0

我正在尝试将上传的文件详细信息存储在我的数据库中。我已经编写了以下代码,但我无法理解为什么它不读取查询块。它不会生成任何 MySQL 错误消息或任何其他语法错误。请检查一下。

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<form action="file_upload_test2.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<input type="file" name="file2" id="file"><br>
<input type="file" name="file3" id="file"><br>
<input type="submit" name="submit" value="Submit">
</form>



</body>
</html>


<?php

include 'connect.php';

$allowedExts = array("gif", "jpeg", "jpg", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));


if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
//&& ($_FILES["file"]["size"] < 200000)
&& in_array($extension, $allowedExts))
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
    }
  else
    {
    echo "Upload: " . $_FILES["file"]["name"] . "<br>";
    echo "Type: " . $_FILES["file"]["type"] . "<br>";
    echo "Size: " . ($_FILES["file"]["size"] / 200000) . " kB<br>";




        $image_name=        $_FILES["file"]["name"];  

        $path=              move_uploaded_file($_FILES["file"]["tmp_name"],
                                    "upload/" . rand().$_FILES["file"]["name"]);            

            echo "Stored in: " . "upload/" . $_FILES["file"]["name"];     

            if (mysql_query ("Insert into category_images (image_name,image_location) VALUES ('$image_name', '$path')"))
            {
                echo "successfull"; 
                } 
                else {
                    mysql_error();
                    } 
      }
    }

else
  {
  echo "Invalid file";
  }


?>
4

1 回答 1

0

尝试

    $sql = "INSERT INTO `category_images` (`image_name`,`image_location`) VALUES ('".$image_name."', '".$path."')";

    $result = mysql_query($sql);
    if ($result)
    {
          // Successful query execution
          echo "successfull"; 
    } 
    else {
          // Some error occured while executing query.
          // Show some useful information using echo/print.
          // Then stop execution after taking other necessary steps

          die(mysql_error());
    }

此外,由于您没有清理输入,因此您的数据库容易受到 SQL 注入攻击。您应该至少使用mysql_real_escape_string()方法来确保不会发生这种情况。

如果上述方法不起作用,请尝试检查您的连接参数是否正常以及 MySQL 是否正在运行。

于 2013-07-24T06:52:48.883 回答