Fatal编程技术网
  • php/
  • Php 配置文件图片未更新

Php 配置文件图片未更新

php mysql

Php 配置文件图片未更新,php,mysql,Php,Mysql,我需要帮助使这个脚本工作,但都没有用,它没有在sql中更新,但它上传到上传目录,名称为0.jpg,而不是像7.jpg一样附加到beging的职员id,请我需要更正或重新编写脚本 <?php $allowed_filetypes = array('.jpg','.pdf','.xlsx','.xls','.doc','.docx','.ppt','.pptx','.jpeg','.png','.gif','.pdf'); $max_filesize = 52428800; //

我需要帮助使这个脚本工作,但都没有用,它没有在sql中更新,但它上传到上传目录,名称为
0.jpg
,而不是像
7.jpg
一样附加到beging的职员id,请我需要更正或重新编写脚本

<?php 
   $allowed_filetypes = array('.jpg','.pdf','.xlsx','.xls','.doc','.docx','.ppt','.pptx','.jpeg','.png','.gif','.pdf');
   $max_filesize = 52428800; // max file size = 50MB
   $target = "images/"; 
   $pic=($_FILES['photo']['name']);
$pic = mysql_real_escape_string(htmlspecialchars($_FILES['photo']['name']));



   //this gets all the other information from the form

 $pic=($_FILES['photo']['name']);

    $file = $_FILES['photo']['name']; // Get the name of the file (including file extension).
    $ext = substr($file, strpos($file,'.'), strlen($file)-1);
    if(!in_array($ext,$allowed_filetypes))//check if file type is allowed
        die('The file extension you attempted to upload is not allowed.'); //not allowed
    if(filesize($_FILES['photo']['tmp_name']) > $max_filesize) //check that filesize is less than 50MB
        die ('The file you attempted to upload is too large, compress it below 50MB.');


   // Connects to your Database
     mysql_connect("localhost", "root", "") or die(mysql_error()) ;
     mysql_select_db("office") or die(mysql_error()) ;

    //writes the information to the 



  $target = "images/" .mysql_insert_id() . $ext; 

  $staff_id = mysql_insert_id();
  $new_file_name = mysql_insert_id() . $ext;


  //I removed ,photo='$target' to display only id as picture name
  mysql_query("UPDATE development SET photo='$new_file_name' WHERE staff_id=$staff_id");


//writes the file to the server
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
{

 //tells you if its all ok
  echo "The file ". basename( $_FILES['photo']['name']). " has been uploaded, and your information has been added to the directory";
}
else {

//gives and error if its not
 echo "Sorry, there was a problem uploading your file.";
}
?>

对于初学者,您甚至在运行查询之前尝试访问id:


 $target = "images/" .mysql_insert_id() . $ext;

 $staff_id = mysql_insert_id();
 $new_file_name = mysql_insert_id() . $ext;



那不行。您需要首先运行查询
尽管这是一个需要修复的错误,但这个问题似乎要求其他人只需根据您的需求编写代码。根据“询问代码的问题必须证明对正在解决的问题的最低理解”。@DanielMorgan-is-right“尝试使用mysqli-或pdo-‎ 由于mysql_*函数已被弃用,“通过使用外部变量构建SQL语句,您将面临SQL注入攻击。此外,任何带有单引号的输入数据,如“O'Malley”的名称,都会破坏您的SQL查询。请了解如何使用参数化查询(最好是PDO模块)来保护您的web应用程序。有一些例子可以帮助您入门,并且有很多详细的例子。我认为,向尚未掌握变量赋值诀窍的人推荐一个更好的SQL库(看看
$pic
..)可能有点高…我一眼就可以看出脚本中有六个基本的编码错误,但确实,这是其中之一,因此,我们有一个+1:)