PHP上传到数据库

Question

我想上传东西到数据库。我经历了一些教程，并没有一个工作。我想将图像和文本文件（包括PowerPoint演示文稿）等文件上传到数据库。

这是我的形式

<form action="upload.php" method="post" enctype="multipart/form-data" name="uploadform"> 
    <input type="hidden" name="MAX_FILE_SIZE" value="350000"> 
    <input name="picture" type="file" id="picture" size="50"> 
    <input name="upload" type="submit" id="upload" value="Upload Picture!"> 
</form> 

这是upload.php的

<?php 
// if something was posted, start the process... 
if(isset($_POST['upload'])) 
{ 
    // define the posted file into variables 
    $name = $_FILES['picture']['name']; 
    $tmp_name = $_FILES['picture']['tmp_name']; 
    $type = $_FILES['picture']['type']; 
    $size = $_FILES['picture']['size']; 

    // get the width & height of the file (we don't need the other stuff) 
    list($width, $height, $typeb, $attr) = getimagesize($tmp_name); 

    // if width is over 600 px or height is over 500 px, kill it  
    if($width>600 || $height>500) 
    { 
     echo $name . "'s dimensions exceed the 600x500 pixel limit."; 
     echo '<a href="form.html">Click here</a> to try again.'; 
     die(); 
    } 

    // if the mime type is anything other than what we specify below, kill it  
    if(!($type=='image/jpeg' || $type=='image/png' || $type=='image/gif')) 
    { 
     echo $type . " is not an acceptable format."; 
     echo '<a href="form.html">Click here</a> to try again.' ; 
     die(); 
    } 

    // if the file size is larger than 350 KB, kill it 
    if($size>'350000') { 
     echo $name . " is over 350KB. Please make it smaller."; 
     echo '<a href="form.html">Click here</a> to try again.' ; 
     die(); 
    } 

    // if your server has magic quotes turned off, add slashes manually 
    if(!get_magic_quotes_gpc()){ 
     $name = addslashes($name); 
    } 

    // open up the file and extract the data/content from it 
    $extract = fopen($tmp_name, 'r'); 
    $content = fread($extract, $size); 
    $content = addslashes($content); 
    fclose($extract); 

    // connect to the database 
    include "inc/db.inc.php"; 

    // the query that will add this to the database 
    $addfile = "INSERT INTO files (name, size, type, content) ". 
     "VALUES ('$name', '$size', '$type', '$content')"; 

    mysql_query($addfile) or die(mysql_error()); 

    // get the last inserted ID if we're going to display this image next 
    $inserted_fid = mysql_insert_id(); 

    mysql_close(); 

    echo "Successfully uploaded your picture!"; 

    // we still have to close the original IF statement. If there was nothing posted, kill the page. 
} 
else{ 
    die("No uploaded file present"); 
} 
?> 

我知道有上-> if(!($type=='image/jpeg' || $type=='image/png' || $type=='image/gif'))类型限制这一点。当我上传小照片时，我收到的错误是“没有选择数据库”。

数据库配置正确，因为我有其他的东西可以连接到它。

Answer 1

你的代码是从根本上打破：

1）您简单地假设进行上载，从来没有检查是否存在故障。您至少应该有

if ($_FILES['picture']['error'] !== UPLOAD_ERR_OK) { 
    die("Upload failed with error code " . $_FILES['picture']['error']); 
} 

代码这里定义的错误：http://php.net/manual/en/features.file-upload.errors.php

2）和addslashes（）提供了关于尽可能多的防御SQL注入攻击是用湿卫生纸单方不干燥一个湖。由于您使用的是mysql库，因此您必须使用mysql_real_escape_string（）来执行正常的转义数据作业。

3）您使用的mysql库过时并且不推荐使用。停止使用它。改用mysqli或PDO。

4）您的实际错误信息表明您从未做过mysql_select_db()调用以设置默认数据库。您可以通过简单地将您的查询修改为INSERT INTO name_of_db.name_of_table ...来避开它。

Answer 2

确保您在inc/db.inc.php文件中正确调用mysql_select_db()。

在下面的代码中，您只需回显文本而不执行任何检查。无论成功或失败，成功消息都将显示。

echo "Successfully uploaded your picture!";