0
我最近寫的代碼php
通過move_upload_file()
上傳圖片/文件是這樣的:PHP - 錯誤上載文件
if (isset($_POST["title"]) && isset($_POST["content"]) && isset($_POST["category"])) {
//if (!isset($_POST[]))
$title = $_POST['title'];
$desc = $_POST['content'];
$lat = $_POST['latitude'];
$long = $_POST['longitude'];
$category = $_POST['category'];
$image = $_POST['userfile'];
if(isset($_FILES['userfile'])) {
$fileName = $_FILES['Filename']['name'];
$target = "uploads/";
$fileTarget = $target.$fileName;
$tempFileName = $_FILES["Filename"]["tmp_name"];
$result = move_uploaded_file($_FILES["Filename"]["tmp_name"],$fileTarget);
/*
* If file was successfully uploaded in the destination folder
*/
if($result) {
header('Location: post.php?success');
$query = "INSERT INTO public_info (title, content, category, imagePath) VALUES ('$title','$desc','$category', '$fileTarget')";
$link->query($query) or die("Error : ".mysqli_error($link));
}
else {
header('Location: post.php?errimg');
}
mysqli_close($link);
}
else {
$query = "INSERT INTO public_info (title, content, category) VALUES ('$title','$desc','$category')";
$result = mysqli_query($link, $query);
if ($result) {
header('Location: post.php?success');
}
else {
header('Location: post.php?error');
}
}
// $query = "INSERT INTO public_info (title, content, category) VALUES ('$title','$desc','$category')";
}
和html
<form enctype="multipart/form-data" action="getPublicInfo.php" method="post" class="form">
\t \t \t \t <?php if($result) {echo $hasil;} ?>
<div class="form-group">
\t \t \t \t \t <label> Judul </label>
\t \t \t \t \t \t <input type="text" name="title" class="form-control" placeholder="title" required/>
\t \t \t \t </div>
\t \t \t \t <div class="form-group">
\t \t \t \t \t <label> Description </label>
\t \t \t \t \t \t <textarea type="text" name="content" class="form-control" required rows="3"> </textarea>
\t \t \t \t </div>
<div class="form-group">
\t \t \t \t \t <label> Pick a category </label><br>
\t \t \t \t \t \t <label class="radio-inline">
<input type="radio" name="category" value="1"/> Headlines
</label>
<label class="radio-inline">
<input type="radio" name="category" value="2"/> Event
</label>
<label class="radio-inline">
<input type="radio" name="category" value="3" checked/> Info lain
</label>
\t \t \t \t </div>
\t \t \t \t <!--store image-->
\t \t \t \t <input name="MAX_FILE_SIZE" value="10000000" type="hidden">
\t \t \t \t <div class="form-group">
\t \t \t \t \t <label> Upload an image </label>
\t \t \t \t \t \t <input name="userfile" type="file">
\t \t \t \t </div>
\t \t \t \t <input value="Submit" type="submit" class="btn btn-default">
\t \t \t </form>
但這段代碼顯示了Location: post.php?errimg
實際上會彈出一個錯誤。任何人都可以幫忙謝謝。
的第一行可以通過僅使用1'isset()函數'進行優化,和SQL是易受SQL注入。 – Raptor
@Raptor是的,它很容易被SQL注入,後來我會盡量阻止它 –