1

I'm having problems to resolve this issue, basically I have one table with to fields for images (image and image2), I'm reusing a code and is working properly for upload un image in the submission, but the second one is not uploaded and off course not inserted into the DB.

<form action="../imgs/update_code.php" method="post" enctype="multipart/form-data" id="form1">

<input name="image1" type="file" />
<input name="image2" type="file" />

<input name="id" type="hidden" value="<?php echo $row_Recordset1['id']; ?>" />
<input name="submit" type="submit" value="submit" />
</form>

Can anyone tell me if this is possible to upload to different image in one submit or I need to continue uploading one image per form (first form upload/insert "image1" and second form update/upload "image2")

<?php require_once('../admin/Connections/cnx.php'); ?>
<?php
ob_start();
$tabla='models';
$destino='../models.php';
mysql_connect($server,$user,$pass);
mysql_select_db($db);
function modificar($tabla,$id){
$strupdate='';
foreach($_POST as $k => $v){
if($k!='imageField_x' && $k!='imageField_y' && $k!='image1' && $k!='image2' &&          $k!='foto2' && $k!='foto3' && $k!='Submit'){
$v=(get_magic_quotes_gpc()) ? $v : addslashes($v);
$strupdate.= "$k='$v',";
}}
$strupdate=substr($strupdate,0,(strlen($strupdate)-1));
mysql_query("SET NAMES utf8");
mysql_query("update $tabla set $strupdate where id='$id'");
}
function reemplazaarchivo($archivo,$archivotemp,$tabla,$campoarchivo,$error,$id){
if($archivo!=''){
$qryant=mysql_query("select * from $tabla where id='$id'");
$rowant=mysql_fetch_array($qryant);
@unlink($rowant[$campoarchivo]);
$extension200=end(explode(".",strtolower($archivo)));
if($extension200!='jpg' && $extension200!='gif' && $extension200!='png' &&  $extension200!='doc' && $extension200!='zip' && $extension200!='pdf' && $extension200!='xls' && $extension200!='ppt' && $extension200!='swf'){
eval($error);exit;}
$foto2=md5(time()).$archivo;
copy($archivotemp,$foto2);
@chmod($foto2,0755);
mysql_query("update $tabla set $campoarchivo='$foto2' where id='$id'");
}
}
modificar($tabla,$_POST['id']);
reemplazaarchivo($_FILES['image1']['name'],$_FILES['image1']['tmp_name'],$tabla,'image1','',$_POST['id']);
for($i=1;$i<4;$i++){
reemplazaarchivo($_FILES['image1'.$i]['name'],$_FILES['image1'.$i]  ['tmp_name'],$tabla,'image1'.$i,'',$_POST['id']);
}
header("Location:$destino");
ob_end_flush();
?>
Improve this question
3
  • 2
    Please, before you write any more SQL interfacing code, you must read up on proper SQL escaping to avoid severe SQL injection bugs. addslashes is not a valid escaping method, and mysql_query should not be used in new applications, it's being removed from PHP. A modern replacement like PDO is not hard to learn. A guide like PHP The Right Way will help you avoid making mistakes like this. Commented Oct 10, 2013 at 14:42
  • 1
    eval!? addslashes!? mysql!? your code is LITTERED with security problems and horribly bad coding practices. Ditch this garbage, and go back to the drawing board... Commented Oct 10, 2013 at 14:45
  • Thanks a lot for your comment, I did a php dreamweaver training and they give us that example code and I was reusing it without know. I'll check your advise. Commented Oct 10, 2013 at 15:01

1 Answer 1

Reset to default
2

Do you even google? http://php.net/manual/en/features.file-upload.multiple.php

<form action="file-upload.php" method="post" enctype="multipart/form-data">
  Send these files:<br />
  <input name="userfile[]" type="file" /><br />
  <input name="userfile[]" type="file" /><br />
  <input type="submit" value="Send files" />
</form>

Also, you're code is very unclear and unsafe.. Take a look into security.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks for your reply, I'm googling from more than a week, I found that example but I could't implement.
What you have in your actual code is the name of your input fields is the same. So it's overwriting. Change it into an array or give them a different value.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.