1. 首页
  2. 问答
  3. 查询不会更新Img文件的路径

查询不会更新Img文件的路径

2012-03-11 37 views
0

没有关于如何通过文件系统上传图像文件并将其路径保存在sql数据库中的单独教程。 它在一些网站上提到但没有正确解释。 Nyway 我上传的图像通过PHP,我想存储上传的图像在sql数据库的路径。 我insert.php查询不会更新Img文件的路径

<?php 

session_start(); 
if (!isset($_SESSION["MM_Username"])) 
{ 
    $_SESSION["message"] = "Please Login"; 
} 

?> 
<!--next comes the form, you must set the enctype to "multipart/frm-data" 
and use an input type "file" --> 
<form name="newad" method="post" enctype="multipart/form-data" 
action="chkupload.php"> 
<table> 
    <tr><td><input type="file" name="image"></td></tr> 
    <tr><td><input name="Submit" type="submit" value="Upload image"> 
     </td></tr> 
</table> 
</form>

1 2页)此页面的工作绝对没问题,但问题是在未来的文件

2)chkupload.php

问题是上传工作正常&它在图像/文件夹中创建文件,但不保存它在sql表中的路径。所以基本上我需要帮助。 也在其用户认证下。它的个人资料图片。

<?php require_once('Connections/mb.php'); 

$loginUsername = $_SESSION['MM_Username']; 

//define a maxim size for the uploaded images in Kb 
define ("MAX_SIZE","100"); 

//This function reads the extension of the file. It is used to determine if the 
// file is an image by checking the extension. 
function getExtension($str) { 
     $i = strrpos($str,"."); 
     if (!$i) { return ""; } 
     $l = strlen($str) - $i; 
     $ext = substr($str,$i+1,$l); 
     return $ext; 
} 

//This variable is used as a flag. The value is initialized with 0 (meaning no 
// error found) 
//and it will be changed to 1 if an errro occures. 
//If the error occures the file will not be uploaded. 
$errors=0; 
//checks if the form has been submitted 
if(isset($_POST['Submit'])) 
{ 
    //reads the name of the file the user submitted for uploading 
    $image=$_FILES['image']['name']; 
    //if it is not empty 
    if ($image) 
    { 
    //get the original name of the file from the clients machine 
     $filename = stripslashes($_FILES['image']['name']); 
    //get the extension of the file in a lower case format 
     $extension = getExtension($filename); 
     $extension = strtolower($extension); 
    //if it is not a known extension, we will suppose it is an error and 
     // will not upload the file, 
    //otherwise we will do more tests 
if (($extension != "jpg") && ($extension != "jpeg") && ($extension != 
"png") && ($extension != "gif")) 
     { 
     //print error message 
      echo '<h1>Unknown extension!</h1>'; 
      $errors=1; 
     } 
     else 
     { 
//get the size of the image in bytes 
//$_FILES['image']['tmp_name'] is the temporary filename of the file 
//in which the uploaded file was stored on the server 
$size=filesize($_FILES['image']['tmp_name']); 

//compare the size with the maxim size we defined and print error if bigger 
if ($size > MAX_SIZE*1024) 
{ 
    echo '<h1>You have exceeded the size limit!</h1>'; 
    $errors=1; 
} 

//we will give an unique name, for example the time in unix time format 
$image_name=time().'.'.$extension; 
//the new name will be containing the full path where will be stored (images 
//folder) 
$newname="images/".$image_name; 
//we verify if the image has been uploaded, and print error instead 
$copied = copy($_FILES['image']['tmp_name'], $newname); 
if (!$copied) 
{ 
    echo '<h1>Copy unsuccessfull!</h1>'; 
    $errors=1; 
}}}} 

//If no errors registred, print the success message 
if(isset($_POST['Submit']) && !$errors) 
{ 
    echo "<h1>File Uploaded Successfully! Try again!</h1>"; 
} 



mysql_connect("localhost", "root", "") or die(mysql_error()); 
echo "Connected to MySQL<br />"; 
mysql_select_db("musibridge") or die(mysql_error()); 
echo "Connected to Database"; 
$result = mysql_query("UPDATE artist92 SET path= $newname WHERE email = $loginUsername") 
or die(mysql_error()); 

?>

产生的误差是

注意:未定义的变量:用C _SESSION:\ XAMPP \ htdocs中\ MB \上线3 文件chkupload.php上传成功!再试一次! 连接到MySQL 连接到数据库您的SQL语法有错误;检查对应于您的MySQL服务器版本的手册,以便在第1行'jpg WHERE email ='附近使用正确的语法。

请帮我解决这个问题。它的上传,但没有更新的表artist92

的列路径这是我的登录page.Adding它只是为你的会话变量参考 artlog.php

<?php require_once('Connections/mb.php'); ?> 
<?php 
if (!function_exists("GetSQLValueString")) { 
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{ 
    if (PHP_VERSION < 6) { 
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; 
    } 

    $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); 

    switch ($theType) { 
    case "text": 
     $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; 
     break;  
    case "long": 
    case "int": 
     $theValue = ($theValue != "") ? intval($theValue) : "NULL"; 
     break; 
    case "double": 
     $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; 
     break; 
    case "date": 
     $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; 
     break; 
    case "defined": 
     $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; 
     break; 
    } 
    return $theValue; 
} 
} 

$colname_Recordsetartist = "-1"; 
if (isset($_SESSION['MM_Username'])) { 
    $colname_Recordsetartist = $_SESSION['MM_Username']; 
} 
mysql_select_db($database_mb, $mb); 
$query_Recordsetartist = sprintf("SELECT * FROM artist92 WHERE email = %s", GetSQLValueString($colname_Recordsetartist, "text")); 
$Recordsetartist = mysql_query($query_Recordsetartist, $mb) or die(mysql_error()); 
$row_Recordsetartist = mysql_fetch_assoc($Recordsetartist); 
$totalRows_Recordsetartist = mysql_num_rows($Recordsetartist); 
$query_Recordsetartist = "SELECT * FROM artist92"; 
$Recordsetartist = mysql_query($query_Recordsetartist, $mb) or die(mysql_error()); 
$row_Recordsetartist = mysql_fetch_assoc($Recordsetartist); 
$totalRows_Recordsetartist = mysql_num_rows($Recordsetartist); 

$colname_Recordsetartist = "-1"; 
if (isset($_SESSION['MM_email'])) { 
    $colname_Recordsetartist = $_SESSION['MM_email']; 
} 
mysql_select_db($database_mb, $mb); 
$query_Recordsetartist = sprintf("SELECT * FROM artist92 WHERE email = %s", GetSQLValueString($colname_Recordsetartist, "text")); 
$Recordsetartist = mysql_query($query_Recordsetartist, $mb) or die(mysql_error()); 
$row_Recordsetartist = mysql_fetch_assoc($Recordsetartist); 

$colname_Recordsetartist = "-1"; 
if (isset($_SESSION['MM_email'])) { 
    $colname_Recordsetartist = $_SESSION['MM_email']; 
} 
mysql_select_db($database_mb, $mb); 
$query_Recordsetartist = sprintf("SELECT * FROM artist92 WHERE email = %s", GetSQLValueString($colname_Recordsetartist, "text")); 
$Recordsetartist = mysql_query($query_Recordsetartist, $mb) or die(mysql_error()); 
$row_Recordsetartist = mysql_fetch_assoc($Recordsetartist); 
?> 
<?php 
// *** Validate request to login to this site. 
if (!isset($_SESSION)) { 
    session_start(); 
} 

$loginFormAction = $_SERVER['PHP_SELF']; 
if (isset($_GET['accesscheck'])) { 
    $_SESSION['PrevUrl'] = $_GET['accesscheck']; 
} 

if (isset($_POST['email'])) { 
    $loginUsername=$_POST['email']; 
    $password=$_POST['password']; 
    $MM_fldUserAuthorization = ""; 
    $MM_redirectLoginSuccess = "artistprofile.php"; 
    $MM_redirectLoginFailed = "artlog.php"; 
    $MM_redirecttoReferrer = false; 
    mysql_select_db($database_mb, $mb); 

    $LoginRS__query=sprintf("SELECT email, password FROM artist92 WHERE email=%s AND password=%s", 
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 

    $LoginRS = mysql_query($LoginRS__query, $mb) or die(mysql_error()); 
    $loginFoundUser = mysql_num_rows($LoginRS); 
    if ($loginFoundUser) { 
    $loginStrGroup = ""; 

    if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();} 
    //declare two session variables and assign them 
    $_SESSION['MM_Username'] = $loginUsername; 
    $_SESSION['MM_UserGroup'] = $loginStrGroup;  

    if (isset($_SESSION['PrevUrl']) && false) { 
     $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; 
    } 
    header("Location: " . $MM_redirectLoginSuccess); 
    } 
    else { 
    header("Location: ". $MM_redirectLoginFailed); 
    } 
} 
?>

来源

2012-03-11 Bhavyanshu

+0

也许您需要在尝试访问会话之前调用'session_start()'。我只是想知道,“artist92”是一张桌子的名字吗? – Ohas 2012-03-11 20:24:19

+0

是它的一个表名 – Bhavyanshu 2012-03-12 14:41:03

回答

0

首先,像奥马尔已经说了:

在使用$_SESSION变量之前,您必须致电session_start()

然后花一分钟,想想你的SQL查询将实际产生:

$newname = "C:\\My Documents\\image.jpg"; 
$loginUsername = "someone"; 
echo "UPDATE artist92 SET path= $newname WHERE email = $loginUsername";

输出将是:

UPDATE artist92 SET path= C:\\My Documents\\image.jpg WHERE email = someone

应该如何解读MySQL的这句话? - 它不能。 您至少必须在字符串周围添加引号。

UPDATE artist92 SET path= "C:\\My Documents\\image.jpg" WHERE email = "someone"

但是这仍然是一个重大安全问题。 阅读SQL Injection上的PHP文章以获得解释。不,真的 - 读它!

此外,您不验证该文件实际上传。您应该检出is_uploaded_file()move_uploaded_file()函数。

来源

2012-03-11 20:38:21 dog

+0

THanks的帮助,但我仍然收到错误 注意:未定义的索引:MM_Username在C:\ xampp \ htdocs \ MB \ chkupload.php在第5行 但sql错误消失。 我也检查了我的表artist92,并在其中我发现路径wasnt更新,虽然它不显示任何错误的SQL语法了.. – Bhavyanshu 2012-03-12 05:23:55

0

在UPDATE语句中,您需要在$ newname附近使用单引号。这将修复SQL语法中的错误。 此外,可以通过调用session_start()来解决“未定义的变量:_SESSION”()

来源

2012-03-11 20:44:56 aingram

+0

是的session_start()工作..感谢.. 也是thr是没有语法错误了... 我做了这个 '$ result = mysql_query(“UPDATE artist92 SET path ='$ newname'WHERE email ='$ loginUsername'') or die(mysql_error()); ' 但它不更新表artist92中的路径。 其还显示错误 未定义的索引:第5行中的C:\ xampp \ htdocs \ MB \ chkupload.php中的MM_Username MM_username是会话变量。 – Bhavyanshu 2012-03-12 05:29:24

+0

$ _SESSION是一个超全球性的,并且始终存在,即使会话尚未开始。它只是一个空阵列。 – 2012-03-13 18:38:43

相关问题

 相关问题