0

以下是提交文本和/或上传图片的表单代码

<form id="comments" action="insertcomment.php" method="POST" enctype="multipart/form-data">
    Comment: <input type="text" name="comment" id="commentfield">
    <br>
<input type="hidden" name="MAX_FILE_SIZE" value="30000" />
    Image URL (Limit: 1MB): <input type="file" name="image">
    <br>
    <input type="submit" name="submit" value="Post comment" class="btn btn-primary">
    </form>

当用户点击提交按钮时,它会转到这个 php 脚本

<?php

include('../c_database.php');

$timeSet = date_default_timezone_set("Europe/London");

$User = $_COOKIE['username'];
$comments = mysqli_real_escape_string($dbc, $_REQUEST['comment']);
$time = date(DATE_RFC822);

        if($_FILES['image']['size'] <= 1048576){

$allowedExts = array("jpg", "jpeg", "gif", "png", "bmp", "tiff", "xtiff");

$extension = end(explode(".", $_FILES["image"]["name"]));

        if ((($_FILES["image"]["type"] == "image/gif")

        || ($_FILES["image"]["type"] == "image/jpeg")

        || ($_FILES["new_image"]["type"] == "image/png")

        || ($_FILES["image"]["type"] == "image/pjpeg"))

        || ($_FILES["image"]["type"] == "image/bmp"))

        && in_array($extension, $allowedExts))

{

if ($_FILES["image"]["error"] > 0) {

$error_message = $_FILES["image"]["error"];

} else {

if (file_exists("images/" . $_FILES["image"]["name"]))

{

$error_message = $_FILES["image"]["name"] . " " . $LANG['image_exist'];

} else {

if(move_uploaded_file($_FILES["image"]["tmp_name"], "images/" . $_FILES["image"]["name"])) {

// success
$image_name = $_FILES["image"]["name"];

} else {

$error_message = "Upload Failed!";

}

}

}

} else {

$error_message = "Error: May be different ext or size";

}

}

$imagepath = 'images/'. $_FILES["image"]["name"];

$commentQuery = "INSERT INTO comments (username, comments, time_added, imagepath) VALUES ('$User' ,'$comments' ,'$time' ,'$imagepath')";
$executeCommentQuery = mysqli_query($dbc, $commentQuery);

if($executeCommentQuery){

$user = $_COOKIE['username'];

$commentsMadeUpdate = "UPDATE login SET Comments_Made = Comments_Made +1 WHERE Username='$user'";
$executeUpdateQuery = mysqli_query($dbc, $commentsMadeUpdate);

 echo '<!DOCTYPE html> 
 <html>
 <head>
<title>Comment</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="http://code.jquery.com/mobile/1.3.0/jquery.mobile-1.3.0.min.css" />
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://code.jquery.com/mobile/1.3.0/jquery.mobile-1.3.0.min.js">      </script>
</head>

<body>';
  echo 'Comment and/or image uploaded successfully';

  echo '<script>location.href="comments.php"</script>';

  echo '
 </body>
 </html>';

 } else {

echo '<!DOCTYPE html> 
<html>
<head>
    <title>Comment</title>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link rel="stylesheet" href="http://code.jquery.com/mobile/1.3.0/jquery.mobile-1.3.0.min.css" />
    <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
    <script src="http://code.jquery.com/mobile/1.3.0/jquery.mobile-1.3.0.min.js">    </script>
</head>

<body>';
  printf("Errormessage: %s\n", mysqli_error($dbc));
echo '
</body>
</html>';
}

?>

此代码应插入评论,并将上传的图像移动到图像文件夹并将图像路径存储在数据库中,但是当用户单击提交时,他们的评论被插入但不是图像路径,并且图像不在临时文件夹或图片文件夹,谁能告诉我怎么回事?

4

1 回答 1

1

由于可能的拼写错误,您正在检查文件类型的最高级别条件可能永远不会被触发:$_FILES["new_image"]["type"]

那应该是: $_FILES['image']['type'] 吗?

您还应该考虑捕获数据库操作的异常:

mysqli_query(..) or trigger_error(mysqli_error($dbc));
于 2013-03-10T01:30:33.157 回答