2017-08-17 75 views
-1

請幫助任何人。我一直在調試幾天。我只是有一個問題,我會很高興,如果你幫助我。我的圖片沒有上傳到我的數據庫

我的圖像無法上傳到我的數據庫。它甚至不會給我一個錯誤。它只是上傳我的查詢的其他組件,將圖像留在後面。這裏是我的代碼

<?php 
global $connection; 
if(isset($_POST['submit'])){ 

    $post_category_id = $_POST['post_category_id']; 
    $post_title = $_POST['post_title']; 
    $post_author = $_POST ['post_author']; 
    $post_status = $_POST['post_status']; 

    $post_image = isset($_FILES['post_image']['image_name']); 
    $post_image_temp = isset($_FILES['post_image']['temp_name']); 

    $post_tags = $_POST['post_tags']; 
    $post_comment_count = 4; 
    $post_date = date('d-m-y'); 
    $post_content = $_POST['post_content']; 
    $post_status = $_POST['post_status']; 
    move_uploaded_file($post_image_temp, '../images/$post_image'); 

    $query = "INSERT INTO posts (post_category_id, post_title, post_author, post_status, post_image, post_tags, post_comment_count, post_date, post_content) VALUES ('{$post_category_id}', '{$post_title}', '{$post_author}', '{$post_status}', '{$post_image}', '{$post_tags}', {$post_comment_count}, now(), '{$post_content}') "; 

    $result = mysqli_query($connection, $query); 
    if ($result){ 
     echo "Post Published"; 
    } else { 
     echo "(Error Code:" . $_FILES['post_image']['error'] . ")"; 
    } 
} 
?> 


<form action="" method="post" enctype="multipart/form-data"> 

    <div class="form-group"> 
     <label for="post_title">Title</label> 
     <input type="text" name ='post_title' class="form-control" > 
    </div> 
    <div class="form-group"> 
     <label for="Post_author">Post Author</label> 
     <input type="text" name ='post_author' class="form-control"> 
    </div> 

    <div class="form-group"> 
     <label for="post_category_id">Post Category</label> 
     <input type="text" name ='post_category_id'class="form-control" > 
    </div> 
    <div class="form-group"> 
     <label for="post_status">Post Status</label> 
     <input type="text" name ='post_status' class="form-control"> 
    </div> 
    <div class="form-group"> 
     <label for="post_image">Upload Image</label> 
     <input type="file" name ="post_image" id="post-image" class="form-control" > 
    </div> 
     <div class="post tags"> 
     <label for="post_tags">Post Tags</label> 
     <input type="text" name ='post_tags'class="form-control" > 
    </div> 
    <div class="post comment count"> 
     <label for="post_comment_count">Post Comment Count</label> 
     <input type="text" name ='post_comment_count'class="form-control" > 
    </div> 

    <div class="form-group"> 
     <label for="post_date">post date</label> 
     <input type="date" name ='post_date'class="form-control" > 
    </div> 
    <div class="form-group"> 
     <label for="post_content">Post content</label> 
     <textarea name="post_content" id="" cols="30" rows="10"></textarea> 
    </div> 
    <input class= "btn btn-primary"type="submit" name = "submit" value="Publish Post"> 

</form> 

請注意我已經完全控制權限到我從上傳的位置。我相信你會發現我的IMAGE_NAME的isset功能和image_temp_name這是因爲沒有它,我只是得到一個

未定義的變量錯誤

點擊我的提交按鈕後

+2

瞭解準備好的語句以防止sql注入 – Jens

+2

您的腳本處於危險中[SQL注入攻擊](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) 即使[如果你逃避輸入,它不安全!](http :http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) 使用[編寫參數化語句](http://php.net/manual/en/mysqli .quickstart.prepared-statements.php) – RiggsFolly

+2

isset不會賦值給變量。 –

回答

0

你需要更改文件上傳的代碼

//check if there is file uploaded 
$post_image = ''; 
if(!empty($_FILES['post_image']) && ($_FILES['post_image']['error']=='0' || $_FILES["pictures"]["error"] == UPLOAD_ERR_OK)){ 
    // get the file name 
    $post_image = $_FILES['post_image']['name']; 
    // get temp name 
    $post_image_temp = $_FILES['post_image']['temp_name']; 
    // code to move uploaded file to desired location on server 
    if (move_uploaded_file($post_image_temp, "../images/$post_image")) { 
     echo "File successfully uploaded.\n"; 
    } else { 
     echo "File not uploaded\n"; 
    } 
} 
+0

提醒說,將文件移動到用戶所說的移動文件是一個超級壞主意,這可以用來覆蓋部分應用程序。相反,給他們你完全控制的名字,就像UUID一樣。 – tadman

相關問題