-1
我一直在試圖創建一些東西,將上傳多張照片到一個特定的位置,並更改它的名稱,試圖通過文件循環,但有些東西不工作,我無法弄清楚什麼那是!所以請看看並告訴我什麼是錯的,以便我可以學習,而不是再犯同樣的錯誤!由於上傳多張照片到特定位置
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
if(isset($_POST['product_submit']))
{
if(!empty($_POST['product_name']) && !empty($_POST['product_author']) && !empty($_POST['product_price']) && empty($_POST['product_search']))
{
if(is_numeric($_POST['product_price']))
{
$auth_key = round(microtime(true));
if(isset($_FILES['photos']) && !empty($_FILES['photos']))
{
$image_path = "product_images";
foreach ($_FILES['photos']['name'] as $name => $value)
{
$filename = stripslashes($_FILES['photos']['name'][$name]);
$extension = getExtension($filename);
$extension = strtolower($extension);
if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif"))
{
$_SESSION['sucess'] = "Invalid extension.";
header("location: index.php");
exit();
}
else
{
$size = filesize($_FILES['photos']['tmp_name'][$name]);
if($size > 5120000)
{
$_SESSION['sucess'] = "You have exceeded the size limit.";
header("location: index.php");
exit();
}
$temp = explode('.', $filename);
$newfilename = mt_rand() . '_product.' . end($temp);
$name_path = "product_images/".$newfilename;
$suc = move_uploaded_file($_FILES['photos']['tmp_name'][$name], $name_path);
if($suc)
{
$stmt = $connection->prepare("INSERT INTO images (auth_id, photo_location) VALUES (:code, :location)");
$stmt->bindParam(':code', $auth_key, PDO::PARAM_STR);
$stmt->bindParam(':location', $name_path, PDO::PARAM_STR);
$stmt->execute();
}
else
{
$_SESSION['sucess'] = "Something went wrong!";
header("location: index.php");
exit();
}
}
}
}
$query = "INSERT INTO products (name, author, price, date, code) VALUES (:name, :author, :price, NOW(), :code)";
$stmt = $connection->prepare($query);
$stmt->bindParam(':name', $_POST['product_name'], PDO::PARAM_STR);
$stmt->bindParam(':author', $_POST['product_author'], PDO::PARAM_STR);
$stmt->bindParam(':price', $_POST['product_price'], PDO::PARAM_STR);
$stmt->bindParam(':code', $auth_key, PDO::PARAM_STR);
$stmt->execute();
if($stmt)
{
$_SESSION['sucess'] = "Data inserted to database.";
header("location: index.php");
exit();
}
else
{
$_SESSION['error'] = "Error while submiting data to database.";
header("location: index.php");
exit();
}
}
}
elseif (empty($_POST['product_name']) && empty($_POST['product_author']) && empty($_POST['product_price']) && !empty($_POST['product_search']))
{
$_SESSION['error'] = "You can't leave anything empty!";
header("location: index.php");
exit();
}
}
}
首先基本的調試步驟是啓用錯誤報告,然後檢查您的服務器錯誤日誌 –
我很好奇如果我假冒發佈請求說會發生什麼文件名是'myfile /../../ script.php' – Xorifelse
我已經做了,沒有錯誤,它直接將數據插入數據庫。 – Nathaniel