0
我正在創建一個PHP和SQL博客。在其他文件中,我有upload_file.php和edit_post.php。每次我編輯帖子時,它都會更新除特色圖片以外的所有信息。它不會上傳新的精選圖片。這裏是upload_file.php:編輯博客文章時無法更改精選圖像
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
if (!empty($_FILES['post_image']['name'])) {
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["post_image"]["name"]);
$image_name = basename($_FILES["post_image"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
$check = getimagesize($_FILES["post_image"]["tmp_name"]);
if($check !== false) {
$file_image = "File is an image - " . $check["mime"] . ".";
$uploadOk = 1;
} else {
$file_not_image = "File is not an image.";
$uploadOk = 0;
}
}
// Check if file already exists
if (file_exists($target_file)) {
$file_exists = "Sorry, file already exists.";
$uploadOk = 0;
}
// Check file size
if ($_FILES["post_image"]["size"] > 5000000) {
$file_too_large = "Sorry, your file is too large.";
$uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif") {
$file_not_allowed = "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
$file_not_uploaded = "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["post_image"]["tmp_name"], $target_file)) {
$file_uploaded = "The file ". basename($_FILES["post_image"]["name"]). " has been uploaded.";
} else {
$file_error = "Sorry, there was an error uploading your file.";
}
}
}
}
?>
這裏是edit_post.php,減去形式:
<?php include("session_start.php")?>
<?php include("upload_file.php")?>
<?php include("links.php"); ?>
<?php include("navigation.php"); ?>
<?php
if($_GET['id'] != ""){
$post_id = $_GET['id'];
$sql = "SELECT * FROM posts WHERE post_id='$post_id' AND user_name='$user_name'";
$post = mysqli_query($connection, $sql) or die(mysqli_error($connection));
}
?>
<?php
$sql = "SELECT DISTINCT post_category FROM posts WHERE user_name='$user_name'";
$cat = mysqli_query($connection, $sql) or die(mysqli_error($connection));
?>
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$post_title = isset($_POST['post_title']) ? $_POST['post_title'] : null;
$post_content = isset($_POST['post_content']) ? $_POST['post_content'] : null;
if($_POST['new_category']==""){
$post_category = ($_POST['choose_category']);
}else{
$post_category = ($_POST['new_category']);
}
$post_date = isset($_POST['post_date']) ? $_POST['post_date'] : null;
if (isset($image_name)){
$sql = "UPDATE posts SET post_title='$post_title', post_content='$post_content', post_category='$post_category', post_date='$post_date', post_image='$image_name' WHERE post_id='$post_id' AND user_name='$user_name'";
}else{
$sql = "UPDATE posts SET post_title='$post_title', post_content='$post_content', post_category='$post_category', post_date='$post_date' WHERE post_id='$post_id' AND user_name='$user_name'";
}
$result = mysqli_query($connection, $sql) or die(mysqli_error($connection));
header('Location: index.php');
}
?>
<?php include "footer.php";?>
我怎樣才能解決這個問題?
瞭解準備好的語句以防止sql注入 – Jens