我得出的结论是我的最后一个问题不是很清楚。我试图上传两个文件到2个不同的行在我的mysql数据库,但当我执行代码的文件没有得到上传,也没有他们的路径得到注册。查询一点也不极端,它甚至不插入不是文件路径的数据。总之,以下是变量、数组和查询的代码:
if (isset($_POST['bsw'])) {
$name1 = str_replace("<","<",$_POST['name']);
$name = mysqli_real_escape_string($conn, $name1);
$powers1 = str_replace("<","<",$_POST['powers']);
$powers = mysqli_real_escape_string($conn, $powers1);
$weaknesses1 = str_replace("<","<",$_POST['weaknesses']);
$weaknesses = mysqli_real_escape_string($conn, $weaknesses1);
$about1 = str_replace("<","<",$_POST['about']);
$about = mysqli_real_escape_string($conn, $about1);
$available1 = str_replace("<","<",$_POST['available']);
$available = mysqli_real_escape_string($conn, $available1);
$demoFiletype1 = str_replace("<","<",$_POST['filetype']);
$demoFiletype = mysqli_real_escape_string($conn, $demoFiletype1);
$iconDir = "files/uploads/bsw/icons/";
$iconName = basename($_FILES['icon']['name']);
$iconTemp = $_FILES['icon']['tmp_name'];
$iconError = $_FILES['icon']['error'];
$iconType = explode('.', $iconName);
$iconActualType = strtolower(end($iconType));
$iconAllowed = array('png', 'jpeg', 'jpg', 'gif');
$owner = $user->data['username'];
$ownerId = $user->data['user_id'];
$allowTypes = array('jpg','png','jpeg','gif');
$demoDir = "files/uploads/bsw/demos/";
$demoName = basename($_FILES['demo']['name']);
$demoTemp = $_FILES['demo']['tmp_name'];
$demoError = $_FILES['demo']['error'];
$demoType = explode('.', $demoName);
$demoActualType = strtolower(end($demoType));
$demoAllowed = array('swf', 'mp4');
if (empty($name) || empty($powers) || empty($weaknesses) || empty($about) || empty($iconName)){
echo '<p style="color: red; margin-left: 10px; margin-top: 5px;">Please Fill in All Fields</p>';
} else {
if(!in_array($iconActualType, $iconAllowed)) {
if($iconError === 1) {
echo '<p style="color: red; margin-left: 10px; margin-top: 5px;">Invalid filetype, only PNG, JPEG, JPG and GIF are allowed.</p>';
} else {
$iconNameNew = uniqid('', true).".".$iconActualType;
$iconDestination = __DIR__ . "files/uploads/bsw/icons/" . $iconNameNew;
$iconUpload = move_uploaded_file($iconTemp, $iconDestination);
if(!in_array($demoActualType, $demoAllowed)) {
if($demoError === 1) {
echo '<p style="color: red; margin-left: 10px; margin-top: 5px;">Invalid filetype, only SWF and MP4 are allowed.</p>';
} else {
$demoNameNew = uniqid('', true).".".$demoActualType;
$demoDestination = __DIR__ . "files/uploads/bsw/demos/" . $demoNameNew;
$demoUpload = move_uploaded_file($demoTemp, $demoDestination);
$fileUpload = mysqli_real_escape_string($iconUpload, $demoUpload);
if ($fileUpload) {
$sql = ("INSERT INTO
bsw
(`bsw_name`, `bsw_about`, `bsw_points`, `bsw_demo_location`, `bsw_power`, `bsw_weaknesses`, `bsw_icon_location`, `bsw_availability`, `bsw_owner`, `bsw_owner_id`, `bsw_type`)
VALUES
('$name', '$about', '0', '$demoDestination', '$powers', '$weaknesses', '$iconDestination', '$available', '$owner', '$ownerId', '$demoFiletype')");
mysqli_query($conn, $sql) or die("Error : ".mysqli_error($conn));
print_r($_FILES);
} else {
echo "Error uploading files, please try again later.";
}
}
}
}
}
}
}
以下是表格:
<form action="" method="post" enctype="multipart/form-data">
<input style="margin-left: 10px; margin-top: 5px;" type="text" name="name" placeholder="BSW Name"><br>
<textarea style="margin-left: 10px; margin-top: 5px; width: 200px; height: 80px;" type="text" name="powers" placeholder="BSW Powers (seprated by commas)"></textarea>
<br>
<textarea style="margin-left: 10px; margin-top: 5px; width: 200px; height: 80px;" type="text" name="weaknesses" placeholder="BSW Weaknesses (seprated by commas)"></textarea>
<br>
<textarea style="margin-left: 10px; margin-top: 5px; width: 250px; height: 80px;" type="text" name="about" placeholder="BSW About (seprated by commas)"></textarea>
<br>
<strong>Are you currently available?</strong>
<select name="available">
<option name="yes">yes</option>
<option name="no">no</option>
</select>
<br><br>
<strong>Icons bigger than 100x100 will be rescaled</strong><br>
<input style="margin-left: 10px; margin-top: 5px;" type="file" name="icon"><br>
<strong>Demonstration (Only supports swf and mp4 filetypes): </strong><br>
<input style="margin-left: 10px; margin-top: 5px;" type="file" name="demo"><br><br>
<strong>Demo Filetype (Select none if you do not have a demo)</strong><br>
<select name="filetype">
<option name="mp4">mp4</option>
<option name="swf">swf</option>
<option name="none">none</option>
</select>
<br><br>
<button style="margin-left: 10px; margin-top: 5px;" type="submit" name="bsw">Submit BSW</button><br>
</form>
感谢您的帮助!
edit:虽然prepared语句的帮助非常好,我非常感谢,但是由于文件上传脚本没有首先执行,所以查询仍然没有被执行,所以我仍然需要这方面的帮助,因为我对此非常惊讶。
1条答案
按热度按时间xytpbqjk1#
正如jnevil所说,既然您使用的是mysqli,那么您可能应该使用绑定参数:
$sql=$connection->prepare(“insert into bsw(bsw\u name,bsw\u about,bsw\u points,bsw\u demo\u location,bsw\u power,bsw\u弱点,bsw\u icon\u location,bsw\u availability,bsw\u owner,bsw\u owner\u id,bsw\u type)值(?,?,?,?,?,?,?,?,?,?,?)”;
$sql->bind_param(“sss is”,$name,$about,'0',$demovestination,$powers,$weakness,$icondestation,$available,$owner,$ownerid,$demofiletype);
$sql->execute();
//在绑定中,参数“s”表示“字符串类型”,“i”表示“整数类型”。通过查看变量的类型,我假设它们是按顺序排列的。注意引号或缺少引号。