Jump to content

Issue with POST content from one page to another


Mekaboo
 Share

Recommended Posts

Hello to all!!

 Im having an issue getting edit profile results to show up on my profile page. Here are my codes:

proedit.php

<div id="main">
 <form id="uploadForm" action="proupdate.php" method="post">
<div id="targetLayer">No Image</div>
<div id="uploadFormLayer">
<input name="userImage" type="file" class="inputFile" /><br/>
<input type="submit" value="Submit" class="btnSubmit" />
  
  <form action="proupdate.php" method="post">
   uname: <input type="text" name="uname"><br>

     bio: <input type="text" id="name" name="name" required
         minlength="4" maxlength="8" size="10"><br>
    
   <input type="submit" name="edit">

  </form>
    </div>
  

proupdate.php

 session_start();
 include "connect.php"; if(isset($_POST['edit']))
 {    $id=$_SESSION['id'];
    $uname=$_POST['uname'];
    $bio= $_POST['bio'];    $select= "select * from users where id='$id'";
    $sql = mysqli_query($conn,$select);
    $row = mysqli_fetch_assoc($sql);    $res= $row['id'];
    if($res === $id)
    {

       $update = "update users set uname='$uname',bio='$bio' where id='$id'";
       $sql2=mysqli_query($conn,$update);if($sql2)
       {
           /*Successful*/
           header('location:pro.php');
       }
       else
       {
           /*sorry your profile is not update*/
           header('location:proedit.php');
       }
    }
    else
    {
        /*sorry your id is not match*/
        header('location:proedit.php');
    } }?>
<?php
if(is_array($_FILES)) {
if(is_uploaded_file($_FILES['userImage']['tmp_name'])) {
$sourcePath = $_FILES['userImage']['tmp_name'];
$targetPath = "images/".$_FILES['userImage']['name'];
if(move_uploaded_file($sourcePath,$targetPath)) {
?>
<img class="image-preview" src="<?php echo 'pro.php'; ?>" class="upload-preview" />
<?php
}
}
}

pro.php

<div id="main">
<div class="page-content"><?php include 'proupdate.php';?></div>
</div>

Appreciate the help☺️

Link to comment
Share on other sites

Did you get any error messages? It's not obvious where the problem might be but there are a few potential problems in the code.

The first thing that I notice is that the session_start() and header() are being called after HTML has been sent to the client due to the fact that the file which contains this code is included after some HTML in another file. session_start() and header() need to be called before and output, which could be HTML or any echo or print statements, among other things.

The way to solve the above problem is to separate the code which generates HTML from the code which processes the form data. The code which processes the form should be included at the very beginning of pro.php. The other include statement embedded within the HTML could use variables created by the code at the top of the page to display information.

 

The following line of code won't display an image because the src attribute is just "pro.php" which is not an image file:

<img class="image-preview" src="<?php echo 'pro.php'; ?>" class="upload-preview" />

I think what you intended was to display the path of the uploaded image, which would be like this:

<img class="image-preview" src="<?php echo $targetPath; ?>" class="upload-preview" />

 

Your code has some dangerous security holes. It allows for the possibility of hacking the database. Read about Prepared Statements to protect your website from that.

Another security vulnerability is that people are able to upload their own PHP file to your server and run any PHP code they want. A common strategy to protect from this is to make sure that the file extension only is one of png, gif, jpg or jpeg. W3Schools shows an example of this on this page: https://www.w3schools.com/php/php_file_upload.asp

To add an additional layer of security to the file upload form you could verify that the contents of the file is an image by using getimagesize().

 

  • Like 1
Link to comment
Share on other sites

If the page is blank it means that your server has disabled error reporting. You can turn error reporting on for your page by putting these lines at the very beginning of the file:

<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);

Error messages will help pinpoint exactly where the problem is and likely indicate how to fix it.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...