0
我想做一個簡單的上傳腳本,它有一個圖像上傳部分和一個文件上傳部分,我想嘗試將圖像和文件存儲在同一個數據庫以及其他一些變量而且我很難完成這個任務,我想知道是否有人可以幫助我的困境。帶圖像上傳腳本的文件上傳
指數:
<body>
<form method="post" action="insert_file.php">
<table>
<tr><td>Title:</td><td><input type="text" name="title" /></td></tr>
<tr><td>Author:</td><td><input type="text" name="author"/></td></tr>
<tr><td>Description:</td><td><textarea cols="30" rows="10" name="description"></textarea></td></tr>
<tr><td>Category:</td>
<td>
<select name="category">
<option value="poker">Poker</option>
<option value="sportsbetting">Sports Betting</option>
<option value="financialbetting">Financial Betting</option>
<option value="casino">Casino</option>
<option value="bingo">Bingo</option>
<option value="socialgaming">Social Gaming</option>
<option value="affiliatemarketing">Affiliate Marketing</option>
</select>
</td>
</tr>
<tr><td>Publication Date:</td><td><input type="text" name="pub_date" id="datepicker"/></td></tr>
<tr><td>Tags:</td><td><input type="text" name="tags"/></td></tr>
<tr><td>Price:</td><td><input type="text" name="price"/></td></tr>
<tr><td>Image:</td><td><input type="file" name="image"/></td></tr>
<tr><td>Website:</td><td><input type="text" name="website"/></td></tr>
<tr><td>Contact Email:</td><td><input type="text" name="email"/></td></tr>
<tr><td>File:</td><td><input type="file" name="uploaded_file"/></td></tr>
<tr><td></td><td><input type="submit" value="Submit"/></td></tr>
</table>
</form>
</body>
插入:
<?php
// Check if a file has been uploaded
if(isset($_FILES['uploaded_file'])) {
// Make sure the file was sent without errors
if($_FILES['uploaded_file']['error'] == 0) {
// Connect to the database
include('../config.inc');
// Connect to the database
$dbLink = $con;
// Gather all required data
$username = $_SESSION['username'];
$title = $_POST['title'];
$author = $_POST['author'];
$description = $_POST['description'];
$category = $_POST['category'];
$pub_date = $_POST['pub_date'];
$tags = $_POST['tags'];
$price = $_POST['price'];
$website = $_POST['website'];
$email = $_POST['email'];
$name = $title;
$mime = $dbLink->real_escape_string($_FILES['uploaded_file']['type']);
$data = $dbLink->real_escape_string(file_get_contents($_FILES ['uploaded_file']['tmp_name']));
$size = intval($_FILES['uploaded_file']['size']);
// Create the SQL query
$query = "
INSERT INTO `file2` (
`username`,
`title`,
`author`,
`description`,
`category`,
`pub_date` ,
`tags`,
`price`,
`website`,
`email`,
`name`,
`mime`,
`size`,
`data`,
`created`
)
VALUES (
'{$username}',
'{$title}',
'{$author}',
'{$description}',
'{$category}',
'{$pub_date}',
'{$tags}',
'{$price}',
'{$website}',
'{$email}',
'{$name}',
'{$mime}',
'{$size}',
'{$data}',
NOW()
)";
// Execute the query
$result = $dbLink->query($query);
// Check if it was successfull
if($result) {
echo '<center>Success! Your file was successfully added!';
}
else {
echo '<center>Error! Failed to insert the file'
. "<pre>{$dbLink->error}</pre>";
}
}
else {
echo 'An error accured while the file was being uploaded. '
. 'Error code: '. intval($_FILES['uploaded_file']['error']);
}
// Close the mysql connection
$dbLink->close();
}
else {
echo 'Error! A file was not sent!';
}
// Echo a link back to the main page
echo '<center><font face=arial>';
echo 'You file has been uploaded successfully, please allow upto 24 Hours for your report to be approved by administration. ';
echo '<p>Click <a href="index.php">here</a> to go back</p>';
?>
數據庫 - http://postimg.org/image/n0loned2v/
解決這個任何幫助,將不勝感激:)
可愛[SQL注入攻擊](http://bobby-tables.com)漏洞...喜歡讓你的服務器pwn3d。 –
缺少一些元素和一些神奇的單詞。 –
@MarcB將我需要把這些攻擊防止? – M0n5terBunny