我想將以前上傳的文件加載到MySQL數據庫中。在提交表單,預覽頁面將包含超鏈接到這些文件(類似於附件)根據文件擴展名和帶有超鏈接的文件數顯示從MySQL上傳的文件
的問題,我得到的文件存儲在文件夾是:
- ,如果我只選擇1個或多個文件與特定的文件擴展名將被上傳,那麼我會得到正確的文件數量和超鏈接將正常工作。
- 如果我選擇2個不同文件擴展名的文件(PDF和JPG),那麼我會得到4個超鏈接。
- 如果我選擇4檔與2個不同的文件擴展名(PDF和JPG),他們我會得到如圖8層的超鏈接
可能錯誤是在我的代碼的foreach命令。
請檢查附加圖片,瞭解它在加載文件後的外觀。
的index.php
<?php
include('dbconfig.php');
date_default_timezone_set('Europe/Oslo');
$loaddate1 = date('Y-m-d');
$loadtime1 = date('H-i-s');
?>
<form name="myForm" id="myForm" class="workshop add" action="" method="post" enctype="multipart/form-data">
<input id="" type="text" name="toolsn" value="">
<input id="" type="text" name="actioninsertdate" value="<?php echo $loaddate1;?>" readonly> <br/>
<input id="" type="text" name="actioninserttime" value="<?php echo $loadtime1;?>" readonly><br/>
<input type="file" name="files[]" multiple/><br/>
<button type="submit" name="submit">Submit</button></div>
</form>
<?php
if(isset($_POST['submit']))
{
$path = 'images/';
$toolsn = $_POST['toolsn'];
$actioninsertdate = $_POST['actioninsertdate'];
$actioninserttime = $_POST['actioninserttime'];
$errors= array();
foreach($_FILES['files']['tmp_name'] as $key => $tmp_name){
$file_name = $key.$_FILES['files']['name'][$key];
$file_basename = substr($file_name, 0, strripos($file_name, '.')); // get file extension
$file_ext = substr($file_name, strripos($file_name, '.')); // get file name
$file_size =$_FILES['files']['size'][$key];
$file_tmp =$_FILES['files']['tmp_name'][$key];
$file_type=$_FILES['files']['type'][$key];
$newfilename = $toolsn.'-'.$loaddate1.'_'.$loadtime1.'_'.rand(1,20).$file_ext;
if($file_size > 2097152){
$errors[]='File size must be less than 2 MB';
}
$query="INSERT workshop1 SET toolsn='$toolsn',file='$newfilename',type='$file_type',size='$file_size',actioninsertdate='$actioninsertdate',actioninserttime = '$actioninserttime'"
or die(mysqli_error ($connection));
if(empty($errors)==true || empty($toolsn)==false){
if(is_dir($path.$toolsn)==false){
mkdir("images/$toolsn", 0700); // Create directory if it does not exist
}
if(is_dir("images/$toolsn/".$file_name)==false){
//$newfilename = $toolsn.'-'.$loaddate1.'_'.$loadtime1.'_'.rand(1,4).$file_ext;
move_uploaded_file($file_tmp,"images/$toolsn/".$newfilename);
}else{ // rename the file if another one exist
//$newfilename = $toolsn.'-'.$loaddate1.'_'.$loadtime1.'_'.rand(1,4);
$new_dir="images/$toolsn/".time().$newfilename;
rename($file_tmp,$new_dir) ;
}
mysqli_query($connection, $query);
}else{
print_r($errors);
}
}
}
?>
read.php
<?php
include('dbconfig.php');
$sqls=mysqli_query($connection, "
SELECT
GROUP_CONCAT(DISTINCT toolsn SEPARATOR '<br />') as toolsn,
GROUP_CONCAT(DISTINCT type SEPARATOR '<br />') as type,
GROUP_CONCAT(DISTINCT file ORDER BY type SEPARATOR '<br />') as file,
GROUP_CONCAT(DISTINCT actioninsertdate SEPARATOR '<br />') as actioninsertdate,
GROUP_CONCAT(DISTINCT actioninserttime SEPARATOR '<br />') as actioninserttime
from workshop1
group by actioninserttime");
//get feedback why database not working
if (!$sqls) {
printf("Error: %s\n", mysqli_error($connection));
exit();
}
?>
<table id="table" class="table table-hover table-responsive">
<thead class="thead-default">
<tr>
<th>Toolsn</th>
<th>Date added</th>
<th>Time added</th>
<th>Attachment</th>
</tr>
</thead>
<?php
echo '<tbody id="tbody"><tr>';
while ($row = mysqli_fetch_array($sqls)) {
echo '<td>'.$row['toolsn'].'</td>';
echo '<td>'.$row['actioninsertdate'].'</td>';
echo '<td>'.$row['actioninserttime'].'</td>';
echo '<td>';
$eachtoolsn=explode('<br />',$row['toolsn']);
$eachfile=explode('<br />',$row['file']);
$eachtype=explode('<br />',$row['type']);
foreach($eachfile as $listfile) {
//echo $listfile;
foreach($eachtoolsn as $key => $listoolsn) {
//echo [$key];
}
foreach($eachtype as $listtype) {
if ($listtype === 'image/jpeg'){
echo '<a href="images/'.$row['toolsn'].'/'.$listfile.'" target="_blank"><img src="images/'.$row['toolsn'].'/'.$listfile.'" width="48" height="48"></a>';
} elseif ($listtype === 'application/pdf'){
echo '<a href="images/'.$row['toolsn'].'/'.$listfile.'" target="_blank"><img src="images/icon-pdf.png" width="48" height="48"></a>';
}
}
echo '</td>';
echo '</tr>';}
echo '</tbody></table>';
?>
您的代碼是** [SQL注入脆弱](https://stackoverflow.com/questions/601300/what- is-sql-injection)**,不要在生產中使用它並學習如何保護自己。 – Blag