-1
请帮助任何人。我一直在调试几天。我只是有一个问题,我会很高兴,如果你帮助我。我的图片没有上传到我的数据库
我的图像无法上传到我的数据库。它甚至不会给我一个错误。它只是上传我的查询的其他组件,将图像留在后面。这里是我的代码
<?php
global $connection;
if(isset($_POST['submit'])){
$post_category_id = $_POST['post_category_id'];
$post_title = $_POST['post_title'];
$post_author = $_POST ['post_author'];
$post_status = $_POST['post_status'];
$post_image = isset($_FILES['post_image']['image_name']);
$post_image_temp = isset($_FILES['post_image']['temp_name']);
$post_tags = $_POST['post_tags'];
$post_comment_count = 4;
$post_date = date('d-m-y');
$post_content = $_POST['post_content'];
$post_status = $_POST['post_status'];
move_uploaded_file($post_image_temp, '../images/$post_image');
$query = "INSERT INTO posts (post_category_id, post_title, post_author, post_status, post_image, post_tags, post_comment_count, post_date, post_content) VALUES ('{$post_category_id}', '{$post_title}', '{$post_author}', '{$post_status}', '{$post_image}', '{$post_tags}', {$post_comment_count}, now(), '{$post_content}') ";
$result = mysqli_query($connection, $query);
if ($result){
echo "Post Published";
} else {
echo "(Error Code:" . $_FILES['post_image']['error'] . ")";
}
}
?>
<form action="" method="post" enctype="multipart/form-data">
<div class="form-group">
<label for="post_title">Title</label>
<input type="text" name ='post_title' class="form-control" >
</div>
<div class="form-group">
<label for="Post_author">Post Author</label>
<input type="text" name ='post_author' class="form-control">
</div>
<div class="form-group">
<label for="post_category_id">Post Category</label>
<input type="text" name ='post_category_id'class="form-control" >
</div>
<div class="form-group">
<label for="post_status">Post Status</label>
<input type="text" name ='post_status' class="form-control">
</div>
<div class="form-group">
<label for="post_image">Upload Image</label>
<input type="file" name ="post_image" id="post-image" class="form-control" >
</div>
<div class="post tags">
<label for="post_tags">Post Tags</label>
<input type="text" name ='post_tags'class="form-control" >
</div>
<div class="post comment count">
<label for="post_comment_count">Post Comment Count</label>
<input type="text" name ='post_comment_count'class="form-control" >
</div>
<div class="form-group">
<label for="post_date">post date</label>
<input type="date" name ='post_date'class="form-control" >
</div>
<div class="form-group">
<label for="post_content">Post content</label>
<textarea name="post_content" id="" cols="30" rows="10"></textarea>
</div>
<input class= "btn btn-primary"type="submit" name = "submit" value="Publish Post">
</form>
请注意我已经完全控制权限到我从上传的位置。我相信你会发现我的IMAGE_NAME的isset功能和image_temp_name这是因为没有它,我只是得到一个
未定义的变量错误
点击我的提交按钮后
了解准备好的语句以防止sql注入 – Jens
您的脚本处于危险中[SQL注入攻击](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) 即使[如果你逃避输入,它不安全!](http :http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) 使用[编写参数化语句](http://php.net/manual/en/mysqli .quickstart.prepared-statements.php) – RiggsFolly
isset不会赋值给变量。 –