php - 将上传文件的名称保存到我的 SQL 数据库上的这个表中

Question

这就是我想要完成的。我需要用户能够加载图片并将其显示在他们的个人资料页面上。我的 sql 数据库中有一个名为“members”的表，其字段如下：用户名、密码、名字、姓氏、照片。除照片外的所有字段均已在注册表中填写。一旦用户进入他们的个人资料页面，他们会找到一个表格来将图片上传到他们的个人资料中。我得到了upload_form.php ..（下面列出的代码）和另一个文件upload_processor.php（后面列出的代码）的代码

此代码成功地将文件加载到我的文件夹 upload_files 中，并将文件重命名为... 1140732936-filename.jpg 以确保文件是唯一的。如何将 1140732936-filename.jpg 的名称保存到我的 sql 表上的“照片”字段中？有什么办法吗？请帮忙....

upload_form 的代码

    <?php

    // filename: upload.form.php

    // first let's set some variables

    // make a note of the current working directory relative to root.
    $directory_self = str_replace(basename($_SERVER['PHP_SELF']), '',     $_SERVER['PHP_SELF']);

    // make a note of the location of the upload handler script
    $uploadHandler = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self .   'upload.processor.php';

    // set a max file size for the html upload form
    $max_file_size = 3000000; // size in bytes

    // now echo the html page
    ?>

这是同一文件上的 html 表单

<form id="Upload" action="<?php echo $uploadHandler ?>" enctype="multipart/form-data" method="post">

    <h1>
        Upload form
    </h1>

    <p>
        <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $max_file_size ?>">
    </p>

    <p>
        <label for="file">File to upload:</label>
        <input id="file" type="file" name="file">
    </p>

    <p>
        <label for="submit">Press to...</label>
        <input id="submit" type="submit" name="submit" value="Upload me!">
    </p>

</form>


</body>

这是处理表单的文件的代码。

    <?php

    // filename: upload.processor.php

    // first let's set some variables

    // make a note of the current working directory, relative to root.
    $directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);

    // make a note of the directory that will recieve the uploaded file
    $uploadsDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . 'uploaded_files/';

    // make a note of the location of the upload form in case we need it
    $uploadForm = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'updateprofile.php';

    // make a note of the location of the success page
    $uploadSuccess = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'upload.success.php';

    // fieldname used within the file <input> of the HTML form
    $fieldname = 'file';

    // Now let's deal with the upload

    // possible PHP upload errors
    $errors = array(1 => 'php.ini max file size exceeded',
            2 => 'html form max file size exceeded',
            3 => 'file upload was only partial',
            4 => 'no file was attached');

    // check the upload form was actually submitted else print the form
    isset($_POST['submit'])
    or error('the upload form is neaded', $uploadForm);

    // check for PHP's built-in uploading errors
    ($_FILES[$fieldname]['error'] == 0)
    or error($errors[$_FILES[$fieldname]['error']], $uploadForm);

    // check that the file we are working on really was the subject of an HTTP upload
    @is_uploaded_file($_FILES[$fieldname]['tmp_name'])
    or error('not an HTTP upload', $uploadForm);

    // validation... since this is an image upload script we should run a check  
    // to make sure the uploaded file is in fact an image. Here is a simple check:
    // getimagesize() returns false if the file tested is not an image.
    @getimagesize($_FILES[$fieldname]['tmp_name'])
    or error('only image uploads are allowed', $uploadForm);

    // make a unique filename for the uploaded file and check it is not already
    // taken... if it is already taken keep trying until we find a vacant one
    // sample filename: 1140732936-filename.jpg
    $now = time();
    while(file_exists($uploadFilename = $uploadsDirectory.$now.'-'.$_FILES[$fieldname]['name']))
    {
     $now++;
    }
    // now let's move the file to its final location and allocate the new filename to it
    @move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadFilename)
    or error('receiving directory insuffiecient permission', $uploadForm);

    // If you got this far, everything has worked and the file has been successfully saved.
    // We are now going to redirect the client to a success page.
    header('Location: ' . $uploadSuccess);

    // The following function is an error handler which is used
    // to output an HTML error page if the file upload fails
    function error($error, $location, $seconds = 5)
    {   
    header("Refresh: $seconds; URL=\"$location\"");
    echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"'."\n".
    '"http://www.w3.org/TR/html4/strict.dtd">'."\n\n".
    '<html lang="en">'."\n".
    '    <head>'."\n".
    '        <meta http-equiv="content-type" content="text/html; charset=iso-   8859-1">'."\n\n".
    '        <link rel="stylesheet" type="text/css" href="stylesheet.css">'."\n\n".
    '    <title>Upload error</title>'."\n\n".
    '    </head>'."\n\n".
    '    <body>'."\n\n".
    '    <div id="Upload">'."\n\n".
    '        <h1>Upload failure</h1>'."\n\n".
    '        <p>An error has occured: '."\n\n".
    '        <span class="red">' . $error . '...</span>'."\n\n".
    '         The upload form is reloading</p>'."\n\n".
    '     </div>'."\n\n".
    '</html>';
    exit;
    } // end error handler

    ?>

Answer 1

在页面upload_processor.php 中，在图片复制到服务器后添加一些SQL。我没有代码，因此我假设您使用 microtime() 生成图像名称。将生成的图像名称保存在名为 $variable 的变量中。然后使用该变量重命名图像并

   <?php

    // filename: upload.processor.php

    // first let's set some variables

    // make a note of the current working directory, relative to root.
    $directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);

    // make a note of the directory that will recieve the uploaded file
    $uploadsDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . 'uploaded_files/';

    // make a note of the location of the upload form in case we need it
    $uploadForm = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'updateprofile.php';

    // make a note of the location of the success page
    $uploadSuccess = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'upload.success.php';

    // fieldname used within the file <input> of the HTML form
    $fieldname = 'file';

    // Now let's deal with the upload

    // possible PHP upload errors
    $errors = array(1 => 'php.ini max file size exceeded',
            2 => 'html form max file size exceeded',
            3 => 'file upload was only partial',
            4 => 'no file was attached');

    // check the upload form was actually submitted else print the form
    isset($_POST['submit'])
    or error('the upload form is needed', $uploadForm);

    // check for PHP's built-in uploading errors
    ($_FILES[$fieldname]['error'] == 0)
    or error($errors[$_FILES[$fieldname]['error']], $uploadForm);

    // check that the file we are working on really was the subject of an HTTP upload
    @is_uploaded_file($_FILES[$fieldname]['tmp_name'])
    or error('not an HTTP upload', $uploadForm);

    // validation... since this is an image upload script we should run a check  
    // to make sure the uploaded file is in fact an image. Here is a simple check:
    // getimagesize() returns false if the file tested is not an image.
    @getimagesize($_FILES[$fieldname]['tmp_name'])
    or error('only image uploads are allowed', $uploadForm);

    // make a unique filename for the uploaded file and check it is not already
    // taken... if it is already taken keep trying until we find a vacant one
    // sample filename: 1140732936-filename.jpg
    $now = time();
    while(file_exists($uploadFilename = $uploadsDirectory.$now.'-'.$_FILES[$fieldname]['name']))
    {
     $now++;
    }
    // now let's move the file to its final location and allocate the new filename to it
    @move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadFilename)
    or error('receiving directory insuffiecient permission', $uploadForm);

    // If you got this far, everything has worked and the file has been successfully saved.
    // We are now going to redirect the client to a success page.
    //connect database
    mysql_query("update members set photo='".$uploadFilename."' where member_id='".$_SESSION['id']."'");

    header('Location: ' . $uploadSuccess);

    // The following function is an error handler which is used
    // to output an HTML error page if the file upload fails
    function error($error, $location, $seconds = 5)
    {   
    header("Refresh: $seconds; URL=\"$location\"");
    echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"'."\n".
    '"http://www.w3.org/TR/html4/strict.dtd">'."\n\n".
    '<html lang="en">'."\n".
    '    <head>'."\n".
    '        <meta http-equiv="content-type" content="text/html; charset=iso-   8859-1">'."\n\n".
    '        <link rel="stylesheet" type="text/css" href="stylesheet.css">'."\n\n".
    '    <title>Upload error</title>'."\n\n".
    '    </head>'."\n\n".
    '    <body>'."\n\n".
    '    <div id="Upload">'."\n\n".
    '        <h1>Upload failure</h1>'."\n\n".
    '        <p>An error has occured: '."\n\n".
    '        <span class="red">' . $error . '...</span>'."\n\n".
    '         The upload form is reloading</p>'."\n\n".
    '     </div>'."\n\n".
    '</html>';
    exit;
    } // end error handler

    ?>

Answer 2

这是我在页面顶部的代码

    <?php require_once('Connections/trusted.php'); ?>
    <?php
    if (!isset($_SESSION)) {
    session_start();
    }
    $MM_authorizedUsers = "";
    $MM_donotCheckaccess = "true";
    // *** Restrict Access To Page: Grant or deny access to this page
    function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
    // For security, start by assuming the visitor is NOT authorized. 
    $isValid = False; 

    // When a visitor has logged into this site, the Session variable MM_Username set  equal to their username. 
    // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
  // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
// Parse the strings into arrays. 
$arrUsers = Explode(",", $strUsers); 
$arrGroups = Explode(",", $strGroups); 
if (in_array($UserName, $arrUsers)) { 
  $isValid = true; 
} 
// Or, you may restrict access to only certain users based on their username. 
if (in_array($UserGroup, $arrGroups)) { 
  $isValid = true; 
} 
if (($strUsers == "") && true) { 
  $isValid = true; 
} 
} 
return $isValid; 
}

$MM_restrictGoTo = "updateprofile.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers,       $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) 
$MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" .   urlencode($MM_referrer);
 header("Location: ". $MM_restrictGoTo); 
exit;
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "",    $theNotDefinedValue = "") 
  {
if (PHP_VERSION < 6) {
  $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
 }

$theValue = function_exists("mysql_real_escape_string") ?   mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
  $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  break;    
case "long":
case "int":
  $theValue = ($theValue != "") ? intval($theValue) : "NULL";
  break;
case "double":
  $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
  break;
case "date":
  $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  break;
case "defined":
  $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
  break;
 }
 return $theValue;
 }
}

$colname_rsuserdets = "-1";
if (isset($_SESSION['MM_Username'])) {
$colname_rsuserdets = $_SESSION['MM_Username'];
}
mysql_select_db($database_trusted, $trusted);
$query_rsuserdets = sprintf("SELECT * FROM members WHERE username = %s",   GetSQLValueString($colname_rsuserdets, "text"));
$rsuserdets = mysql_query($query_rsuserdets, $trusted) or die(mysql_error());
$row_rsuserdets = mysql_fetch_assoc($rsuserdets);
$totalRows_rsuserdets = mysql_num_rows($rsuserdets);
?>