2010-04-15 103 views
0

當我提交一個新的名稱而不是新的頭像時,我收到以下頭像錯誤消息Please upload a .gif, .jpeg, .jpg or .png image!。我希望能夠發送一個新名字,而無需每次提交表單時都不需要上傳新的頭像而不會收到頭像錯誤消息Please upload a .gif, .jpeg, .jpg or .png image!有人可以幫我解決這個問題嗎?PHP和MySQL提交錯誤消息問題

這裏是php代碼。

if (isset($_POST['submitted'])) { 

    $mysqli = mysqli_connect("localhost", "root", "", "sitename"); 
    $dbc = mysqli_query($mysqli,"SELECT users.* 
           FROM users 
           WHERE user_id=3"); 

    $first_name = mysqli_real_escape_string($mysqli, htmlentities(strip_tags($_POST['first_name']))); 

$user_id = '3'; 

if(isset($_FILES["avatar"]["name"]) && $_FILES['avatar']['size'] <= 5242880) { 

    if($_FILES["avatar"]["type"] == "image/gif" || $_FILES["avatar"]["type"] == "image/jpeg" || $_FILES["avatar"]["type"] == "image/jpg" || $_FILES["avatar"]["type"] == "image/png" || $_FILES["avatar"]["type"] == "image/pjpeg") { 

     if (file_exists("../members/" . $user_id . "/images/" . $_FILES["avatar"]["name"])) { 
      echo '<p class="error">' . mysqli_real_escape_string($mysqli, htmlentities(strip_tags(basename($_FILES["avatar"]["name"])))) . ' already exists! '; 
     } else if($_FILES["avatar"]["name"] == TRUE) { 
      move_uploaded_file($_FILES["avatar"]["tmp_name"], 
      "../members/" . $user_id . "/images/" . mysqli_real_escape_string($mysqli, htmlentities(strip_tags(basename($_FILES["avatar"]["name"]))))); 
      $avatar = mysqli_real_escape_string($mysqli, htmlentities(strip_tags(basename($_FILES["avatar"]["name"])))); 
     } 

    } else if($_FILES["avatar"]["type"] != "image/gif" || $_FILES["avatar"]["type"] != "image/jpeg" || $_FILES["avatar"]["type"] != "image/jpg" || $_FILES["avatar"]["type"] != "image/png" || $_FILES["avatar"]["type"] != "image/pjpeg") { 
     echo '<p class="error">Please upload a .gif, .jpeg, .jpg or .png image!</p>'; 
    } 

} else if($_FILES['avatar']['size'] >= 5242880) { 
    echo '<p class="error">Please upload a smaller pic!</p>'; 
} else if($_FILES["avatar"]["name"] == NULL) { 
    $avatar = NULL; 
} 


if(isset($_FILES["avatar"]["name"]) && $_FILES['avatar']['size'] <= 5242880) { 

     if (mysqli_num_rows($dbc) == 0) { 
       $mysqli = mysqli_connect("localhost", "root", "", "sitename"); 
       $dbc = mysqli_query($mysqli,"INSERT INTO users (user_id, first_name, avatar) 
              VALUES ('$user_id', '$first_name', '$avatar')"); 
     } 

     if ($dbc == TRUE) { 
       $dbc = mysqli_query($mysqli,"UPDATE users 
              SET first_name = '$first_name', avatar = '$avatar' 
              WHERE user_id = '$user_id'"); 

       echo '<p class="changes-saved">Your changes have been saved!</p>'; 

     } 

     if (!$dbc) { 
       print mysqli_error($mysqli); 
       return; 
     } 

    } 

} 
+0

普萊斯請注意以下幾點:'$ _FILES'中信息的'type'屬性不是測試MIME類型的可靠方法。它可能被欺騙。你最好使用FileInfo http://www.php.net/manual/en/book.fileinfo.php。此外,您的SQL查詢對於SQL注入http://en.wikipedia.org/wiki/SQL_injection而言是不利的。你應該考慮使用準備好的語句。 – 2010-04-15 19:30:32

+0

對不起,我忽略了'mysqli_real_escape_string()'調用。因此,不要介意SQL注入的東西。 – 2010-04-15 19:34:31

回答

0

你只需要添加一個檢查,看看他們是否爲他們的頭像指定了一個新的圖像(或保留空白)。在這種情況下,不知道你的表格是如何設置的,你可以簡單地檢查大小大於零(isset()函數/空()可以返回在這種情況下意外的結果):

if($_FILES['avatar']['size'] > 0) { ... } 

編輯 在回答您的評論,你會更改以下行(包括固定一個基本的邏輯錯誤):

} else if($_FILES["avatar"]["type"] != "image/gif" || $_FILES["avatar"]["type"] != "image/jpeg" || $_FILES["avatar"]["type"] != "image/jpg" || $_FILES["avatar"]["type"] != "image/png" || $_FILES["avatar"]["type"] != "image/pjpeg") { 

到:

} else if($_FILES["avatar"]["size"] <= 0 && $_FILES["avatar"]["type"] != "image/gif" && $_FILES["avatar"]["type"] != "image/jpeg" && $_FILES["avatar"]["type"] != "image/jpg" && $_FILES["avatar"]["type"] != "image/png" && $_FILES["avatar"]["type"] != "image/pjpeg") { 
+0

我在哪裏放這個代碼? – peakUC 2010-04-15 19:14:22

+0

更新了我的答案。 – 2010-04-15 19:21:03