2
我不是工作,下面的代码添加move_uploaded_file()以使用WAMP与MySQL服务器在我的情况
,但它不是插入文件数据库 它在数据库中创建名称创建在WAMP的文件夹tmp文件,但不动它到所需的目录
具有看看代码
<form method="post" action="insert_products.php" enctype="multipart/form-data">
<table>
<tr>
<h2>Pleaset INPUT data to Insert Into database</h2>
</tr>
<tr>
<th scope="col">Title</th>
<td><input type="text" name="ptitle"></td>
</tr>
<tr>
<th scope="col">catagory</th>
<td><select name="pcats">
<option>Select A Catagory</option>
<?php
$get_cats = "select * from catagories";
$query =mysqli_query($conn,$get_cats)or die("Error: ".mysqli_error($conn));
while($get_cats = mysqli_fetch_array($query)){
$cat_id = $get_cats['cat_id'];
$cat_title = $get_cats['cat_title'];
echo " <option value='$cat_id'>$cat_title</option>";
}
?>
</select></td>
</tr>
<tr>
<th scope="col">Brand</th>
<td><select name="pBrands">
<option>Select A Brand</option>
<?php
$get_brands = "select * from brands";
$query =mysqli_query($conn,$get_brands)or die("Error: ".mysqli_error($conn));
while($get_brands = mysqli_fetch_array($query)){
$brand_id = $get_brands['brand_id'];
$brand_title = $get_brands['brand_title'];
echo "<option value='$brand_id'>$brand_title</option>";
}
?>
</select></td>
</tr>
<tr>
<th scope="col">IMG1</th>
<td><input type="file" name="pimg1"></td>
</tr>
<tr>
<th scope="col">IMG2</th>
<td><input type="file" name="pimg2"></td>
</tr>
<tr>
<th scope="col">IMG3</th>
<td><input type="file" name="pimg3"></td>
</tr>
<tr>
<th scope="col">Price</th>
<td><input type="text" name="pprice"></td>
</tr>
<tr>
<th scope="col">description</th>
<td><textarea name="pdesc"></textarea></td>
</tr>
<tr>
<th scope="col">keywords</th>
<td><input type="text" name="pkws"></td>
</tr>
<tr>
<th scope="col">save/Update</th>
<td><input type="submit" name="insert_product" value="Upload/Update"></td>
</tr>
</table>
</form>
概念性代码
....
if(isset($_POST["insert_product"])){
// datat text variable to insert product details into database
$pTitle = $_POST['ptitle'];
$pCats = $_POST['pcats'];
$pbrands = $_POST['pBrands'];
$pPrice = $_POST['pprice'];
$pDesc = $_POST['pdesc'];
$pKWS = $_POST['pkws'];
$status = 'on';
// product images data container to transfer images rrelated data to database
$pIMG1 = $_FILES['pimg1']['name'];
$pIMG2 = $_FILES['pimg2']['name'];
$pIMG3 = $_FILES['pimg3']['name'];
//temporary images variables
$temp_pIMG1 = $_FILES['pimg1']['tmp_name'];
$temp_pIMG2 = $_FILES['pimg2']['tmp_name'];
$temp_pIMG3 = $_FILES['pimg2']['tmp_name'];
if($pTitle == '' OR $pCats =='' OR $pbrands =='' OR $pPrice == '' OR $pDesc =='' OR $pKWS=='' or $pIMG1=='') {
echo "<script>alert('Please fill all the fields')</script>";
exit();
}else{
$uploads_dir = APP_PATH . DIRECTORY_SEPARATOR. '/pro_images/';
if(is_uploaded_file($temp_pIMG1) or is_uploaded_file($temp_pIMG2) or is_uploaded_file($temp_pIMG3)){
move_uploaded_file($temp_pIMG1,"$uploads_dir/$pIMG1");
move_uploaded_file($temp_pIMG2,"$uploads_dir/$pIMG2");
move_uploaded_file($temp_pIMG3,"$uploads_dir/$pIMG3");
}else{
echo"error in file upload ";
}
$insert_product = "INSERT INTO products (cat_id,brand_id,date,pTitle,p_Img1,p_Img2,p_Img3,p_price,p_desc,p_status) values ('$pCats','$pbrands',NOW(),'$pTitle','$pIMG1','$pIMG2','$pIMG3','$pPrice','$pDesc','$status')";
$run_products = mysqli_query($conn,$insert_product) or die('ERROR: '.mysqli_error($conn));
if ($run_products){
echo " <script>alert('Inserted')</script>";
}
}
}
?>
如果上传实际上已成功你没有检查。这很糟糕。 **总是**假设失败,检查它并将成功视为令人惊喜的事情:'if($ _FILES ['pimg1'] ['error'])!= UPLOAD_ERR_OK){die('upload failed'); }' – 2014-11-20 21:59:37
哦,你很容易受到[sql注入攻击](http://bobby-tables.com)的影响。 – 2014-11-20 22:00:19
我检查了所有东西都进入数据库qwuery是好的,但move_uploaded_file没有移动文件tem从wamp文件夹到我的自定义可怕 – iMansoorAliKhan 2014-11-20 22:08:26