0

如何将完整的文件路径保存在 mysql 表中?

目前mysql存储路径名如下

F:Xammphtdocsdrnirajvoraappointment/uploads/0stock-illustration-4507047-set-of-colored-planets.jpg

但它应该像这样保存

F:Xammp/htdocs/drnirajvora/appointment/uploads/0stock-illustration-4507047-set-of-colored-planets.jpg

这是我保存文件的代码

        public function uploadfiles()
    {
        if(isset($_FILES['fileupload']))
        {
            $errors= array();
                        $connection = db::factory('mysql');
                        $user_id=$_SESSION['userid'];   
            foreach($_FILES['fileupload']['tmp_name'] as $key => $tmp_name )
                {
                $file_name = $key.$_FILES['fileupload']['name'][$key];
                $file_size =$_FILES['fileupload']['size'][$key];
                $file_tmp =$_FILES['fileupload']['tmp_name'][$key];
                $file_type=$_FILES['fileupload']['type'][$key]; 
                if($file_size > 2097152)
                        {
                        $errors[]='File size must be less than 2 MB';
                        }   
                $upload_dir = ROOT;
                $desired_dir=ROOT."/uploads/";
                if(empty($errors)==true)
                    {
                    if(is_dir(ROOT."/uploads/")==false)
                        {
                        mkdir(ROOT."/uploads/", 0700);      // Create directory if it does not exist
                        }
                    if(is_dir(ROOT."/uploads/".$file_name)==false)
                        {
                        $file_path=ROOT."/uploads/".$file_name;
                        move_uploaded_file($file_tmp,$file_path);
                        $query="INSERT into uploads (`User_Id`,`File_Name`,`File_Path`,`File_Size`,`File_Type`) VALUES('$user_id','$file_name','$file_path','$file_size','$file_type'); ";
                        mysql_query($query);
                        }
                        else
                        {                                   // rename the file if another one exist
                        $new_path=ROOT."/uploads/".$file_name.time();
                        rename($file_tmp,$new_path) ;
                        $file_path=$new_path;   
                        $query="INSERT into uploads (`User_Id`,`File_Name`,`File_Path`,`File_Size`,`File_Type`) VALUES('$user_id','$file_name','$file_path','$file_size','$file_type'); ";
                        mysql_query($query);


                }
                else
                {
                print_r($errors);
                }
        }
        if(empty($error))
        {
        //echo "Success"; exit;
        return true;
        }
        return false;
}
    }
4

1 回答 1

1

mysql_query 在最新的 PHP 中已被弃用,它也不那么安全。我强烈建议切换到 Mysqli 或 PDO。

不过,要回答您的问题,请在将变量插入数据库之前尝试对变量使用 mysql_real_escape_string() 。它将逃避特殊字符。

于 2013-07-26T14:40:18.033 回答