0

我正在尝试使用 PHP 将带有图像的表单上传到 MySQL。但是,我一直收到此错误-

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/content/03/6455003/html/leakfaucet/submitAlbumForm.php on line 17

我已经盯着这个看了很长一段时间了,只是无法弄清楚问题是什么,任何帮助将不胜感激!

形式-

<?php include "base.php"; ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 
Transitional//EN" 
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Submit an Album</title>
</head>
<body>
<table>
  <tr>
    <td align="center">Submit an Album</td>
  </tr>
  <tr>
    <td>
      <table>
        <form enctype="multipart/form-data" action="submitAlbumForm.php" method="post">
        <tr>
          <td>Artist Name</td>
          <td><input type="text" name="artistName" size="20">
          </td>
        </tr>
        <tr>
          <td>Album Name</td>
          <td><input type="text" name="albumName" size="20">
          </td>
        </tr>
        <tr>
        <tr>
          <td>Release Date</td>
          <td><input type="text" name="releaseDate" size="20">
          </td>
        </tr>
        <tr>        
        <tr>
          <td>Leak Date</td>
          <td><input type="text" name="leakDate" size="20">
          </td>
        </tr>
        <tr>
        <tr>
          <td>Where It Leaked</td>
          <td><input type="text" name="whereItLeaked" size="20">
          </td>
        </tr>
        <tr>
        <tr>
          <td>Album Cover</td>
          <td><input type="file" name="albumCover">
          </td>
        </tr>
        <tr>        
          <td></td>
          <td align="right"><input type="submit" name="submit" value="Add"></td>
        </tr>
        </table>
      </td>
    </tr>
</table>
</body>
</html>

上传脚本

<?php
include "base.php";

//Setting up images directory
 $target = "images/"; 
 $target = $target . basename( $_FILES['photo']['name']);

 $albumCover=($_FILES['photo']['name']); 

//inserting data order
$order = "INSERT INTO albums
            (artistName, albumName, releaseDate, leakDate, whereItLeaked, albumCover)
            VALUES
            ('$_POST[artistName]',
            '$_POST[albumName]',
            '$_POST[releaseDate]',
            '$_POST[leakDate]',
            '$_POST[whereItLeaked]',
            '($_FILES['albumCover']['name'])')";  /*this is the line where the error keeps occurring. I've tried a number of variations and still can't seem to get it right*/

  if(move_uploaded_file($_FILES['albumCover']['tmp_name'], $target)) 
 { 

 //Tells you if its all ok 
 echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory"; 
 } 
 else { 

 //Gives an error if its not 
 echo "Sorry, there was a problem uploading your file."; 
 } 

//declare in the order variable
$result = mysql_query($order);  //order executes
if($result){
    echo("<br>Thank you for submitting!");
} else{
    echo("<br>Sorry, something went wrong! Please try again!");
}
?>

我的带有连接信息的 base.php 文件

<?php
session_start();

$dbhost = "";
$dbname = "";
$dbuser = "";
$dbpass = "";

mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error());
mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());
?>
4

2 回答 2

0

试试这个获取值到变量中使用 mysql_real_escape_string

 $artist_name =mysql_real_escape_string( $_POST['artistName']);
 $albumname=  mysql_real_escape_string($_POST['albumName'] );
 $releaseDate=  mysql_real_escape_string($_POST['releaseDate']);
...

"INSERT INTO albums
        (artistName, albumName, releaseDate, leakDate, whereItLeaked, albumCover)
        VALUES ( '$artist_name', '$albumname',...)"
于 2012-08-02T04:46:56.527 回答
0

您不能在 PHP 双引号字符串中使用带引号的数组键。它会引发警告。另外,您不能在双引号字符串中使用多维数组。PHP 的解析器不是“贪婪”的,只会看到单层数组,例如

$foo = array();
$foo['bar'] = array();
$foo['bar']['baz'] = 'fizzbuzz';
echo "$foo['bar']['baz']";

将发出有关引用键的警告,输出实际上是:

Array['baz']

因为 PHP 看不到第二级数组。

您需要使用以下{}符号:

'({$_FILES['albumCover']['name']})')";
  ^---                          ^---

这两者都允许引用数组键,并强制 PHP 考虑整个数组引用,而不仅仅是第一级。

除此之外,您的代码很容易受到SQL 注入攻击,您应该阅读并学习如何避免这些攻击,然后再将此代码放在面向公众的网站上,否则请享受您的服务器 pwn3d。

于 2012-08-02T04:44:55.970 回答