Question

我遇到了一個PHP腳本，顯然是從一個單一的線獲取錯誤的問題。在這段代碼的第一行顯然引起一陣有點麻煩：

if (move_uploaded_file($_FILES["image"]["tmp_name"], "./upload/".$imageName)) { 
    mysql_query("INSERT " .$pages. " SET inmenu='$inmenu', pagid='$pagid', title='$titlename', content='$contentname', image='$image', youtube='$youtube'") 
or die(mysql_error()); 

    header("Location: index.php"); 
} 

我得到的代碼首行的錯誤：

Warning: Unexpected character in input: ' in cms/new.php on line 131 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at cms/new.php:131) in cms/new.php on line 85 

首先我想CHmodding上傳到777文件夾將解決這個錯誤，但顯然它不。我真的不知道該做什麼了。有沒有人可以幫忙？

代碼的完整塊，其中包括上面的小片段：

<?php 
    } 
session_start(); 
if(!isset($_SESSION['username'])){ 
     header("location:login.php"); 
    } 

include("config.php"); 

// check if the form has been submitted. If it has, start to process the form and save it to the database 
if (isset($_POST['submit'])) 
{ 

//set root 
$root = getcwd(); 

// get form data, making sure it is valid 
$inmenu = mysql_real_escape_string(htmlspecialchars($_POST['inmenu'])); 
$pagid = strtolower(str_replace(" ", "-", mysql_real_escape_string(htmlspecialchars($_POST['pagid'])))); 
$titlename = mysql_real_escape_string(htmlspecialchars($_POST['title'])); 
$contentname = mysql_real_escape_string(htmlspecialchars($_POST['contentedit'])); 
$youtube = mysql_real_escape_string(htmlspecialchars($_POST['youtube'])); 

// check to make sure both fields are entered 
if ($titlename == '' || $pagid == '') 
{ 
// generate error message 
$error = 'ERROR: Please fill in all required fields!'; 

// if either field is blank, display the form again 
renderForm($pagid, $titlename, $contentname, $error); 
} 
else 
{ 

    if(file_exists($root."/upload/".$_FILES["image"]["name"])) 
    { 
     $filename = explode(".",$_FILES['image']['name']); 
     $randomnumber = rand(0, 10000); 
     $imageName = $filename[0].$randomnumber.".".$filename[1]; 
    } 
    else 
    { 
     $imageName = $_FILES['image']['name']; 
    } 

    $image = mysql_real_escape_string(htmlspecialchars("/upload/".$imageName)); 

if (move_uploaded_file($_FILES["image"]["tmp_name"], "./upload/".$imageName)) { 
// save the data to the database 
mysql_query("INSERT " .$pages. " SET inmenu='$inmenu', pagid='$pagid', title='$titlename', content='$contentname', image='$image', youtube='$youtube'") 
or die(mysql_error()); 

// once saved, redirect back to the view page 
header("Location: index.php"); 
} 
else { 
    // save the data to the database 
mysql_query("INSERT " .$pages. " SET inmenu='$inmenu', pagid='$pagid', title='$titlename', content='$contentname', youtube='$youtube'") 
or die(mysql_error()); 

// once saved, redirect back to the view page 
header("Location: index.php"); 
} 
} 
} 
else 
// if the form hasn't been submitted, display the form 
{ 
renderForm('','',''); 
} 
?> 

Answer 1

當使用雙引號，你只需插入PHP變量，以便 試試這個：

if (move_uploaded_file($_FILES["image"]["tmp_name"], "./upload/".$imageName)) { 

    $query = "INSERT " . $pages . SET inmenu=$inmenu, pagid=$pagid, title=$titlename, contenct=$contentname, image=$image, youtube=$youtube"; 

    mysql_query($query) or die(mysql_error()); 

    header("Location: index.php"); 
} 

另一種方式（如果您'd like）將是這樣的：

if (move_uploaded_file($_FILES["image"]["tmp_name"], "./upload/".$imageName)) { 
    mysql_query("INSERT " .$pages. " SET inmenu='".$inmenu."', pagid='".$pagid."',  title='".$titlename."', content='".$contentname."', image='".$image."', youtube='".$youtube."'") 
or die(mysql_error()); 

    header("Location: index.php"); 
}