0

我正在尝试将内容上传到数据库。我浏览了一些教程,但都没有奏效。我想将图像和文本文档(包括 PowerPoint 演示文稿)等文件上传到数据库。

这是我的表格

<form action="upload.php" method="post" enctype="multipart/form-data" name="uploadform">
    <input type="hidden" name="MAX_FILE_SIZE" value="350000">
    <input name="picture" type="file" id="picture" size="50">
    <input name="upload" type="submit" id="upload" value="Upload Picture!">
</form>

这是upload.php

<?php
// if something was posted, start the process...
if(isset($_POST['upload']))
{
    // define the posted file into variables
    $name = $_FILES['picture']['name'];
    $tmp_name = $_FILES['picture']['tmp_name'];
    $type = $_FILES['picture']['type'];
    $size = $_FILES['picture']['size'];

    // get the width & height of the file (we don't need the other stuff)
    list($width, $height, $typeb, $attr) = getimagesize($tmp_name);

    // if width is over 600 px or height is over 500 px, kill it    
    if($width>600 || $height>500)
    {
        echo $name . "'s dimensions exceed the 600x500 pixel limit.";
        echo '<a href="form.html">Click here</a> to try again.';
        die();
    }

    // if the mime type is anything other than what we specify below, kill it    
    if(!($type=='image/jpeg' || $type=='image/png' || $type=='image/gif')) 
    {
        echo $type .  " is not an acceptable format.";
        echo '<a href="form.html">Click here</a> to try again.' ;
        die();
    }

    // if the file size is larger than 350 KB, kill it
    if($size>'350000') {
        echo $name . " is over 350KB. Please make it smaller.";
        echo '<a href="form.html">Click here</a> to try again.' ;
        die();
    } 

    // if your server has magic quotes turned off, add slashes manually
    if(!get_magic_quotes_gpc()){
        $name = addslashes($name);
    }

    // open up the file and extract the data/content from it
    $extract = fopen($tmp_name, 'r');
    $content = fread($extract, $size);
    $content = addslashes($content);
    fclose($extract);  

    // connect to the database
    include "inc/db.inc.php";

    // the query that will add this to the database
    $addfile = "INSERT INTO files (name, size, type, content ) ".
        "VALUES ('$name', '$size', '$type', '$content')";

    mysql_query($addfile) or die(mysql_error());

    // get the last inserted ID if we're going to display this image next
    $inserted_fid = mysql_insert_id();

    mysql_close(); 

    echo "Successfully uploaded your picture!";

    // we still have to close the original IF statement. If there was nothing posted, kill the page.
}
else{
    die("No uploaded file present");
}
?>

我知道这对类型有限制-> if(!($type=='image/jpeg' || $type=='image/png' || $type=='image/gif'))。当我上传小照片时,我得到的错误是“未选择数据库”。

数据库配置正确,因为我拥有的其他东西能够连接到它。

4

2 回答 2

4

您的代码从根本上被破坏了:

1)您只是假设执行了上传,并且从不检查失败。至少你应该有

if ($_FILES['picture']['error'] !== UPLOAD_ERR_OK) {
   die("Upload failed with error code " . $_FILES['picture']['error']);
}

错误代码在这里定义:http: //php.net/manual/en/features.file-upload.errors.php

2)addslashes() 提供的防御 SQL 注入攻击的能力与使用单方湿纸巾干涸湖泊所提供的防御能力差不多。由于您使用的是 mysql 库,因此您必须使用 mysql_real_escape_string() 来完成转义数据的正确工作

3)您正在使用 mysql 库,该库已过时且已弃用。停止使用它。改用 mysqli 或 PDO。

4)您的实际错误消息表明您从未mysql_select_db()调用过设置默认数据库。您可以通过简单地将查询修改为INSERT INTO name_of_db.name_of_table ....

于 2013-06-25T17:03:36.107 回答
1

确保您mysql_select_db()inc/db.inc.php文件中正确调用。

在下面的代码中,您只是在不执行任何检查的情况下回显文本。无论成功或失败,都会显示成功消息。

echo "Successfully uploaded your picture!";
于 2013-06-25T17:07:18.497 回答