多个上传图片PHP&;Mysql
下面的代码逐个上传图像。我想上传多张图片多个上传图片PHP&;Mysql,php,mysql,Php,Mysql,下面的代码逐个上传图像。我想上传多张图片 <?php //config require("./configuration.php"); $id = $_GET['id']; $q = mysql_query("SELECT * FROM books WHERE id='$id'") or die(mysql_error()); $row = mysql_fetch_array($q);
<?php
//config
require("./configuration.php");
$id = $_GET['id'];
$q = mysql_query("SELECT * FROM books WHERE id='$id'") or die(mysql_error());
$row = mysql_fetch_array($q);
$name = $row['name'];
echo '<div class="center-top"> NAME: <strong style="font-size:22px;">'.$name.'</strong> </div>';
//begin upload
if(isset($_POST['submit']))
{
$title = htmlspecialchars($_POST['title']);
$path = "./upload/images/";
$name_pic = $_FILES['file']['name'];
$ext = strtolower(substr(strrchr($name_pic, "."), 1));
$allow = array("jpg", "jpeg", "JPG", "JPEG", "png", "gif");
$uptype = ($_FILES['file']['tmp_name']);
if (in_array($ext, $allow))
{
$rand = rand(0,10000);
$md5 = md5($rand);
$new_file_name = "{$md5}.{$ext}";
$move_file = move_uploaded_file($_FILES['file']['tmp_name'], $path.$new_file_name);
if($move_file) {
mysql_query("INSERT INTO images (id, link, title, bid)
VALUES (NULL, '$new_file_name', '$title', '$id')") or die (mysql_error());
echo "<div class='yes'>succesfully added!</div>";
}}}
//form
echo '
<form method="post" action="images.php?id='.$id.'" enctype="multipart/form-data">
<br />title: <br /><input type="text" name="title" value="'.$name.'"/><br />
<br /><br/><input name="file" type="file" />
<br /><input type="submit" name="submit" value="UPLOAD" /><br /><br />
</form>
';
?>
首先,您需要将
声明为
然后,查找所选图像的总数。将其放入for loop
并开始存储在upload->images文件夹中,然后将图像路径保存在images
列中
<?php
//config
require("./configuration.php");
$id = $_GET['id'];
$q = mysql_query("SELECT * FROM books WHERE id='$id'") or die(mysql_error());
$row = mysql_fetch_array($q);
$name = $row['name'];
echo '<div class="center-top"> NAME: <strong style="font-size:22px;">'.$name.'</strong> </div>';
if(isset($_POST['submit']))
{
$title = htmlspecialchars($_POST['title']);
$path = "./upload/images/";
$TotalImage = count($_FILES['file']['name']);
for($i=0;$i>$TotalImage;$i++)
{
$image_name = $_FILES['file']['name'][$i];
$new_file_name = $path.$image_name;
if(move_uploaded_file($_FILES['file']['tmp_name'][$i],$path.$image_name))
{
mysql_query("INSERT INTO images (id, link, title, bid) VALUES (NULL, '$new_file_name', '$title', '$id')") or die (mysql_error());
echo "<div class='yes'>succesfully added!</div>";
}
}
}
//form
echo '
<form method="post" action="images.php?id='.$id.'" enctype="multipart/form-data">
<br />title: <br /><input type="text" name="title" value="'.$name.'"/><br />
<br /><br/><input name="file[]" type="file" multiple/>
<br /><input type="submit" name="submit" value="UPLOAD" /><br /><br />
</form>
';
?>
您可能的副本易受攻击。享受你的服务器pwn3d。@MarcB:你为什么要对它如此无礼?给一些积极的反馈,而不是这个…我自己上传图片我是管理员,没有其他人可以访问@MarcB你能告诉我如何跳过sql注入攻击吗?为什么从来没有人关注这个链接?它解释了这个问题,并为各种语言提供了解决方案……实际上不起作用!没有错误,但没有插入数据库。您使用的代码与我编写的代码相同。因为,在我的桌面上,它正在工作。在你或我的代码中有很多不同之处。所以,好好检查一下。它应该会起作用@亚曼。不仅输入文件
发生了变化,而且执行页面也发生了变化。检查一下。
<?php
//config
require("./configuration.php");
$id = $_GET['id'];
$q = mysql_query("SELECT * FROM books WHERE id='$id'") or die(mysql_error());
$row = mysql_fetch_array($q);
$name = $row['name'];
echo '<div class="center-top"> NAME: <strong style="font-size:22px;">'.$name.'</strong> </div>';
if(isset($_POST['submit']))
{
$title = htmlspecialchars($_POST['title']);
$path = "./upload/images/";
$TotalImage = count($_FILES['file']['name']);
for($i=0;$i>$TotalImage;$i++)
{
$image_name = $_FILES['file']['name'][$i];
$new_file_name = $path.$image_name;
if(move_uploaded_file($_FILES['file']['tmp_name'][$i],$path.$image_name))
{
mysql_query("INSERT INTO images (id, link, title, bid) VALUES (NULL, '$new_file_name', '$title', '$id')") or die (mysql_error());
echo "<div class='yes'>succesfully added!</div>";
}
}
}
//form
echo '
<form method="post" action="images.php?id='.$id.'" enctype="multipart/form-data">
<br />title: <br /><input type="text" name="title" value="'.$name.'"/><br />
<br /><br/><input name="file[]" type="file" multiple/>
<br /><input type="submit" name="submit" value="UPLOAD" /><br /><br />
</form>
';
?>