1
嗨,大家好,我一直收到一個錯誤,當我嘗試上傳時沒有選擇圖片,上傳表格肯定是上傳的正確名稱和編號,所以它必須是錯誤的代碼,任何人都可以明白爲什麼?上傳圖片php mysql二進制
<?php
// Create MySQL login values and
// set them to your login information.
$username = "**";
$password = "**";
$host = "**";
$database = "**";
// Make the connect to MySQL or die
// and display an error.
$link = mysql_connect($host, $username, $password);
if (!$link) {
die('Could not connect: ' . mysql_error());
}
// Select your database
mysql_select_db ($database);
session_start();
if(!isset($_SESSION['username']))
{
die('You have no access to this page.');
}
else{
$username = $_SESSION['username'];
// Make sure the user actually
// selected and uploaded a file
if (isset($_FILES['image']) && $_FILES['image']['size'] > 0) {
// Temporary file name stored on the server
$tmpName = $_FILES['image']['tmp_name'];
// Read the file
$fp = fopen($tmpName, 'r');
$data = fread($fp, filesize($tmpName));
$data = addslashes($data);
fclose($fp);
// Create the query and insert
// into our database.
$query = "INSERT INTO Members WHERE username = '$username' ";
$query .= "(image) VALUES ('$data')";
$results = mysql_query($query, $link);
// Print results
print "Thank you, your file has been uploaded.";
}
else {
print "No image selected/uploaded";
}
}
// Close our MySQL Link
mysql_close($link);
?>
var_dump($ _ FILES)''給你什麼?要麼你傳入了一個空文件,要麼你沒有給文件輸入正確的名稱(期待「image」)。 – Halcyon 2012-03-29 22:57:51
您不應該使用addslashes,而應該使用mysql_real_escape_string來確保您完全防止sql注入。 – dsas 2012-03-29 23:06:12