-1
所以我有一個簡單的圖片上傳網站,我正在創建一個小項目。除了數據庫中的文件路徑列以外,這一切都很好。
由於某些原因,它有時會包含我告訴它的變量,有時候不會。
$user = $_SESSION['user'];
//file properties
$fileName = $_FILES["uploadedImage"]["name"];
$fileType = $_FILES["uploadedImage"]["type"];
$fileSize = $_FILES["uploadedImage"]["size"];
$fileTempName = $_FILES["uploadedImage"]["tmp_name"];
$error = $_FILES["uploadedImage"]["error"];
$random = substr(md5(microtime()),rand(0,26),16); //create random characters to avoid name duplication.
$path = "uploads/" . $_SESSION['userName'] . $random . $fileName;
的路徑總是包含「上傳/」,但只是有時會包含會話的用戶名,隨機的,只有很少的文件名,甚至在同一個文件。在提交表單之前,我會迴應這些變量,並且在提交表單和上傳到數據庫之前它們都是正確的。當我提交表格時,所有其他列都被正確填寫。
if (isset($_POST['formSubmit'])) {
//prevent SQL injections and invalid inputs
$title = trim($_POST['title']);
$title = strip_tags($title);
$title = htmlspecialchars($title);
$title = mysqli_real_escape_string($db, $title);
$description = trim($_POST['description']);
$description = strip_tags($description);
$description = htmlspecialchars($description);
$description = mysqli_real_escape_string($db, $description);
if (empty($title) || strlen($title) < 1) {
$titleError = "Title required.";
$formError = true;
}
if ($formError) {
$errorMessage = "Please fill out the upload form properly.";
} else {
$query = mysqli_query($db, "INSERT INTO IMAGE(imageID,userID,title,description,path)
VALUES('','$user','$title','$description','$path')");
這裏的形式本身:
<form method="POST" action="<?php $_SERVER['PHP_SELF'] ?>">
<div class="row">
<div class="col-sm-12">
<span class="errorText"><?php echo $errorMessage; ?></span>
<br><br>
</div>
</div>
<div class="row">
<div class='col-sm-1'><!--spacer--></div>
<div class="col-sm-2">
<label for="title">Title:</label>
</div>
<div class="col-sm-6">
<input type="text" id="title" name="title" placeholder="Enter your image title here..." >
</div>
<div class="col-sm-2"><span class="errorText"><?php echo $titleError; ?></span></div>
<div class='col-sm-1'><!--spacer--></div>
</div>
<br>
<div class="row">
<div class='col-sm-1'><!--spacer--></div>
<div class="col-sm-2">
<label for="description">Description:</label>
</div>
<div class="col-sm-6">
<input type="text" id="description" name="description" placeholder="Describe your image here...">
</div>
<div class="col-sm-2"><span class="errorText"><?php echo $descriptionError; ?></span></div>
<div class='col-sm-1'><!--spacer--></div>
</div>
<br>
<br>
<input type="submit" value="Submit" name = "formSubmit" id="formSubmit" class="btn">
<br>
<br>
</form>
您的SQL注入預防是可怕的。閱讀[偉大的逃避現實(或:你需要知道如何處理文本中的文本)](http://kunststube.net/escapism/)。 – deceze
表單缺少enctype =「multipart/form-data」屬性。 – Jarzon
你的PHP錯誤日誌說什麼? – kojow7