Php Sql查询未更新Img文件的路径_Php_Mysql

Php Sql查询未更新Img文件的路径

php mysql

Php Sql查询未更新Img文件的路径,php,mysql,Php,Mysql,关于如何通过文件系统上传图像文件并将其路径保存在sql数据库中，并没有Single教程。它在一些网站上被提及，但没有得到适当的解释。奈韦我正在通过php上传一个图像，我想将上传图像的路径存储在sql数据库中。我有两页一,。insert.php <?php session_start(); if (!isset($_SESSION["MM_Username"])) { $_SESSION["message"] = "Please Login"; } ?> <

关于如何通过文件系统上传图像文件并将其路径保存在sql数据库中，并没有Single教程。它在一些网站上被提及，但没有得到适当的解释。奈韦我正在通过php上传一个图像，我想将上传图像的路径存储在sql数据库中。我有两页

一,。insert.php

<?php

session_start();
if (!isset($_SESSION["MM_Username"]))
{
    $_SESSION["message"] = "Please Login";
}

?>
 <!--next comes the form, you must set the enctype to "multipart/frm-data" 
and use an input type "file" -->
 <form name="newad" method="post" enctype="multipart/form-data"  
action="chkupload.php">
 <table>
    <tr><td><input type="file" name="image"></td></tr>
    <tr><td><input name="Submit" type="submit" value="Upload image">
       </td></tr>
 </table>   
 </form>

此页面工作非常正常，但问题在下一个文件中

2chkupload.php

问题是上传工作正常&它在images/文件夹中创建文件，但不将其路径保存在sql表中。所以基本上我需要帮助。它还处于用户身份验证之下。这是一张侧面图

  <?php require_once('Connections/mb.php'); 

$loginUsername = $_SESSION['MM_Username'];

//define a maxim size for the uploaded images in Kb
 define ("MAX_SIZE","100"); 

//This function reads the extension of the file. It is used to determine if the
// file  is an image by checking the extension.
 function getExtension($str) {
         $i = strrpos($str,".");
         if (!$i) { return ""; }
         $l = strlen($str) - $i;
         $ext = substr($str,$i+1,$l);
         return $ext;
 }

//This variable is used as a flag. The value is initialized with 0 (meaning no 
// error  found)  
//and it will be changed to 1 if an errro occures.  
//If the error occures the file will not be uploaded.
 $errors=0;
//checks if the form has been submitted
 if(isset($_POST['Submit'])) 
 {
    //reads the name of the file the user submitted for uploading
    $image=$_FILES['image']['name'];
    //if it is not empty
    if ($image) 
    {
    //get the original name of the file from the clients machine
        $filename = stripslashes($_FILES['image']['name']);
    //get the extension of the file in a lower case format
        $extension = getExtension($filename);
        $extension = strtolower($extension);
    //if it is not a known extension, we will suppose it is an error and 
        // will not  upload the file,  
    //otherwise we will do more tests
 if (($extension != "jpg") && ($extension != "jpeg") && ($extension !=
 "png") && ($extension != "gif")) 
        {
        //print error message
            echo '<h1>Unknown extension!</h1>';
            $errors=1;
        }
        else
        {
//get the size of the image in bytes
 //$_FILES['image']['tmp_name'] is the temporary filename of the file
 //in which the uploaded file was stored on the server
 $size=filesize($_FILES['image']['tmp_name']);

//compare the size with the maxim size we defined and print error if bigger
if ($size > MAX_SIZE*1024)
{
    echo '<h1>You have exceeded the size limit!</h1>';
    $errors=1;
}

//we will give an unique name, for example the time in unix time format
$image_name=time().'.'.$extension;
//the new name will be containing the full path where will be stored (images 
//folder)
$newname="images/".$image_name;
//we verify if the image has been uploaded, and print error instead
$copied = copy($_FILES['image']['tmp_name'], $newname);
if (!$copied) 
{
    echo '<h1>Copy unsuccessfull!</h1>';
    $errors=1;
}}}}

//If no errors registred, print the success message
 if(isset($_POST['Submit']) && !$errors) 
 {
    echo "<h1>File Uploaded Successfully! Try again!</h1>";
 }



mysql_connect("localhost", "root", "") or die(mysql_error());
echo "Connected to MySQL<br />";
mysql_select_db("musibridge") or die(mysql_error());
echo "Connected to Database";
$result = mysql_query("UPDATE artist92 SET path= $newname WHERE email = $loginUsername") 
or die(mysql_error());  

 ?>

生成的错误是

注意：未定义的变量：\第3行C:\xampp\htdocs\MB\chkupload.php中的会话文件上传成功！再试一次！连接到MySQL 连接到数据库您的SQL语法有错误；查看与MySQL服务器版本对应的手册，以了解第1行“jpg WHERE email=”附近使用的正确语法

请帮我修一下。它正在上载但不更新表artist92的列路径

这是我的登录页面。添加它只是为了您对会话变量的引用 artlog.php

 <?php require_once('Connections/mb.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$colname_Recordsetartist = "-1";
if (isset($_SESSION['MM_Username'])) {
  $colname_Recordsetartist = $_SESSION['MM_Username'];
}
mysql_select_db($database_mb, $mb);
$query_Recordsetartist = sprintf("SELECT * FROM artist92 WHERE email = %s", GetSQLValueString($colname_Recordsetartist, "text"));
$Recordsetartist = mysql_query($query_Recordsetartist, $mb) or die(mysql_error());
$row_Recordsetartist = mysql_fetch_assoc($Recordsetartist);
$totalRows_Recordsetartist = mysql_num_rows($Recordsetartist);
$query_Recordsetartist = "SELECT * FROM artist92";
$Recordsetartist = mysql_query($query_Recordsetartist, $mb) or die(mysql_error());
$row_Recordsetartist = mysql_fetch_assoc($Recordsetartist);
$totalRows_Recordsetartist = mysql_num_rows($Recordsetartist);

$colname_Recordsetartist = "-1";
if (isset($_SESSION['MM_email'])) {
  $colname_Recordsetartist = $_SESSION['MM_email'];
}
mysql_select_db($database_mb, $mb);
$query_Recordsetartist = sprintf("SELECT * FROM artist92 WHERE email = %s", GetSQLValueString($colname_Recordsetartist, "text"));
$Recordsetartist = mysql_query($query_Recordsetartist, $mb) or die(mysql_error());
$row_Recordsetartist = mysql_fetch_assoc($Recordsetartist);

$colname_Recordsetartist = "-1";
if (isset($_SESSION['MM_email'])) {
  $colname_Recordsetartist = $_SESSION['MM_email'];
}
mysql_select_db($database_mb, $mb);
$query_Recordsetartist = sprintf("SELECT * FROM artist92 WHERE email = %s", GetSQLValueString($colname_Recordsetartist, "text"));
$Recordsetartist = mysql_query($query_Recordsetartist, $mb) or die(mysql_error());
$row_Recordsetartist = mysql_fetch_assoc($Recordsetartist);
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['email'])) {
  $loginUsername=$_POST['email'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "artistprofile.php";
  $MM_redirectLoginFailed = "artlog.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_mb, $mb);

  $LoginRS__query=sprintf("SELECT email, password FROM artist92 WHERE email=%s AND password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 

  $LoginRS = mysql_query($LoginRS__query, $mb) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";

    if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;       

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];  
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

首先，正如奥马尔已经说过的：

在使用$会话变量之前，必须调用会话\u start

然后花一分钟时间思考SQL查询实际会生成什么：

$newname = "C:\\My Documents\\image.jpg";
$loginUsername = "someone";
echo "UPDATE artist92 SET path= $newname WHERE email = $loginUsername";

产出将是：

UPDATE artist92 SET path= C:\\My Documents\\image.jpg WHERE email = someone

MySQL应该如何解释该语句不可能。您至少需要在字符串周围添加引号

UPDATE artist92 SET path= "C:\\My Documents\\image.jpg" WHERE email = "someone"

然而，这仍然是一个重大的安全问题。请阅读上的PHP文章以获取解释。不，真的-读吧

此外，您不验证文件是否已实际上载。您应该签出is_uploaded_file和move_uploaded_file函数。

在更新语句中，您需要$newname左右的单引号。这将修复SQL语法中的错误。

另外，未定义的变量：_SESSION可以通过调用SESSION_start来解析

在尝试访问会话之前，可能需要调用SESSION_start。我只是想知道，artist92是表的名称吗？感谢您的帮助，但我仍然收到错误通知：未定义索引：第5行C:\xampp\htdocs\MB\chkupload.php中的MM_用户名，但sql错误消失了。我还检查了我的artist92表，在表中我发现路径没有更新，尽管它不再显示sql语法中的任何错误。是的，会话开始工作了。谢谢。。而且thr不再是语法错误。。我这样做了'$result=mysql\u queryUPDATE artist92 SET path='$newname'，其中email='$loginUsername'或diemsql\u error；'但它不会更新表artist92中的路径。它还会在第5行的C:\xampp\htdocs\MB\chkupload.php中显示错误未定义的索引：MM\u Username。MM\u Username是一个会话变量。$\u会话是一个超全局的且始终存在，即使会话尚未启动。它将只是一个空数组。