Php Sql查询未更新Img文件的路径
关于如何通过文件系统上传图像文件并将其路径保存在sql数据库中,并没有Single教程。 它在一些网站上被提及,但没有得到适当的解释。 奈韦 我正在通过php上传一个图像,我想将上传图像的路径存储在sql数据库中。 我有两页 一,。insert.phpPhp Sql查询未更新Img文件的路径,php,mysql,Php,Mysql,关于如何通过文件系统上传图像文件并将其路径保存在sql数据库中,并没有Single教程。 它在一些网站上被提及,但没有得到适当的解释。 奈韦 我正在通过php上传一个图像,我想将上传图像的路径存储在sql数据库中。 我有两页 一,。insert.php <?php session_start(); if (!isset($_SESSION["MM_Username"])) { $_SESSION["message"] = "Please Login"; } ?> <
<?php
session_start();
if (!isset($_SESSION["MM_Username"]))
{
$_SESSION["message"] = "Please Login";
}
?>
<!--next comes the form, you must set the enctype to "multipart/frm-data"
and use an input type "file" -->
<form name="newad" method="post" enctype="multipart/form-data"
action="chkupload.php">
<table>
<tr><td><input type="file" name="image"></td></tr>
<tr><td><input name="Submit" type="submit" value="Upload image">
</td></tr>
</table>
</form>
此页面工作非常正常,但问题在下一个文件中
2chkupload.php
问题是上传工作正常&它在images/文件夹中创建文件,但不将其路径保存在sql表中。所以基本上我需要帮助。
它还处于用户身份验证之下。这是一张侧面图
<?php require_once('Connections/mb.php');
$loginUsername = $_SESSION['MM_Username'];
//define a maxim size for the uploaded images in Kb
define ("MAX_SIZE","100");
//This function reads the extension of the file. It is used to determine if the
// file is an image by checking the extension.
function getExtension($str) {
$i = strrpos($str,".");
if (!$i) { return ""; }
$l = strlen($str) - $i;
$ext = substr($str,$i+1,$l);
return $ext;
}
//This variable is used as a flag. The value is initialized with 0 (meaning no
// error found)
//and it will be changed to 1 if an errro occures.
//If the error occures the file will not be uploaded.
$errors=0;
//checks if the form has been submitted
if(isset($_POST['Submit']))
{
//reads the name of the file the user submitted for uploading
$image=$_FILES['image']['name'];
//if it is not empty
if ($image)
{
//get the original name of the file from the clients machine
$filename = stripslashes($_FILES['image']['name']);
//get the extension of the file in a lower case format
$extension = getExtension($filename);
$extension = strtolower($extension);
//if it is not a known extension, we will suppose it is an error and
// will not upload the file,
//otherwise we will do more tests
if (($extension != "jpg") && ($extension != "jpeg") && ($extension !=
"png") && ($extension != "gif"))
{
//print error message
echo '<h1>Unknown extension!</h1>';
$errors=1;
}
else
{
//get the size of the image in bytes
//$_FILES['image']['tmp_name'] is the temporary filename of the file
//in which the uploaded file was stored on the server
$size=filesize($_FILES['image']['tmp_name']);
//compare the size with the maxim size we defined and print error if bigger
if ($size > MAX_SIZE*1024)
{
echo '<h1>You have exceeded the size limit!</h1>';
$errors=1;
}
//we will give an unique name, for example the time in unix time format
$image_name=time().'.'.$extension;
//the new name will be containing the full path where will be stored (images
//folder)
$newname="images/".$image_name;
//we verify if the image has been uploaded, and print error instead
$copied = copy($_FILES['image']['tmp_name'], $newname);
if (!$copied)
{
echo '<h1>Copy unsuccessfull!</h1>';
$errors=1;
}}}}
//If no errors registred, print the success message
if(isset($_POST['Submit']) && !$errors)
{
echo "<h1>File Uploaded Successfully! Try again!</h1>";
}
mysql_connect("localhost", "root", "") or die(mysql_error());
echo "Connected to MySQL<br />";
mysql_select_db("musibridge") or die(mysql_error());
echo "Connected to Database";
$result = mysql_query("UPDATE artist92 SET path= $newname WHERE email = $loginUsername")
or die(mysql_error());
?>
生成的错误是
注意:未定义的变量:\第3行C:\xampp\htdocs\MB\chkupload.php中的会话
文件上传成功!再试一次!
连接到MySQL
连接到数据库您的SQL语法有错误;查看与MySQL服务器版本对应的手册,以了解第1行“jpg WHERE email=”附近使用的正确语法
请帮我修一下。它正在上载但不更新表artist92的列路径
这是我的登录页面。添加它只是为了您对会话变量的引用
artlog.php
<?php require_once('Connections/mb.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
$colname_Recordsetartist = "-1";
if (isset($_SESSION['MM_Username'])) {
$colname_Recordsetartist = $_SESSION['MM_Username'];
}
mysql_select_db($database_mb, $mb);
$query_Recordsetartist = sprintf("SELECT * FROM artist92 WHERE email = %s", GetSQLValueString($colname_Recordsetartist, "text"));
$Recordsetartist = mysql_query($query_Recordsetartist, $mb) or die(mysql_error());
$row_Recordsetartist = mysql_fetch_assoc($Recordsetartist);
$totalRows_Recordsetartist = mysql_num_rows($Recordsetartist);
$query_Recordsetartist = "SELECT * FROM artist92";
$Recordsetartist = mysql_query($query_Recordsetartist, $mb) or die(mysql_error());
$row_Recordsetartist = mysql_fetch_assoc($Recordsetartist);
$totalRows_Recordsetartist = mysql_num_rows($Recordsetartist);
$colname_Recordsetartist = "-1";
if (isset($_SESSION['MM_email'])) {
$colname_Recordsetartist = $_SESSION['MM_email'];
}
mysql_select_db($database_mb, $mb);
$query_Recordsetartist = sprintf("SELECT * FROM artist92 WHERE email = %s", GetSQLValueString($colname_Recordsetartist, "text"));
$Recordsetartist = mysql_query($query_Recordsetartist, $mb) or die(mysql_error());
$row_Recordsetartist = mysql_fetch_assoc($Recordsetartist);
$colname_Recordsetartist = "-1";
if (isset($_SESSION['MM_email'])) {
$colname_Recordsetartist = $_SESSION['MM_email'];
}
mysql_select_db($database_mb, $mb);
$query_Recordsetartist = sprintf("SELECT * FROM artist92 WHERE email = %s", GetSQLValueString($colname_Recordsetartist, "text"));
$Recordsetartist = mysql_query($query_Recordsetartist, $mb) or die(mysql_error());
$row_Recordsetartist = mysql_fetch_assoc($Recordsetartist);
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['email'])) {
$loginUsername=$_POST['email'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "artistprofile.php";
$MM_redirectLoginFailed = "artlog.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_mb, $mb);
$LoginRS__query=sprintf("SELECT email, password FROM artist92 WHERE email=%s AND password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $mb) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
首先,正如奥马尔已经说过的: 在使用$会话变量之前,必须调用会话\u start 然后花一分钟时间思考SQL查询实际会生成什么:
$newname = "C:\\My Documents\\image.jpg";
$loginUsername = "someone";
echo "UPDATE artist92 SET path= $newname WHERE email = $loginUsername";
产出将是:
UPDATE artist92 SET path= C:\\My Documents\\image.jpg WHERE email = someone
MySQL应该如何解释该语句不可能。
您至少需要在字符串周围添加引号
UPDATE artist92 SET path= "C:\\My Documents\\image.jpg" WHERE email = "someone"
然而,这仍然是一个重大的安全问题。
请阅读上的PHP文章以获取解释。不,真的-读吧
此外,您不验证文件是否已实际上载。您应该签出is_uploaded_file和move_uploaded_file函数。在更新语句中,您需要$newname左右的单引号。这将修复SQL语法中的错误。
另外,未定义的变量:_SESSION可以通过调用SESSION_start来解析在尝试访问会话之前,可能需要调用SESSION_start。我只是想知道,artist92是表的名称吗?感谢您的帮助,但我仍然收到错误通知:未定义索引:第5行C:\xampp\htdocs\MB\chkupload.php中的MM_用户名,但sql错误消失了。我还检查了我的artist92表,在表中我发现路径没有更新,尽管它不再显示sql语法中的任何错误。是的,会话开始工作了。谢谢。。而且thr不再是语法错误。。我这样做了'$result=mysql\u queryUPDATE artist92 SET path='$newname',其中email='$loginUsername'或diemsql\u error;'但它不会更新表artist92中的路径。它还会在第5行的C:\xampp\htdocs\MB\chkupload.php中显示错误未定义的索引:MM\u Username。MM\u Username是一个会话变量。$\u会话是一个超全局的且始终存在,即使会话尚未启动。它将只是一个空数组。