PHP - 錯誤上載文件

我最近寫的代碼php通過move_upload_file()上傳圖片/文件是這樣的：PHP - 錯誤上載文件

if (isset($_POST["title"]) && isset($_POST["content"]) && isset($_POST["category"])) { 

     //if (!isset($_POST[])) 
     $title = $_POST['title']; 
     $desc = $_POST['content']; 
     $lat = $_POST['latitude']; 
     $long = $_POST['longitude']; 
     $category = $_POST['category']; 
     $image = $_POST['userfile']; 

     if(isset($_FILES['userfile'])) { 

      $fileName = $_FILES['Filename']['name']; 
      $target = "uploads/"; 
      $fileTarget = $target.$fileName; 
      $tempFileName = $_FILES["Filename"]["tmp_name"]; 

      $result = move_uploaded_file($_FILES["Filename"]["tmp_name"],$fileTarget); 

      /* 
      * If file was successfully uploaded in the destination folder 
      */ 
      if($result) { 
       header('Location: post.php?success'); 
       $query = "INSERT INTO public_info (title, content, category, imagePath) VALUES ('$title','$desc','$category', '$fileTarget')"; 
       $link->query($query) or die("Error : ".mysqli_error($link)); 
       } 
      else { 
       header('Location: post.php?errimg'); 
       } 
      mysqli_close($link); 
     } 
     else { 
      $query = "INSERT INTO public_info (title, content, category) VALUES ('$title','$desc','$category')"; 

      $result = mysqli_query($link, $query); 

      if ($result) { 
       header('Location: post.php?success'); 
      } 

      else { 
       header('Location: post.php?error'); 
      } 
     } 
     // $query = "INSERT INTO public_info (title, content, category) VALUES ('$title','$desc','$category')"; 
    }

和html

<form enctype="multipart/form-data" action="getPublicInfo.php" method="post" class="form"> 
 
\t \t \t \t <?php if($result) {echo $hasil;} ?>    
 
       <div class="form-group"> 
 
\t \t \t \t \t <label> Judul </label> 
 
\t \t \t \t \t \t <input type="text" name="title" class="form-control" placeholder="title" required/> 
 
\t \t \t \t </div> 
 
\t \t \t \t <div class="form-group"> 
 
\t \t \t \t \t <label> Description </label> 
 
\t \t \t \t \t \t <textarea type="text" name="content" class="form-control" required rows="3"> </textarea> 
 
\t \t \t \t </div> 
 
       <div class="form-group"> 
 
\t \t \t \t \t <label> Pick a category </label><br> 
 
\t \t \t \t \t \t <label class="radio-inline"> 
 
          <input type="radio" name="category" value="1"/> Headlines 
 
         </label> 
 
         <label class="radio-inline"> 
 
          <input type="radio" name="category" value="2"/> Event 
 
         </label> 
 
         <label class="radio-inline"> 
 
          <input type="radio" name="category" value="3" checked/> Info lain 
 
         </label> 
 
\t \t \t \t </div> 
 
\t \t \t \t <!--store image--> 
 
\t \t \t \t <input name="MAX_FILE_SIZE" value="10000000" type="hidden"> 
 
\t \t \t \t <div class="form-group"> 
 
\t \t \t \t \t <label> Upload an image </label> 
 
\t \t \t \t \t \t <input name="userfile" type="file"> 
 
\t \t \t \t </div> 
 
\t \t \t \t <input value="Submit" type="submit" class="btn btn-default"> 
 
\t \t \t </form>

這樣的形式

但這段代碼顯示了Location: post.php?errimg實際上會彈出一個錯誤。任何人都可以幫忙謝謝。

來源

2016-07-27 sukma ragil

的第一行可以通過僅使用1'isset（）函數'進行優化，和SQL是易受SQL注入。 – Raptor

@Raptor是的，它很容易被SQL注入，後來我會盡量阻止它 –

您使用了錯誤的可變位置：

$fileName = $_FILES['Filename']['name']; 
$target = "uploads/"; 
$fileTarget = $target.$fileName; 
$tempFileName = $_FILES["Filename"]["tmp_name"]; 
$result = move_uploaded_file($_FILES["Filename"]["tmp_name"],$fileTarget);

USE：

$fileName = $_FILES['userfile']['name']; 
$target = "uploads/"; 
$fileTarget = $target.$fileName; 
$tempFileName = $_FILES["userfile"]["tmp_name"]; 

$result = move_uploaded_file($_FILES["userfile"]["tmp_name"],$fileTarget);

來源

2016-07-27 09:19:44

謝謝，它的工作原理，我沒有注意到 –

PHP - 錯誤上載文件

回答

相關問題