1. 首頁
  2. 問答
  3. 查詢不會更新Img文件的路徑

查詢不會更新Img文件的路徑

2012-03-11 36 views
0

沒有關於如何通過文件系統上傳圖像文件並將其路徑保存在sql數據庫中的單獨教程。 它在一些網站上提到但沒有正確解釋。 Nyway 我上傳的圖像通過PHP,我想存儲上傳的圖像在sql數據庫的路徑。 我insert.php查詢不會更新Img文件的路徑

<?php 

session_start(); 
if (!isset($_SESSION["MM_Username"])) 
{ 
    $_SESSION["message"] = "Please Login"; 
} 

?> 
<!--next comes the form, you must set the enctype to "multipart/frm-data" 
and use an input type "file" --> 
<form name="newad" method="post" enctype="multipart/form-data" 
action="chkupload.php"> 
<table> 
    <tr><td><input type="file" name="image"></td></tr> 
    <tr><td><input name="Submit" type="submit" value="Upload image"> 
     </td></tr> 
</table> 
</form>

1 2頁)此頁面的工作絕對沒問題,但問題是在未來的文件

2)chkupload.php

問題是上傳工作正常&它在圖像/文件夾中創建文件,但不保存它在sql表中的路徑。所以基本上我需要幫助。 也在其用戶認證下。它的個人資料圖片。

<?php require_once('Connections/mb.php'); 

$loginUsername = $_SESSION['MM_Username']; 

//define a maxim size for the uploaded images in Kb 
define ("MAX_SIZE","100"); 

//This function reads the extension of the file. It is used to determine if the 
// file is an image by checking the extension. 
function getExtension($str) { 
     $i = strrpos($str,"."); 
     if (!$i) { return ""; } 
     $l = strlen($str) - $i; 
     $ext = substr($str,$i+1,$l); 
     return $ext; 
} 

//This variable is used as a flag. The value is initialized with 0 (meaning no 
// error found) 
//and it will be changed to 1 if an errro occures. 
//If the error occures the file will not be uploaded. 
$errors=0; 
//checks if the form has been submitted 
if(isset($_POST['Submit'])) 
{ 
    //reads the name of the file the user submitted for uploading 
    $image=$_FILES['image']['name']; 
    //if it is not empty 
    if ($image) 
    { 
    //get the original name of the file from the clients machine 
     $filename = stripslashes($_FILES['image']['name']); 
    //get the extension of the file in a lower case format 
     $extension = getExtension($filename); 
     $extension = strtolower($extension); 
    //if it is not a known extension, we will suppose it is an error and 
     // will not upload the file, 
    //otherwise we will do more tests 
if (($extension != "jpg") && ($extension != "jpeg") && ($extension != 
"png") && ($extension != "gif")) 
     { 
     //print error message 
      echo '<h1>Unknown extension!</h1>'; 
      $errors=1; 
     } 
     else 
     { 
//get the size of the image in bytes 
//$_FILES['image']['tmp_name'] is the temporary filename of the file 
//in which the uploaded file was stored on the server 
$size=filesize($_FILES['image']['tmp_name']); 

//compare the size with the maxim size we defined and print error if bigger 
if ($size > MAX_SIZE*1024) 
{ 
    echo '<h1>You have exceeded the size limit!</h1>'; 
    $errors=1; 
} 

//we will give an unique name, for example the time in unix time format 
$image_name=time().'.'.$extension; 
//the new name will be containing the full path where will be stored (images 
//folder) 
$newname="images/".$image_name; 
//we verify if the image has been uploaded, and print error instead 
$copied = copy($_FILES['image']['tmp_name'], $newname); 
if (!$copied) 
{ 
    echo '<h1>Copy unsuccessfull!</h1>'; 
    $errors=1; 
}}}} 

//If no errors registred, print the success message 
if(isset($_POST['Submit']) && !$errors) 
{ 
    echo "<h1>File Uploaded Successfully! Try again!</h1>"; 
} 



mysql_connect("localhost", "root", "") or die(mysql_error()); 
echo "Connected to MySQL<br />"; 
mysql_select_db("musibridge") or die(mysql_error()); 
echo "Connected to Database"; 
$result = mysql_query("UPDATE artist92 SET path= $newname WHERE email = $loginUsername") 
or die(mysql_error()); 

?>

產生的誤差是

注意:未定義的變量:用C _SESSION:\ XAMPP \ htdocs中\ MB \上線3 文件chkupload.php上傳成功!再試一次! 連接到MySQL 連接到數據庫您的SQL語法有錯誤;檢查對應於您的MySQL服務器版本的手冊,以便在第1行'jpg WHERE email ='附近使用正確的語法。

請幫我解決這個問題。它的上傳,但沒有更新的表artist92

的列路徑這是我的登錄page.Adding它只是爲你的會話變量參考 artlog.php

<?php require_once('Connections/mb.php'); ?> 
<?php 
if (!function_exists("GetSQLValueString")) { 
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{ 
    if (PHP_VERSION < 6) { 
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; 
    } 

    $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); 

    switch ($theType) { 
    case "text": 
     $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; 
     break;  
    case "long": 
    case "int": 
     $theValue = ($theValue != "") ? intval($theValue) : "NULL"; 
     break; 
    case "double": 
     $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; 
     break; 
    case "date": 
     $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; 
     break; 
    case "defined": 
     $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; 
     break; 
    } 
    return $theValue; 
} 
} 

$colname_Recordsetartist = "-1"; 
if (isset($_SESSION['MM_Username'])) { 
    $colname_Recordsetartist = $_SESSION['MM_Username']; 
} 
mysql_select_db($database_mb, $mb); 
$query_Recordsetartist = sprintf("SELECT * FROM artist92 WHERE email = %s", GetSQLValueString($colname_Recordsetartist, "text")); 
$Recordsetartist = mysql_query($query_Recordsetartist, $mb) or die(mysql_error()); 
$row_Recordsetartist = mysql_fetch_assoc($Recordsetartist); 
$totalRows_Recordsetartist = mysql_num_rows($Recordsetartist); 
$query_Recordsetartist = "SELECT * FROM artist92"; 
$Recordsetartist = mysql_query($query_Recordsetartist, $mb) or die(mysql_error()); 
$row_Recordsetartist = mysql_fetch_assoc($Recordsetartist); 
$totalRows_Recordsetartist = mysql_num_rows($Recordsetartist); 

$colname_Recordsetartist = "-1"; 
if (isset($_SESSION['MM_email'])) { 
    $colname_Recordsetartist = $_SESSION['MM_email']; 
} 
mysql_select_db($database_mb, $mb); 
$query_Recordsetartist = sprintf("SELECT * FROM artist92 WHERE email = %s", GetSQLValueString($colname_Recordsetartist, "text")); 
$Recordsetartist = mysql_query($query_Recordsetartist, $mb) or die(mysql_error()); 
$row_Recordsetartist = mysql_fetch_assoc($Recordsetartist); 

$colname_Recordsetartist = "-1"; 
if (isset($_SESSION['MM_email'])) { 
    $colname_Recordsetartist = $_SESSION['MM_email']; 
} 
mysql_select_db($database_mb, $mb); 
$query_Recordsetartist = sprintf("SELECT * FROM artist92 WHERE email = %s", GetSQLValueString($colname_Recordsetartist, "text")); 
$Recordsetartist = mysql_query($query_Recordsetartist, $mb) or die(mysql_error()); 
$row_Recordsetartist = mysql_fetch_assoc($Recordsetartist); 
?> 
<?php 
// *** Validate request to login to this site. 
if (!isset($_SESSION)) { 
    session_start(); 
} 

$loginFormAction = $_SERVER['PHP_SELF']; 
if (isset($_GET['accesscheck'])) { 
    $_SESSION['PrevUrl'] = $_GET['accesscheck']; 
} 

if (isset($_POST['email'])) { 
    $loginUsername=$_POST['email']; 
    $password=$_POST['password']; 
    $MM_fldUserAuthorization = ""; 
    $MM_redirectLoginSuccess = "artistprofile.php"; 
    $MM_redirectLoginFailed = "artlog.php"; 
    $MM_redirecttoReferrer = false; 
    mysql_select_db($database_mb, $mb); 

    $LoginRS__query=sprintf("SELECT email, password FROM artist92 WHERE email=%s AND password=%s", 
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 

    $LoginRS = mysql_query($LoginRS__query, $mb) or die(mysql_error()); 
    $loginFoundUser = mysql_num_rows($LoginRS); 
    if ($loginFoundUser) { 
    $loginStrGroup = ""; 

    if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();} 
    //declare two session variables and assign them 
    $_SESSION['MM_Username'] = $loginUsername; 
    $_SESSION['MM_UserGroup'] = $loginStrGroup;  

    if (isset($_SESSION['PrevUrl']) && false) { 
     $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; 
    } 
    header("Location: " . $MM_redirectLoginSuccess); 
    } 
    else { 
    header("Location: ". $MM_redirectLoginFailed); 
    } 
} 
?>

來源

2012-03-11 Bhavyanshu

+0

也許您需要在嘗試訪問會話之前調用'session_start()'。我只是想知道,「artist92」是一張桌子的名字嗎? – Ohas 2012-03-11 20:24:19

+0

是它的一個表名 – Bhavyanshu 2012-03-12 14:41:03

回答

0

首先,像奧馬爾已經說了:

在使用$_SESSION變量之前,您必須致電session_start()

然後花一分鐘,想想你的SQL查詢將實際產生:

$newname = "C:\\My Documents\\image.jpg"; 
$loginUsername = "someone"; 
echo "UPDATE artist92 SET path= $newname WHERE email = $loginUsername";

輸出將是:

UPDATE artist92 SET path= C:\\My Documents\\image.jpg WHERE email = someone

應該如何解讀MySQL的這句話? - 它不能。 您至少必須在字符串周圍添加引號。

UPDATE artist92 SET path= "C:\\My Documents\\image.jpg" WHERE email = "someone"

但是這仍然是一個重大安全問題。 閱讀SQL Injection上的PHP文章以獲得解釋。不,真的 - 讀它!

此外,您不驗證該文件實際上傳。您應該檢出is_uploaded_file()move_uploaded_file()函數。

來源

2012-03-11 20:38:21 dog

+0

THanks的幫助,但我仍然收到錯誤 注意:未定義的索引:MM_Username在C:\ xampp \ htdocs \ MB \ chkupload.php在第5行 但sql錯誤消失。 我也檢查了我的表artist92,並在其中我發現路徑wasnt更新,雖然它不顯示任何錯誤的SQL語法了.. – Bhavyanshu 2012-03-12 05:23:55

0

在UPDATE語句中,您需要在$ newname附近使用單引號。這將修復SQL語法中的錯誤。 此外,可以通過調用session_start()來解決「未定義的變量:_SESSION」()

來源

2012-03-11 20:44:56 aingram

+0

是的session_start()工作..感謝.. 也是thr是沒有語法錯誤了... 我做了這個 '$ result = mysql_query(「UPDATE artist92 SET path ='$ newname'WHERE email ='$ loginUsername'') or die(mysql_error()); ' 但它不更新表artist92中的路徑。 其還顯示錯誤 未定義的索引:第5行中的C:\ xampp \ htdocs \ MB \ chkupload.php中的MM_Username MM_username是會話變量。 – Bhavyanshu 2012-03-12 05:29:24

+0

$ _SESSION是一個超全球性的,並且始終存在,即使會話尚未開始。它只是一個空陣列。 – 2012-03-13 18:38:43

相關問題

 相關問題