Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/shell/5.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
PHP-从动态表单上载图像-文件命名问题_Php_Mysql_File Upload - Fatal编程技术网
Fatal编程技术网
  • php/
  • PHP-从动态表单上载图像-文件命名问题

PHP-从动态表单上载图像-文件命名问题

php mysql file-upload

PHP-从动态表单上载图像-文件命名问题,php,mysql,file-upload,Php,Mysql,File Upload,我正在构建一个动态表单,允许用户为每个条目创建可变数量的行。该表单包含图像上传功能。我可以让图像上传工作,但不完全是我想要的-问题是,我似乎被迫使用文件的“tmp_名称”,无法获得原始文件名 首先,这里是我的PHP(指向MySQL) 注意这一行- $image_array[$siteNumber] = $_FILES['image'.$siteNumber.'']['tmp_name']; 为了将图像放入$image\u数组,它们需要['name']或['tmp\u name']后缀-在此处使

我正在构建一个动态表单,允许用户为每个条目创建可变数量的行。该表单包含图像上传功能。我可以让图像上传工作,但不完全是我想要的-问题是,我似乎被迫使用文件的“tmp_名称”,无法获得原始文件名

首先,这里是我的PHP(指向MySQL)

注意这一行-

$image_array[$siteNumber] = $_FILES['image'.$siteNumber.'']['tmp_name'];
为了将图像放入$image\u数组,它们需要['name']或['tmp\u name']后缀-在此处使用['name']会导致
move\u uploaded\u file
函数失败,但这会生成错误
未定义变量:image\u url
。但是,我发现通过将['tmp_name']构建到$image_数组变量中,我能够使
move_uploaded_file
函数工作,因为该函数在第一个参数中需要['tmp_name']后缀

所以我的问题是-有没有一种方法可以使用实际的文件名而不是临时名称将图像放入图像数组?这没什么大不了的——上面的代码确实有效,我不需要为这个特定的项目保留实际的文件名——但我仍然想知道正确的方法

谢谢。

只需将整个\u文件存储在阵列中即可:

require '../credentials.php';
$servername = "localhost";
$dbname = "dynamic_test";
$target_dir = "uploads/";

$conn = new mysqli($servername, $username, $password, $dbname);

$sql = '';

$name = $_POST['name'];
$route = $_POST['route'];

$site_array = $_POST['site'];

foreach($site_array as $siteNumber => $value){

    $species_array[$siteNumber] = $_POST['species'.$siteNumber];
    $deadinjured_array[$siteNumber] = $_POST['deadinjured'.$siteNumber];
    $image_array[$siteNumber] = $_FILES['image'.$siteNumber];

    foreach ($species_array[$siteNumber] as $key => $species) {
        $image_url = false;

        if (isset($image_array[$siteNumber][$key])) {
            $target_file = ($target_dir . $image_array[$siteNumber][$key]['name']);

            if (move_uploaded_file($image_array[$siteNumber][$key]['tmp_name'], $target_file)) {
                $image_url = $target_file;
            } 
        }       

        $deadinjured = isset($deadinjured_array[$siteNumber][$key]) ? $deadinjured_array[$siteNumber][$key] : false;

        $sql .= "INSERT INTO test (volunteer, route, site, species, deadinjured, image_url)
        VALUES ('$name', '$route', '$siteNumber', '$species', '$deadinjured', '$image_url');";

    };
};
但是请注意,您有SQL注入威胁。另外,我建议使用唯一的名称存储文件。如果确实需要保留原始名称,请将原始名称与自动生成的名称一起存储在数据库中。因此,您的用户在上传文件时会看到文件名,但实际上它将以不同的名称存储在服务器上。使用或类似的方法生成随机名称。

我发现这里的问题在于语法。Eihwaz提出了一些很好的建议,但这里是最后一段工作代码——请参阅我的注释,了解发生了什么变化。。。(SQL注入威胁已消除)

这将返回一些错误-
未定义的偏移量:1
未定义的变量:image\u url
。是的,值得注意的是,这仍在开发中,因此尚未内置验证或SQL注入预防。只是在努力降低流量。。。 
require '../credentials.php';
$servername = "localhost";
$dbname = "dynamic_test";
$target_dir = "uploads/";

$conn = new mysqli($servername, $username, $password, $dbname);

$sql = '';

$name = $_POST['name'];
$route = $_POST['route'];

$site_array = $_POST['site'];

foreach($site_array as $siteNumber => $value){

    $species_array[$siteNumber] = $_POST['species'.$siteNumber];
    $deadinjured_array[$siteNumber] = $_POST['deadinjured'.$siteNumber];
    $image_array[$siteNumber] = $_FILES['image'.$siteNumber];

    foreach ($species_array[$siteNumber] as $key => $species) {
        $image_url = false;

        if (isset($image_array[$siteNumber][$key])) {
            $target_file = ($target_dir . $image_array[$siteNumber][$key]['name']);

            if (move_uploaded_file($image_array[$siteNumber][$key]['tmp_name'], $target_file)) {
                $image_url = $target_file;
            } 
        }       

        $deadinjured = isset($deadinjured_array[$siteNumber][$key]) ? $deadinjured_array[$siteNumber][$key] : false;

        $sql .= "INSERT INTO test (volunteer, route, site, species, deadinjured, image_url)
        VALUES ('$name', '$route', '$siteNumber', '$species', '$deadinjured', '$image_url');";

    };
};

require '../credentials.php';
$servername = "localhost";
$dbname = "dynamic_test";
$target_dir = "uploads/";

$conn = new mysqli($servername, $username, $password, $dbname);

$sql = '';

$name = $conn->real_escape_string($_POST['name']);
$route = $conn->real_escape_string($_POST['route']);

$site_array = $_POST['site'];

foreach($site_array as $siteNumber => $value){

    $siteNumber = $conn->real_escape_string($siteNumber);

    $species_array[$siteNumber] = $_POST['species'.$siteNumber.''];
    $deadinjured_array[$siteNumber] = $_POST['deadinjured'.$siteNumber.''];

    //IT IS NECESSARY TO SUFFIX THIS WITH ['name'], 
    $image_array[$siteNumber] = $_FILES['image'.$siteNumber.'']['name'];

    foreach($species_array[$siteNumber] as $key => $species){

        if($image_array[$siteNumber][$key]){
            $target_file = ($target_dir . rand(1, 9999999) . strtolower(basename($image_array[$siteNumber][$key])));

            //ALTHOUGH SLIGHTLY LESS ELEGANT THAN USING A VARIABLE, I FOUND THAT THIS WORKED BECAUSE ['tmp_name'] MUST PRECEDE [$key] - I WAS THINKING IT HAD TO BE THE OTHER WAY AROUND
            if(move_uploaded_file($_FILES['image'.$siteNumber.'']['tmp_name'][$key], $target_file)){
                $image_url = $conn->real_escape_string($target_file);
            } 
        };        

    $deadinjured = $deadinjured_array[$siteNumber][$key];

    $sql .= "INSERT INTO test (volunteer, route, site, species, deadinjured, image_url)
VALUES ('$name', '$route', '$siteNumber', '$species', '$deadinjured', '$image_url');";

    };
};