Php $\u文件名未正确上载到数据库
所以我有一个简单的图片上传网站,我正在为一个小项目创建。除了数据库中的“文件路径”列之外,所有这些都工作得非常好 出于某种原因,它有时会包含我告诉它的变量,有时则不会Php $\u文件名未正确上载到数据库,php,database,file,filepath,Php,Database,File,Filepath,所以我有一个简单的图片上传网站,我正在为一个小项目创建。除了数据库中的“文件路径”列之外,所有这些都工作得非常好 出于某种原因,它有时会包含我告诉它的变量,有时则不会 $user = $_SESSION['user']; //file properties $fileName = $_FILES["uploadedImage"]["name"]; $fileType = $_FILES["uploadedImage"]["type"]; $fileSize = $_FILES["uploade
$user = $_SESSION['user'];
//file properties
$fileName = $_FILES["uploadedImage"]["name"];
$fileType = $_FILES["uploadedImage"]["type"];
$fileSize = $_FILES["uploadedImage"]["size"];
$fileTempName = $_FILES["uploadedImage"]["tmp_name"];
$error = $_FILES["uploadedImage"]["error"];
$random = substr(md5(microtime()),rand(0,26),16); //create random characters to avoid name duplication.
$path = "uploads/" . $_SESSION['userName'] . $random . $fileName;
路径始终包含“uploads/”,但有时仅包含会话用户名(随机),很少包含文件名,即使在相同的文件上也是如此。在提交表单之前,我会回显这些变量,它们在提交表单并上传到数据库之前都是正确的。当我提交表单时,所有其他列都已正确填写
if ( isset( $_POST['formSubmit'] )) {
//prevent SQL injections and invalid inputs
$title = trim($_POST['title']);
$title = strip_tags($title);
$title = htmlspecialchars($title);
$title = mysqli_real_escape_string($db, $title);
$description = trim($_POST['description']);
$description = strip_tags($description);
$description = htmlspecialchars($description);
$description = mysqli_real_escape_string($db, $description);
if (empty($title) || strlen($title) < 1) {
$titleError = "Title required.";
$formError = true;
}
if ($formError) {
$errorMessage = "Please fill out the upload form properly.";
} else {
$query = mysqli_query($db, "INSERT INTO IMAGE(imageID,userID,title,description,path)
VALUES('','$user','$title','$description','$path')");
if(isset($\u POST['formSubmit'])){
//防止SQL注入和无效输入
$title=修剪($_POST['title']);
$title=带标签($title);
$title=htmlspecialchars($title);
$title=mysqli\u real\u escape\u字符串($db,$title);
$description=修剪($_POST['description']);
$description=带标签($description);
$description=htmlspecialchars($description);
$description=mysqli\u real\u escape\u字符串($db$description);
if(空($title)| | strlen($title)<1){
$titleError=“需要标题。”;
$formError=true;
}
如果($formError){
$errorMessage=“请正确填写上传表单。”;
}否则{
$query=mysqli\u query($db,“插入到图像中(imageID、userID、title、description、path)
值(“'$user'、'$title'、'$description'、'$path');
以下是表格本身:
<form method="POST" action="<?php $_SERVER['PHP_SELF'] ?>">
<div class="row">
<div class="col-sm-12">
<span class="errorText"><?php echo $errorMessage; ?></span>
<br><br>
</div>
</div>
<div class="row">
<div class='col-sm-1'><!--spacer--></div>
<div class="col-sm-2">
<label for="title">Title:</label>
</div>
<div class="col-sm-6">
<input type="text" id="title" name="title" placeholder="Enter your image title here..." >
</div>
<div class="col-sm-2"><span class="errorText"><?php echo $titleError; ?></span></div>
<div class='col-sm-1'><!--spacer--></div>
</div>
<br>
<div class="row">
<div class='col-sm-1'><!--spacer--></div>
<div class="col-sm-2">
<label for="description">Description:</label>
</div>
<div class="col-sm-6">
<input type="text" id="description" name="description" placeholder="Describe your image here...">
</div>
<div class="col-sm-2"><span class="errorText"><?php echo $descriptionError; ?></span></div>
<div class='col-sm-1'><!--spacer--></div>
</div>
<br>
<br>
<input type="submit" value="Submit" name = "formSubmit" id="formSubmit" class="btn">
<br>
<br>
</form>
说明:
表单缺少enctype=“多部分/表单数据”属性
<form method="POST" enctype="multipart/form-data">
此外,即使这与问题无关,我强烈建议您使用。它可以帮助您避免使用,而无需手动转义参数。您的SQL注入预防措施非常糟糕。请阅读。表单缺少enctype=“multipart/form data”属性。你的PHP错误日志上写了什么?做一些
var_转储
:向我们展示你调试时看到的输出。@Jarzon的答案将是你问题的解决方案。