我正在處理的腳本處理表單數據:3個文本字段和兩個文件上載(一個圖像,另一個是pdf文檔)。該腳本已成功保存並將兩個文件命名爲服務器,並將3個文本字段保存爲sql db。但是,圖像和文檔的url不保存到sql。向PHP中的私有類傳遞變量的問題
腳本使用兩個sql statememtns:第一個用於文本字段,第二個用於文件url。第一個sql是在我的類CropAvatar之外執行的。我的理由是在第一次執行sql後獲得var $ id(這是sql中的自動增量),然後將它傳遞給第二條語句。我以爲我通過在構造函數中定義$ id並在第二個sql語句中使用它來實現這一點。
沒有成功,第二個sql語句似乎沒有執行。有關如何獲取這兩個文件的URL提交給SQL的任何建議?或者在這裏調試的任何建議?
我不高興我在這裏發佈了150多行代碼,我只是不知道哪裏出錯了。我仍然試圖圍繞着這些私人功能的正確使用,並且我有一種感覺,我的錯誤被包裹在某個地方。提前感謝您的任何建議。
<?php
$title = $_POST['title'];
$titlee = mysql_real_escape_string($title);
$address = $_POST['address'];
$addresse = mysql_real_escape_string($address);
$sale_price = $_POST['sale_price'];
$sale_pricee= mysql_real_escape_string($sale_price);
require('../dbcon.php');
$sql="INSERT INTO listings (title, comment,transaction, date_added) VALUES ('$titlee', '$addresse, '$sale_pricee, now())";
mysqli_query($con,$sql);
$id = mysqli_insert_id();
class CropAvatar {
private $src;
private $data;
private $file;
private $dst;
private $type;
private $extension;
private $srcDir = '../0images/listimg/orig';
private $dstDir = '../0images/listimg/mod';
private $msg;
function __construct($src, $data, $file, $id) {
$this -> setSrc($src);
$this -> setId($id);
$this -> setData($data);
$this -> setFile($file);
$this -> crop($this -> src, $this -> dst, $this -> data);
}
private $id;
public function setId($id) {
$this->id = $id;
}
private function setSrc($src) {
if (!empty($src)) {
$type = exif_imagetype($src);
if ($type) {
$this -> src = $src;
$this -> type = $type;
$this -> extension = image_type_to_extension($type);
$this -> setDst();
}
}
}
private function setData($data) {
if (!empty($data)) {
$this -> data = json_decode(stripslashes($data));
}
}
private function setFile($file) {
$errorCode = $file['error'];
if ($errorCode === UPLOAD_ERR_OK) {
$type = exif_imagetype($file['tmp_name']);
if ($type) {
$dir = $this -> srcDir;
if (!file_exists($dir)) {
mkdir($dir, 0777);
}
$currdate=date('YmdHis');
$extension = image_type_to_extension($type);
$src = $dir . '/' . $currdate . $extension;
if ($type == IMAGETYPE_GIF || $type == IMAGETYPE_JPEG || $type == IMAGETYPE_PNG) {
if (file_exists($src)) {
unlink($src);
}
$result = move_uploaded_file($file['tmp_name'], $src);
$listing_img="http://www.website.com/0images/listimg/mod/" . $currdate . $extension;
$allowedExtsf = array("pdf");
$tempf = explode(".", $_FILES["flyer"]["name"]);
$extensionf = end($tempf);
if (($_FILES["flyer"]["type"] == "application/pdf")
&& ($_FILES["flyer"]["type"] <2000000000)
&& in_array($extensionf, $allowedExtsf))
{
$flyername=$_FILES["flyer"]["name"];
if ($_FILES["flyer"]["error"] > 0)
{
echo "Return Code: " . $_FILES["flyer"]["error"] . "<br>";
}
else
{
if (file_exists("../flyers/" . $_FILES["flyer"]["name"]))
{
echo $_FILES["flyer"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["flyer"]["tmp_name"],"../flyers/" . $_FILES["flyer"]["name"]);
}
}
$ad_link="http://www.website.com/flyers/" . $_FILES["flyer"]["name"];
require('../dbcon.php');
$sql="update listings SET ad_link='$ad_link', listing_img='$listing_img' WHERE id=$ID";
mysqli_query($con,$sql);
mysqli_close($con);
}
if ($result) {
$this -> src = $src;
$this -> type = $type;
$this -> extension = $extension;
$this -> setDst();
} else {
$this -> msg = 'Failed to save file';
}
} else {
$this -> msg = 'Please upload image with the following types: JPG, PNG, GIF';
}
} else {
$this -> msg = 'Please upload image file';
}
} else {
$this -> msg = $this -> codeToMessage($errorCode);
}
}
private function setDst() {
$dir = $this -> dstDir;
if (!file_exists($dir)) {
mkdir($dir, 0777);
}
$this -> dst = $dir . '/' . date('YmdHis') . $this -> extension;
}
private function crop($src, $dst, $data) {
if (!empty($src) && !empty($dst) && !empty($data)) {
switch ($this -> type) {
case IMAGETYPE_GIF:
$src_img = imagecreatefromgif($src);
break;
case IMAGETYPE_JPEG:
$src_img = imagecreatefromjpeg($src);
break;
case IMAGETYPE_PNG:
$src_img = imagecreatefrompng($src);
break;
}
if (!$src_img) {
$this -> msg = "Failed to read the image file";
return;
}
$dst_img = imagecreatetruecolor(220, 220);
$result = imagecopyresampled($dst_img, $src_img, 0, 0, $data -> x, $data -> y, 220, 220, $data -> width, $data -> height);
if ($result) {
switch ($this -> type) {
case IMAGETYPE_GIF:
$result = imagegif($dst_img, $dst);
break;
case IMAGETYPE_JPEG:
$result = imagejpeg($dst_img, $dst);
break;
case IMAGETYPE_PNG:
$result = imagepng($dst_img, $dst);
break;
}
if (!$result) {
$this -> msg = "Failed to save the cropped image file";
}
} else {
$this -> msg = "Failed to crop the image file";
}
imagedestroy($src_img);
imagedestroy($dst_img);
}
}
private function codeToMessage($code) {
switch ($code) {
case UPLOAD_ERR_INI_SIZE:
$message = 'The uploaded file exceeds the upload_max_filesize directive in php.ini';
break;
default:
$message = 'Unknown upload error';
}
return $message;
}
public function getResult() {
return !empty($this -> data) ? $this -> dst : $this -> src;
}
public function getMsg() {
return $this -> msg;
}
}
$crop = new CropAvatar($_POST['avatar_src'], $_POST['avatar_data'], $_FILES['avatar_file'], $id);
$response = array(
'state' => 200,
'message' => $crop -> getMsg(),
'result' => $crop -> getResult()
);
echo json_encode($response);
?>
**警告**:使用'mysqli'時,應該使用參數化查詢和['bind_param'](http://php.net/manual/en/mysqli-stmt.bind-param.php)到將用戶數據添加到您的查詢。 **不要**使用字符串插值來實現此目的,因爲您將創建嚴重的[SQL注入漏洞](http://bobby-tables.com/)。 – tadman 2014-11-04 23:11:38
看着這個謝謝@tadman – rhill45 2014-11-04 23:15:56
你的整個代碼都不好。你不應該因爲使用類。一個類包裝某些功能並將其隔離。然後開發人員使用這個類(和它的* public *方法)來執行**特定的**作品。你正在混合一切。您也不知道訪問控制對方法的作用。你在這150行左右所做的是將程序代碼封裝到一個大多不是真正可用的類中。我建議你使用PDO進行數據庫訪問,並取消這段代碼並重新開始。這個想法是讓代碼**更容易閱讀和維護。不難。 – 2014-11-04 23:21:01