Fatal编程技术网
  • php/
  • PHP/MySQL:根据id重命名$u文件[';image';][';name';]

PHP/MySQL:根据id重命名$u文件[';image';][';name';]

php mysql

PHP/MySQL:根据id重命名$u文件[';image';][';name';],php,mysql,Php,Mysql,有人能帮我解决问题吗?目前,我创建了一个系统,可以上传照片和功能成功。但是保存到数据库和服务器文件夹中的照片的名称是照片的实际名称 现在,我想根据id重命名照片。下面是我的代码: <?php require_once '../../../../config/configPDO.php'; $report_id = $_POST['report_id']; $image = $_FILES['uploadFile']['name']; // image

有人能帮我解决问题吗?目前,我创建了一个系统,可以上传照片和功能成功。但是保存到数据库和服务器文件夹中的照片的名称是照片的实际名称

现在,我想根据id重命名照片。下面是我的代码:

<?php

    require_once '../../../../config/configPDO.php';

    $report_id = $_POST['report_id'];

    $image = $_FILES['uploadFile']['name'];

    // image file directory
    $target = "../../../../images/upload/".basename($image);
    $ServerURL = "http://172.20.0.45/tgotworker_testing/images/upload/$image";

      // Prepare an insert statement
        $query = "UPDATE ot_report SET photo_before = '$ServerURL', time_photo_before = GETDATE() WHERE report_id = :report_id";
        $sql = $conn->prepare($query);
        $sql->bindParam(':report_id', $report_id);
        $sql->execute();


          // Attempt to execute the prepared statement
          if($sql&&move_uploaded_file($_FILES['uploadFile']['tmp_name'], $target)){
              // Records created successfully. Redirect to landing page
            echo "<script>alert('Saved')</script>";
            header("Location: view_task.php?report_id=".$_POST['report_id']);

              exit();
          } else{
              echo "Something went wrong. Please try again later.";
          }

?>

试试这段代码

require_once '../../../../config/configPDO.php';

$report_id = $_POST['report_id'];
$image = $_FILES['uploadFile']['name'];

//set new name for upload image
$temp = explode(".", $_FILES["file"]["name"]);
$newfilename = $report_id. '.' . end($temp);

$target = "../../../../images/upload/".$newfilename;
$ServerURL = "http://172.20.0.45/tgotworker_testing/images/upload/$newfilename";

// Prepare an insert statement
$query = "UPDATE ot_report SET photo_before = '$ServerURL', time_photo_before = GETDATE() WHERE report_id = :report_id";
$sql = $conn->prepare($query);
$sql->bindParam(':report_id', $report_id);
$sql->execute();


// Attempt to execute the prepared statement
if($sql&&move_uploaded_file($_FILES['uploadFile']['tmp_name'], $target)){
     // Records created successfully. Redirect to landing page
     echo "<script>alert('Saved')</script>";
     header("Location: view_task.php?report_id=".$_POST['report_id']);
      exit();
} else{
          echo "Something went wrong. Please try again later.";
}

?>



require_once'../../../../config/configPDO.php';
$report\u id=$\u POST['report\u id'];
$image=$\u文件['uploadFile']['name'];
//设置上载图像的新名称
$temp=explode(“.”,$_文件[“文件”][“名称”]);
$newfilename=$report\u id'.'。完(临时);;
$target=“../../../../images/upload/”$newfilename;
$ServerURL=”http://172.20.0.45/tgotworker_testing/images/upload/$newfilename“;
//准备插入语句
$query=“UPDATE ot_report SET photo_before='$ServerURL',time_photo_before=GETDATE(),其中report_id=:report_id”;
$sql=$conn->prepare($query);
$sql->bindParam(':report\u id',$report\u id);
$sql->execute();
//尝试执行准备好的语句
如果($sql&&move_UPLOADU_文件($_文件['uploadFile']['tmp_名称']],$target)){
//已成功创建记录。重定向到登录页
回显“警报(‘已保存’)”;
标题(“位置:view_task.php?report_id=“.$\u POST['report_id']);
退出();
}否则{
echo“出现问题。请稍后再试。”;
}
?>

试试这段代码

require_once '../../../../config/configPDO.php';

$report_id = $_POST['report_id'];
$image = $_FILES['uploadFile']['name'];

//set new name for upload image
$temp = explode(".", $_FILES["file"]["name"]);
$newfilename = $report_id. '.' . end($temp);

$target = "../../../../images/upload/".$newfilename;
$ServerURL = "http://172.20.0.45/tgotworker_testing/images/upload/$newfilename";

// Prepare an insert statement
$query = "UPDATE ot_report SET photo_before = '$ServerURL', time_photo_before = GETDATE() WHERE report_id = :report_id";
$sql = $conn->prepare($query);
$sql->bindParam(':report_id', $report_id);
$sql->execute();


// Attempt to execute the prepared statement
if($sql&&move_uploaded_file($_FILES['uploadFile']['tmp_name'], $target)){
     // Records created successfully. Redirect to landing page
     echo "<script>alert('Saved')</script>";
     header("Location: view_task.php?report_id=".$_POST['report_id']);
      exit();
} else{
          echo "Something went wrong. Please try again later.";
}

?>



require_once'../../../../config/configPDO.php';
$report\u id=$\u POST['report\u id'];
$image=$\u文件['uploadFile']['name'];
//设置上载图像的新名称
$temp=explode(“.”,$_文件[“文件”][“名称”]);
$newfilename=$report\u id'.'。完(临时);;
$target=“../../../../images/upload/”$newfilename;
$ServerURL=”http://172.20.0.45/tgotworker_testing/images/upload/$newfilename“;
//准备插入语句
$query=“UPDATE ot_report SET photo_before='$ServerURL',time_photo_before=GETDATE(),其中report_id=:report_id”;
$sql=$conn->prepare($query);
$sql->bindParam(':report\u id',$report\u id);
$sql->execute();
//尝试执行准备好的语句
如果($sql&&move_UPLOADU_文件($_文件['uploadFile']['tmp_名称']],$target)){
//已成功创建记录。重定向到登录页
回显“警报(‘已保存’)”;
标题(“位置:view_task.php?report_id=“.$\u POST['report_id']);
退出();
}否则{
echo“出现问题。请稍后再试。”;
}
?>

更改一行代码


$target=“../../../../../images/upload/”$report_id.”。pathinfo($image,pathinfo_扩展名)
更改一行代码


$target=“../../../../../images/upload/”$report_id.”。pathinfo($image,pathinfo_扩展名)
那么问题出在哪里?如何重命名photoWell,然后用所需的值填充
$target
$ServerURL
,然后…?作为旁注:您使用了准备好的语句,但在查询中使用了内联的
$ServerURL
。有必要吗?这为SQL注入打开了一个可能性。那么问题是什么呢?如何重命名photoWell,然后用所需的值填充
$target
$ServerURL
?作为旁注:您使用了准备好的语句,但在查询中使用了
$ServerURL
内联。有必要吗?这为SQL注入打开了一个可能性请通过编辑对您的答案进行一些解释,这样其他人可以从中学习请在你的答案中添加一些解释-为什么你要更正任何拼写?我刚刚更正了描述句子时的拼写错误,更改了代码的一行,以及如何更改文本中的拼写错误(甚至不是代码本身!)解决给定的问题?请通过编辑为您的答案添加一些解释,以便其他人可以从中学习。请为您的答案添加一些解释-为什么您更正了任何拼写?我刚刚更正了描述句子时的拼写错误更改了代码的一行,如何更改文本中的拼写错误(哪怕不是代码本身!)解决给定的问题?