2017-03-16 59 views
-1

我一直在試圖創建一些東西,將上傳多張照片到一個特定的位置,並更改它的名稱,試圖通過文件循環,但有些東西不工作,我無法弄清楚什麼那是!所以請看看並告訴我什麼是錯的,以便我可以學習,而不是再犯同樣的錯誤!由於上傳多張照片到特定位置

if($_SERVER['REQUEST_METHOD'] == 'POST') 
{ 
    if(isset($_POST['product_submit'])) 
    { 
     if(!empty($_POST['product_name']) && !empty($_POST['product_author']) && !empty($_POST['product_price']) && empty($_POST['product_search'])) 
     { 
      if(is_numeric($_POST['product_price'])) 
      { 

       $auth_key = round(microtime(true)); 

       if(isset($_FILES['photos']) && !empty($_FILES['photos'])) 
       { 
        $image_path = "product_images"; 

        foreach ($_FILES['photos']['name'] as $name => $value) 
        { 

         $filename = stripslashes($_FILES['photos']['name'][$name]); 
         $extension = getExtension($filename); 
         $extension = strtolower($extension); 

         if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) 
         { 
          $_SESSION['sucess'] = "Invalid extension."; 

          header("location: index.php"); 
          exit(); 
         } 
         else 
         { 
          $size = filesize($_FILES['photos']['tmp_name'][$name]); 

          if($size > 5120000) 
          { 
           $_SESSION['sucess'] = "You have exceeded the size limit."; 

           header("location: index.php"); 
           exit(); 
          } 

          $temp = explode('.', $filename); 
          $newfilename = mt_rand() . '_product.' . end($temp); 
          $name_path = "product_images/".$newfilename; 

          $suc = move_uploaded_file($_FILES['photos']['tmp_name'][$name], $name_path);   


          if($suc) 
          { 
           $stmt = $connection->prepare("INSERT INTO images (auth_id, photo_location) VALUES (:code, :location)"); 
           $stmt->bindParam(':code', $auth_key, PDO::PARAM_STR); 
           $stmt->bindParam(':location', $name_path, PDO::PARAM_STR); 
           $stmt->execute();  
          } 
          else 
          { 
           $_SESSION['sucess'] = "Something went wrong!"; 

           header("location: index.php"); 
           exit();           
          } 
         } 
        } 
       } 

       $query = "INSERT INTO products (name, author, price, date, code) VALUES (:name, :author, :price, NOW(), :code)"; 
       $stmt = $connection->prepare($query); 

       $stmt->bindParam(':name', $_POST['product_name'], PDO::PARAM_STR); 
       $stmt->bindParam(':author', $_POST['product_author'], PDO::PARAM_STR); 
       $stmt->bindParam(':price', $_POST['product_price'], PDO::PARAM_STR); 
       $stmt->bindParam(':code', $auth_key, PDO::PARAM_STR); 

       $stmt->execute(); 

       if($stmt) 
       { 
        $_SESSION['sucess'] = "Data inserted to database."; 

        header("location: index.php"); 
        exit(); 
       } 
       else 
       { 
        $_SESSION['error'] = "Error while submiting data to database."; 

        header("location: index.php"); 
        exit(); 
       } 
      } 
     } 
     elseif (empty($_POST['product_name']) && empty($_POST['product_author']) && empty($_POST['product_price']) && !empty($_POST['product_search'])) 
     { 
      $_SESSION['error'] = "You can't leave anything empty!"; 

      header("location: index.php"); 
      exit(); 
     } 
    } 
} 
+0

首先基本的調試步驟是啓用錯誤報告,然後檢查您的服務器錯誤日誌 –

+0

我很好奇如果我假冒發佈請求說會發生什麼文件名是'myfile /../../ script.php' – Xorifelse

+0

我已經做了,沒有錯誤,它直接將數據插入數據庫。 – Nathaniel

回答

0

如果輸入文件名是照片[]你應該使用:

for($i = 0; $i < count($_FILES['photo']); $i++) 

然後:

$_FILES['photo'][$i]['tmp_name']