0

这条线呢?

警告:copy(): open_basedir 限制生效。File() 不在允许的路径内:(/xxx/xxx/xxx/xxx/php:/tmp) 在 /home/xxxxxxxxxx/public_html/newsp.php 中的第 85 行

这是我的代码:

<?php
 session_start();
 if (isset($_SESSION['password'])) {
        $con=mysqli_connect("xxxxx","xxxxx","xxxxx","xxxxx");
        // Check connection
            if (mysqli_connect_errno($con))
            {
            echo "Failed to connect to MySQL: " . mysqli_connect_error();
            }
            $result = mysqli_query($con,"SELECT * FROM News ORDER BY ID DESC LIMIT 1");

            while($row = mysqli_fetch_array($result))
                {
                    $ID = $row['ID'] + 1;
                }

            $title = $_POST['title'];
            $content = $_POST['content'];
            $type=$_POST['type'];

            echo $title . "<br>";
            echo $content . "<br>";
            echo $type . "<br>";
            echo $ID . "<br>";

            $sql = 'INSERT INTO News '.'(Title, Content, Type) '.'VALUES ( $title, $content, $type)';
            $result=mysqli_query($con,$sql);

//define a maxim size for the uploaded images in Kb
 define ("MAX_SIZE","100"); 

//This function reads the extension of the file. It is used to determine if the file  is an image by checking the extension.
 function getExtension($str) {
         $i = strrpos($str,".");
         if (!$i) { return ""; }
         $l = strlen($str) - $i;
         $ext = substr($str,$i+1,$l);
         return $ext;
 }

//This variable is used as a flag. The value is initialized with 0 (meaning no error  found)
//and it will be changed to 1 if an errro occures.
//If the error occures the file will not be uploaded.
 $errors=0;
//checks if the form has been submitted
    //reads the name of the file the user submitted for uploading
    $image=$_FILES['file']['name'];
    //if it is not empty
    if ($image)
    {
    //get the original name of the file from the clients machine
        $filename = stripslashes($_FILES['file']['name']);
    //get the extension of the file in a lower case format
        $extension = getExtension($filename);
        $extension = strtolower($extension);
    //if it is not a known extension, we will suppose it is an error and will not  upload the file,
    //otherwise we will do more tests
        if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif"))
            {
            //print error message
            echo '<h1>Unknown extension!</h1>';
            $errors=1;
            }
        else
        {
    //get the size of the image in bytes
     //$_FILES['image']['tmp_name'] is the temporary filename of the file
     //in which the uploaded file was stored on the server
     $size=filesize($_FILES['image']['tmp_name']);

    //compare the size with the maxim size we defined and print error if bigger
        if ($size > MAX_SIZE*1024)
            {
            echo '<h1>You have exceeded the size limit!</h1>';
            $errors=1;
            }

    //we will give an unique name, for example the time in unix time format
        $image_name= $ID.'.'.$extension;
    //the new name will be containing the full path where will be stored (images folder)
        $newname="NewsPic/".$image_name;
    //we verify if the image has been uploaded, and print error instead

        echo $image_name;
        $copied = copy($_FILES['image']['tmp_name'], $newname);
        if (!$copied)
            {
            echo '<h1>Copy unsuccessfull!</h1>';
            $errors=1;
            }


        }
    }




    } else {
        header("location:login.php");
    }
?>

我想上传一张图片到我的文件夹。

4

1 回答 1

1

尝试使用move_uploaded_file(param1,param2);功能

move_uploaded_file($_FILES['image']['tmp_name'],$newname)

注意:您的变量 $newname 必须包含您应该保存它的文件夹的路径 + 文件名

为您INSERT查询

尝试'.'在声明应插入的字段时删除两者

导致您的查询像这样

$sql= "INSERT INTO News(Title, Content, Type)VALUES ( '$title', '$content', '$type')";

因为'.'使您的sql失败。

于 2013-04-03T12:50:51.207 回答