload. Please try again.');";
                echo 'window.location= "../include/edit-profile.php"';
                echo '</script>';
            }
        } 
        else 
        {
            echo "<script>alert('File is not an image.');";
            echo 'window.location= "../include/edit-profile.php"';
            echo "</script>";
            $uploadOk = 0;
        }
    }

    // Check file size
    if ($_FILES["fileToUpload"]["size"] > 500000) 
    {
        echo "<script>alert('Sorry your file is too big.');";
        echo 'window.location= "../include/edit-profile.php"';
        echo '</script>';
        $uploadOk = 0;
    }
    // Allow certain file formats
    if ($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif") 
    {
        echo "<script>alert('Sorry, only JPG, JPEG, PNG & GIF files are allowed.');";
        echo 'window.location= "../include/edit-profile.php"';
        echo '</script>';
        $uploadOk = 0;
    }
    // Check if $uploadOk is set to 0 by an error
    if ($uploadOk == 0) 
    {
        echo "<script>alert('Sorry your file was not uploaded.');";
        echo 'window.location= "../include/edit-profile.php"';
        echo '</script>';
    } 
    else 
    {
        if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) 
        {
            echo "<script>alert('The file " . basename($_FILES["fileToUpload"]["name"]) . "has been uploaded.');";
            echo 'window.location= "../include/edit-profile.php"';
            echo '</script>';
        } 
    }
?>

Here is the form part.

<form class="form-horizontal" onSubmit="return formValidation();" method="POST" enctype="multipart/form-data" action="edit-profile-upload.php">

Here is the upload picture part:

<input type="file" class="btn btn-default" name="fileToUpload" id="fileToUpload">

And here is the submit button part:

<button type="submit" name="submit" class="btn btn-success pull-right">Submit</button>
double-beep
  • 5,031
  • 17
  • 33
  • 41
Naz Azhar
  • 75
  • 8

1 Answers1

0

If you're not uploading an image the check for that [inexistent] image still happens - and it fails. You need to check if the file was in fact uploaded, and only if it was uploaded you continue to checking it's dimensions.

$check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);

needs to become

$check = true; // assume everything is OK
if ( strlen( $_FILES["fileToUpload"]["tmp_name"] ) && file_exists( $_FILES["fileToUpload"]["tmp_name"] ) ) {
    $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]); // if the file exists but you can't get its dimensions -> it must not be a picture
}

The strlen() is for only checking if the file_exists if the file name is not empty; without this you'd be checking if an empty file name exists, which would produce a warning.

(please accept the answer if it has solved your problem, and happy coding! :) )

Sorin Buturugeanu
  • 1,782
  • 4
  • 19
  • 32
  • thanks, it fixed the problem of updating the details without uploading any picture. but I get a warning filename cannot be empty. do you have any solution for this warning? – Naz Azhar Apr 06 '19 at 15:47
  • as it turns out, yes .... I'm updating the original answer to address this – Sorin Buturugeanu Apr 06 '19 at 16:22