所以我已经为此工作了一段时间,但我不知道如何将其插入到数据库中。图像上传并存储在服务器 imgs 目录中,但在数据库中找不到任何痕迹。根本没有错误。我很清楚 SQL 注入的弱点,但这是针对一个原型的私人项目,所以我现在只针对功能。为什么这不起作用?我觉得它可能会跳过 sql 查询,但我不明白为什么。
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
$conn = new PDO ("mysql:host=localhost;dbname=project", "root", "0612733771Aa");
try {
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}
if(!isset($_FILES['upload']) || $_FILES['upload']['error'] == UPLOAD_ERR_NO_FILE) {
echo "Error no file selected";
}
else {
$filename = $_FILES['upload']['name']; //yes
$filetype = $_FILES['upload']["type"]; //yes
$title = $_POST['title'];
$description = $_POST['description'];
$category = $_POST['category'];
$dir = "imgs/";
$filetarget = $dir . basename($_FILES['upload']['name']);
$allowed = array("jpg" => "image/jpg", "jpeg" => "image/jpeg", "gif" => "image/gif", "png" => "image/png");
$ext = pathinfo($filetarget, PATHINFO_EXTENSION);
if(!array_key_exists($ext, $allowed)) {
echo "Please select a valid file.";
exit;
}
$conn->query = ("INSERT INTO images (title, image, description, category) VALUES ('$title', '$filename', '$description', '$category')");
if (move_uploaded_file($_FILES['upload']['tmp_name'], $filetarget)) {
echo "The file ". basename( $_FILES['upload']['name']). " has been uploaded.";
}
else {
print "File was not uploaded.";
exit;
}
}
?>
提前致谢
由于@Fred-ii 的帮助,我找到了解决方案-问题是我没有使用准备好的语句,更新的代码。我不得不将我的整个代码切换到一个准备好的语句,并使用 PDO::PARAM_LOB 以便将一个大 blob 提交到数据库中。
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
$fp = fopen($_FILES['upload']['tmp_name'], 'rb');
$filetype = $_FILES['upload']["type"]; //yes
$title = $_POST['title'];
$description = $_POST['description'];
$category = $_POST['category'];
$dir = "imgs/";
$filetarget = $dir . basename($_FILES['upload']['name']);
$allowed = array("jpg" => "image/jpg", "jpeg" => "image/jpeg", "gif" => "image/gif", "png" => "image/png");
$ext = pathinfo($filetarget, PATHINFO_EXTENSION);
$conn = new PDO ("mysql:host=localhost;dbname=project", "root", "0612733771Aa");
$stmt = $conn->prepare("INSERT INTO images (title, image, description, category) VALUES ('$title', '$fp', '$description', '$category')");
try {
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}
if(!isset($_FILES['upload']) || $_FILES['upload']['error'] == UPLOAD_ERR_NO_FILE) {
echo "Error no file selected";
}
else {
if(!array_key_exists($ext, $allowed)) {
echo "Please select a valid file.";
exit;
}
$stmt->bindParam(1, $title);
$stmt->bindParam(2, $fp, PDO::PARAM_LOB);
$stmt->bindParam(3, $description);
$stmt->bindParam(4, $category);
$conn->beginTransaction();
$stmt->execute();
$conn->commit();
if (move_uploaded_file($_FILES['upload']['tmp_name'], $filetarget)) {
echo "The file ". basename( $_FILES['upload']['name']). " has been uploaded.";
}
else {
print "File was not uploaded.";
exit;
}
}
?>
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句