On Jun 20, 11:33*am, Pépê <josemariabar...@gmail.com> wrote:
> On 20 Jun, 11:22, Captain Paralytic <paul_laut...@yahoo.com> wrote:
> > On Jun 20, 10:54*am, Pépê <josemariabar...@gmail.com> wrote:
>
> > > Hi all.
>
> > > Im a newbie in PHP and im trying to upload a file to the server.
>
> > > I use a form to upload a pdf file and some text information about it.
>
> > > The client uploads the file and the system renames that file and puts
> > > all the information in the database.
>
> > > The problem is when the client goes again to edit the information, i
> > > always have to choose a file to upload or else it will put blank the
> > > pdf column and he cant find the old one!
>
> > > i do a $_POST['file'] to the UPDATE statement but i think i need to do
> > > a if clause(and dont know what im going to put )...but where? i tried
> > > it in the UPDATE statement and i cant..
>
> > Build your update statement dynamically. This is the sort of thing,
> > but you should sanitise the $_POST input.
>
> > if($_POST['file'])
> > * $fileup = ",file = '{$_POST['file']}'";
> > else
> > * $fileup = '';
>
> > $qry = "
> > INSERT INTO fred SET
> > * id = {$id},
> > * info1 = '{$info1}',
> > * info2 = '{$info2}
> > * {$fileup}
> > ON DUPLICATE KEY UPDATE
> > * info1 = '{$info1}',
> > * info2 = '{$info2}'
> > * {$fileup}
> >
> Thanks for the help Captain.
>
> Ive had some problems recently with sql injection in ASP.
>
> Im new in PHP. How can i protect the forms in PHP?
>
> I will do a search in google in the meantime...
>
> Once again, thanks

Please do not top post (top posting fixed).

Your main tool for this is mysql_real_escape_string(), but you will
find lots of good threads about this subject in the archives of this
forum.