Fatal编程技术网
  • php/
  • 多个文件字段更新-php表单

多个文件字段更新-php表单

php mysql file-upload

多个文件字段更新-php表单,php,mysql,file-upload,sql-update,crud,Php,Mysql,File Upload,Sql Update,Crud,我无法使我的两个文件上载字段与我的更新表单一起工作。我可以使用create_表单将文件上传到我的服务器,并将信息输入到SQL数据库中,但如果没有收到错误,我无法进行编辑。在SQL中,文件不会上载,信息也不会更新。请帮忙 <?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/session.php");?> <?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/db

我无法使我的两个文件上载字段与我的更新表单一起工作。我可以使用create_表单将文件上传到我的服务器,并将信息输入到SQL数据库中,但如果没有收到错误,我无法进行编辑。在SQL中,文件不会上载,信息也不会更新。请帮忙

<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/session.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/db_connection.php");?>
<?php
session_start();
if($_SESSION["login_user"] != true) {
    echo("Access denied!");
    exit();
}
?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/functions.php");?>
<?php require_once($_SERVER['DOCUMENT_ROOT']."/includes/validation_functions.php");?>
<?php find_selected_event_page(); ?>
<?php
  if (!$current_event) {
    // page ID was missing or invalid or 
    // page couldn't be found in database
    redirect_to("manage_content.php");
  }
?>
<?php 

if (isset($_POST['submit'])) {
    // Process the form

    // validations
    $required_fields = array("visible");
    validate_presences($required_fields);   


    if (empty($errors)) {

    // Perform Update
        $id = $current_event["id"];
        $visible = mysql_prep($_POST["visible"]);
        $homepage = mysql_prep($_POST["homepage"]);
        $fa_id = mysql_prep($_POST["fa_id"]);
        $title = mysql_prep($_POST["title"]);
        $caption = mysql_prep($_POST["caption"]);
        $url = mysql_prep($_POST["url"]);
        $month = mysql_prep($_POST["month"]);
        $date = mysql_prep($_POST["date"]);
        $year = mysql_prep($_POST["year"]);
        $summary = mysql_prep($_POST["summary"]);
        $full_text = mysql_prep($_POST["full_text"]);
         $image = rand(1000,100000)."-".$_FILES['image']['name'];
            $image_loc = $_FILES['image']['tmp_name'];
            $image_size = $_FILES['image']['size'];
            $image_type = $_FILES['image']['type'];
            $image_folder="images/";
            $file = rand(1000,100000)."-".$_FILES['file']['name'];
            $file_loc = $_FILES['file']['tmp_name'];
            $file_size = $_FILES['file']['size'];
            $file_type = $_FILES['file']['type'];
            $file_folder="files/";

$final_image=str_replace(' ','-',$new_image_name);
$final_file=str_replace(' ','-',$new_file_name);

   if($_FILES)  {        

unlink("images/".$current_event['image']);
move_uploaded_file($image_loc,$image_folder.$final_image); 

unlink("files/".$current_event['file']);
move_uploaded_file($file_loc,$file_folder.$final_file); }

        else
  {
   // if no image selected the old image remain as it is.
   $final_image = $current_event['image']; // old image from database
   $fine_file = $current_event['file']; // old image from database

  } 


        $query  = "UPDATE `events` SET ";
        $query .= "`visible` = '{$visible}', ";
        $query .= "`homepage` = '{$homepage}', ";
        $query .= "`fa_id` = '{$fa_id}', ";
        $query .= "`title` = '{$title}', ";
        $query .= "`caption` = '{$caption}', ";
        $query .= "`url` = '{$url}', ";
        $query .= "`month` = '{$month}', ";
        $query .= "`date` = '{$date}', ";
        $query .= "`year` = '{$year}', ";
        $query .= "`summary` = '{$summary}', ";
        $query .= "`full_text` = '{$full_text}', ";
        $query .= "`image` = '{$final_image}', ";
        $query .= "`image_type` = '{$image_type}', ";
        $query .= "`image_size` = '{$image_new_size}' ";
        $query .= "`file` = '{$final_file}', ";
        $query .= "`file_type` = '{$file_type}', ";
        $query .= "`file_size` = '{$file_new_size}' ";
        $query .= "WHERE `events`.`id` = {$id} ";
        $query .= "LIMIT 1";
        $result = mysqli_query($connection, $query);

        if ($result && mysqli_affected_rows($connection)) {

            // Success
            echo "<pre>".$query."</pre>";

            $_SESSION["message"] = "Item updated.";
            redirect_to("manage_content.php");
        } else {
            // Failure
            //$_SESSION["message"] = "Item creation failed.";
        //redirect_to("new_news.php");
        echo "Error: " . $query . "<br>" . $result->error;

        }

    }
} else {        
    // This is probably a GET request

} // end: if (isset($_POST['submit']))

?>
您知道您正在打开sql注入吗?这可能是偶然发生的。无论如何,请显示错误和用于编辑的html表单。请将其编辑到您的问题中,这只是查询。很明显,它有点问题,但我看不出来。您将mysqli的过程风格与OO风格混合在一起。使用
mysqli\u error()
代替
$result->error
。错误现在打印出来了什么?警告:mysqli_error()只需要一个参数,即第107行my-file.php中给出的0(第107行是错误的回音…),它是您最好的朋友,比internet上随机出现的人更值得信任。您需要传递mysqli_连接变量。查看该功能的敌人。现在。错误是什么? 
Error: UPDATE events SET visible = 'Y', homepage = 'Y', fa_id = '460463', title = 'Event', caption = 'Event Caption', url = '', month = '1', date = '', year = '2017', summary = 'Support event.', full_text = 'Join event', image = '', image_type = '', image_size = '' file = '', file_type = '', file_size = '' WHERE events.id = 1 LIMIT 1