开发者

php server and sql image upload

问答 作者:

Ok,

I have built an insert image page (uploader.php) on the back of a previous post with regards to setting up a php image uploader, but am having a few issues......

The code is:

<?php 

$target = "images/test/"; 
$target = $target . basename( $_FILES['photo']['name']); 

$title=$_POST['title']; 
$desc=$_POST['desc'];  
$pic=($_FILES['photo']['name']); 

mysql_connect("dbhost", "dbuser", "dbpass") or die(mysql_error()) ; 
mysql_select_db("dbname") or die(mysql_error()) ;  
mysql_query("INSERT INTO `test` VALUES ('$title', '$desc', '$pic')") ; 

if(move_uploaded_file($_FILES['photo']['tmp_name'], $target)) 
 { 

echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory"; 
 } 
 else { 
 echo "Sorry, there was a problem uploading your file."; 
 } 
 ?> 

<form enctype="multipart/form-data" action="uploader.php" method="POST"> 
Title: <input type="text" name="title"><br> 
Description: <input type="text" name = "desc"><br>  
Photo: <input type="file" name="photo"><br> 
<input type="submit" value="Add"> 
</form>

So the first issue is that the开发者_如何学Go information is not being entered into the database - the table has 4 fields - id(int), title(varchar), desc(varchar) and photo(varchar). Is it because the id field is not being specified?? This is simply the auto incremented primary key for the table.

The second issue is that the image that is being loaded contains spaces in it - for example, when uploading "test image.jpg" - I would like to incorporate a str_replace() to create "testimage.jpg". Do you know where I would insert this into the code?

Thanks again for any help,

JD

If you don't explicitly list columns in your insert statement, you must include all of them in the VALUES (), so yes you would need to include the id

Better though, would be to list the columns:

mysql_query("INSERT INTO `test` (title, `desc`, photo) VALUES ('$title', '$desc', '$pic')") ;

Note that desc is backquoted above. It is a MySQL reserved keyword and is a syntax error there unless quoted.

Also, please escape your values against SQL injection!

$title = mysql_real_escape_string($_POST['title']); 
$desc = mysql_real_escape_string($_POST['desc']);  
$pic = (mysql_real_escape_string($_FILES['photo']['name']));

// And your space replacement
$pic = str_replace(" ","", $pic);

// Now that it's cleaned up, you can insert.
mysql_query("INSERT INTO `test` (title, `desc`, photo) VALUES ('$title', '$desc', '$pic')") ;

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9