0
我已经把这个脚本放在一起加载从我上传的文件到数据库的文件路径。但它似乎并不奏效。请任何建议都很好。它基本上是一个允许多个文件上传的简单表单。我需要通过文件路径将此信息传递给数据库以备后用。 我得到的 输出警告这是一个简单的测试来检查变量实际上是贴PHP添加文件路径到数据库
这里是回声$ SQL;
INSERT INTO mediamanagement (`Project_Name`, `Assigned_To`, `Assign_Date`, `Check_Date`, `Due_Date`) VALUES ("fvfg df fdh bdfgb", "Ramon", "2013-04-01", "2013-04-18", "2013-04-30", Error:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 13
Error:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 13
继承人的PHP:
<?php
mysql_connect("MySQLB15.wer.com","york","usa12") or die ('Error:' .mysql_error());
//database connection
mysql_select_db("mediamanagement");
$project = $_POST['project'];
$assignto = $_POST['assignto'];
$asdate = $_POST['asdate'];
$chdate = $_POST['chdate'];
$ddate = $_POST['ddate'];
$errors = array();
$files = array();
foreach ($_FILES['files'] as $k=>$image) {
// handle upload errors
if ($image['error'] != 0 && $image['error'] != 4) {
switch ($image['error']) {
case '1':
case '2':
$err = 'The uploaded file exceeds the maximum file size.';
break;
case '3':
$err = 'The upload was inturupted, transfer failed.';
break;
case '6':
case '7':
case '8':
$err = 'Server error. Please try again later.';
break;
}
// record error and move on
$errors[] = array('files'=>$k, 'error'=>$err);
continue;
} elseif ($image['error'] == 4) {
// error 4 means no image was sent
continue;
}
// determine the extension
$ext = explode('.', $image['name']);
if (count($ext) != 2) {
$errors[] = array('files'=>$k, 'error'=>'Could not determine file extension.');
continue;
} else {
switch ($ext[1]) {
case 'jpg':
case 'jpeg':
case 'gif':
case 'png':
case 'pdf':
case 'psd':
case 'ai':
case 'pdf':
break;
default:
$errors[] = array('files'=>$k, 'error'=>'Unsupported file extension.');
continue;
break;
}
}
// make a random-ish filename
$filename = time().uniqid(rand(), true) . '.' . $ext[1];
$path = 'uploads/'.$filename; // upload directory path is set
move_uploaded_file($image['tmp_name'], $path); // upload the file to the server
// this is a bad idea right here! Use 775 at least, if possible
chmod($path,0775);
$files[] = array('name'=>$filename, 'path'=>$path);
}
// now loop the $files array and put the paths into the database
// you also should do something with the errors listed in $errors
// start building up the SQL query, start with
// some fields that are straightforward
$sql = '
INSERT INTO mediamanagement (
`Project_Name`,
`Assigned_To`,
`Assign_Date`,
`Check_Date`,
`Due_Date`';
// now loop the list of files (5 only),
// add each needed field
for ($i=1; $i < count($files) && $i < 5; $i++) {
$sql .= '`files'.$i.'`,';
}
// build out the rest of the query, add values
// for the straightforward fields
$sql .= '
) VALUES (
"'.$project.'",
"'.$assignto.'",
"'.$asdate.'",
"'.$chdate.'",
"'.$ddate.'",
';
// loop the files
$ct = 1;
foreach ($files as $f) {
$sql .= '"'.$f['name'].'",';
// only allow 5 files
if ($ct == 5)
break;
$ct++;
}
')';
mysql_query($sql) or die ('Error:' .mysql_error());;
?>
<?php
echo("<p><span>Project Name:</span> ".$_POST['project']."</p>");
echo("<p><span>assign to:</span> ".$_POST['assignto']."</p>");
echo("<p><span>Assign Date:</span> ".$_POST['asdate']."</p>");
echo("<p><span>Check Date:</span> ".$_POST['chdate']."</p>");
echo("<p><span>Due Date:</span> ".$_POST['ddate']."</p>");
?>
打印出最终的SQL语法拥有一些代码,检查错误。 – rwilliams 2013-04-30 17:31:59
您发布了太多代码......但没有发布所需的一件东西。 'echo $ sql的结果;' – raidenace 2013-04-30 17:32:18
转义您的POST参数。你的代码容易受到SQL注入的影响。 – 2013-04-30 17:32:31