1. 首頁
  2. 問答
  3. 如何將圖像路徑插入數據庫?

如何將圖像路徑插入數據庫?

2013-01-03 49 views
0

如何將圖像路徑存儲在數據庫中並在上傳後顯示它?如何將圖像路徑插入數據庫?

<?php 
$sub=0; 
ini_set("display_errors", 0); 
if(isset($_REQUEST['submited'])) { 
// your save code goes here 

$allowedExts = array("jpg", "jpeg", "gif", "png"); 
$extension = end(explode(".", $_FILES["file"]["name"])); 
if ((($_FILES["file"]["type"] == "image/gif") 
|| ($_FILES["file"]["type"] == "image/jpeg") 
|| ($_FILES["file"]["type"] == "image/png") 
|| ($_FILES["file"]["type"] == "image/pjpeg")) 
&& ($_FILES["file"]["size"] < 2097152) 
&& in_array($extension, $allowedExts)) 
{ 
if ($_FILES["file"]["error"] > 0) 
{ 
echo "Return Code: " . $_FILES["file"]["error"] . "<br>"; 
} 
else 
{ 
echo ""; 
if (file_exists("images/" . $_FILES["file"]["name"])) 
{ 
echo "<font size='4' color='red'><b>We are sorry, the file you trying to upload already exists.</b></font>"; 
    } 

else 
{ 
move_uploaded_file($_FILES["file"]["tmp_name"], 
"images/" . $_FILES["file"]["name"]); 
$sub= 1; 
echo "<font size='7' color='white'><b> Success! Your photo has been uploaded.</b></font>"; 

} 

} 
} 
else 
{ 
echo "<font size='4' color='red'><b>We are sorry, the file you trying to upload is not an image or it exceeds 2MB in size.</b></font><br><font color='blue'><i>Only images under size of 2MB are allowed</i></font>."; 
} 
} 

?> 
<form action="" method="post" enctype="multipart/form-data"> 
<input type="hidden" name="submited" value="true" /> 

<?php 
ini_set("display_errors", 0); 
if($sub==0) 
{ 
?> 
<label size="16" for="file">Choose Photo:</label> 
<input id="shiny" type="file" name="file" onchange="file_selected = true;"> 
<input id="shiny" type="submit" value="Upload" name="submit"> 
<?php 
} 
?> 

</form>

這裏是數據庫信息...如何在數據庫中插入圖像路徑後顯示圖片?我想VALUES ('$_FILES["file"]["name"]')";但是這似乎並沒有工作..

<?php 
$con = mysql_connect("localhost","root",""); 
if (!$con) 
{ 
die('Could not connect: ' . mysql_error()); 
} 

mysql_select_db("simple_login", $con); 

$sql="INSERT INTO photo (photo) 
VALUES 
('$_FILES["file"]["name"]')"; 

if (!mysql_query($sql,$con)) 
{ 
die('Error: ' . mysql_error()); 
} 

mysql_close($con); 
?>

來源

2013-01-03 Magna

+2

** WARNING **你的代碼中包含[SQL注入漏洞(http://en.wikipedia.org/wiki/SQL_injection) - !你直接通過原始的,未經過濾,未經驗證的用戶輸入到一個SQL字符串中。 SQL注入[非常容易修復](http://stackoverflow.com/q/60174/168868)。考慮[切換到PDO](http://php.net/book.pdo)或[mysqli](http://php.net/book.mysqli),以便您可以使用[帶有參數化查詢的預準備語句](http: //en.wikipedia.org/wiki/Prepared_statement)。 – Charles

+0

你爲什麼要這樣做? – Woot4Moo

回答

1 
"INSERT INTO photo (photo) VALUES ('{$_FILES["file"]["name"]}')"

這應該工作。要在字符串中使用關聯數組,您必須將其包裝在曲線({})括號中。

3點我想提出不相關的具體問題:

:你總是應該投入到數據庫之前sanatize用戶輸入。所以你應該做的是:

"INSERT INTO photo (photo) VALUES ('" . mysql_real_escape_string($_FILES["file"]["name"]) . "')"

或使用mysqli或pdo準備的語句。

:如果你只是在數據庫中存儲一個文件列表,有什麼意義?爲什麼不只是迭代你存儲它們的目錄呢?

mysql_*功能貶值,你應該考慮使用mysqlipdo

來源

2013-01-03 22:09:31 Supericy

+0

我想要的實際上是將圖像存儲在「images /」目錄中...因此,如果我不在數據庫中存儲圖像路徑,如何檢索它? – Magna

+0

你是什麼意思,「檢索」它。你想在網站上顯示它,修改它,...?您可以像訪問目錄中的任何其他文件一樣訪問它,通過它的文件名(如果您嘗試檢索該文件,您將知道該文件名)。除非你將圖像與用戶(或其他數據)相關聯,否則在數據庫中存儲文件名列表確實沒有意義。 – Supericy

+0

通過檢索我的意思是顯示......我將顯示與我的網站上的另一個文本數據的圖像..所以我需要存儲數據庫內的文件名? – Magna

0

我剛剛纔使用的mysqli這樣我就可以防止SQL注入也解決了.....感謝您的幫助傢伙.. 。

<?php 
$sub=0; 
ini_set("display_errors", 0); 
if(isset($_REQUEST['submited'])) { 

// your save code goes here 

$allowedExts = array("jpg", "jpeg", "gif", "png"); 
$extension = end(explode(".", $_FILES["file"]["name"])); 
if ((($_FILES["file"]["type"] == "image/gif") 
|| ($_FILES["file"]["type"] == "image/jpeg") 
|| ($_FILES["file"]["type"] == "image/png") 
|| ($_FILES["file"]["type"] == "image/pjpeg")) 
&& ($_FILES["file"]["size"] < 2097152) 
&& in_array($extension, $allowedExts)) 
{ 
if ($_FILES["file"]["error"] > 0) 
{ 
echo "Return Code: " . $_FILES["file"]["error"] . "<br>"; 
} 
else 
{ 
echo ""; 
if (file_exists("images/" . $_FILES["file"]["name"])) 
{ 
echo "<font size='4' color='red'><b>We are sorry, the file you trying to upload already exists.</b></font>"; 
    } 

else 
{ 
move_uploaded_file($_FILES["file"]["tmp_name"], 
"images/" . $_FILES["file"]["name"]); 
$sub= 1; 
$mysqli = new mysqli("localhost", "root", "", "simple_login"); 

// TODO - Check that connection was successful. 

$photo= $_FILES["file"]["name"]; 

$stmt = $mysqli->prepare("INSERT INTO photo (photo) VALUES (?)"); 

// TODO check that $stmt creation succeeded 

// "s" means the database expects a string 
$stmt->bind_param("s", $photo); 

$stmt->execute(); 

$stmt->close(); 

$mysqli->close(); 

echo "<font size='7' color='white'><b> Success! Your photo has been uploaded.</b></font>"; 
} 

} 
} 
else 
{ 
echo "<font size='4' color='red'><b>We are sorry, the file you trying to upload is not an image or it exceeds 2MB in size.</b></font><br><font color='blue'><i>Only images under size of 2MB are allowed</i></font>."; 
} 
} 

?> 
<form action="" method="post" enctype="multipart/form-data"> 
<input type="hidden" name="submited" value="true" /> 


<?php 
ini_set("display_errors", 0); 
if($sub==0) 
{ 
?> 
<label size="16" for="file">Choose Photo:</label> 
<input id="shiny" type="file" name="file" onchange="file_selected = true;"> 
<input id="shiny" type="submit" value="Upload" name="submit"> 
<?php 
} 
?> 


</form> 
</div>

來源

2013-01-04 00:02:41 Magna

相關問題

 相關問題