0

我是 PHP 初学者,我正在尝试将 PDF 上传到我的 MySQL 数据库。我尝试添加一些代码以使其与 pdf 兼容,但它不起作用,所以我删除了它,我有可以上传 .txt、word 文档、图像等但不是 PDF 的 PHP 脚本。你建议我应该添加什么,以便它适用于 PDF。这是我的脚本。

    <html>
<head></head>
<body>
<form method="post" enctype="multipart/form-data">
<table width="350" border="0" cellpadding="1"
cellspacing="1" class="box">
<tr>
<td>Select a file to upload</td>
</tr>
<tr>
<td>
<input type="hidden" name="MAX_FILE_SIZE"
value="16000000">
<input name="userfile" type="file" id="userfile"> 
</td>
</tr>
<tr>
<td width="80"><input name="upload"
type="submit" class="box" id="upload" value=" Upload "></td>
</tr>
</table>
</form>
</body>
</html>
<?php
if(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0)
{
$fileName = $_FILES['userfile']['name'];
$tmpName  = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$fileType=(get_magic_quotes_gpc()==0 ? mysql_real_escape_string(
$_FILES['userfile']['type']) : mysql_real_escape_string(
stripslashes ($_FILES['userfile'])));
$fp      = fopen($tmpName, 'r');
$content = fread($fp, filesize($tmpName));
$content = addslashes($content);
fclose($fp);
if(!get_magic_quotes_gpc())
{
    $fileName = addslashes($fileName);
}
$con = mysql_connect('localhost', 'root', '') or die(mysql_error());
$db = mysql_select_db('test', $con);
if($db){
$query = "INSERT INTO upload (name, size, type, content ) ".
"VALUES ('$fileName', '$fileSize', '$fileType', '$content')";
mysql_query($query) or die('Error, query failed'); 
mysql_close();
echo "<br>File $fileName uploaded<br>";
}else { echo "file upload failed"; }
} 
?>
4

2 回答 2

0

Magic quotes have been deprecated for a long time. You shouldn't use it anymore. Since PHP 5.4 it is removed from the language. Especially, when writing new scripts you should avoid this abandoned feature.

If your file is to big to be processed using a PHP file upload script, you might be interested in changing settings like post_max_size. See this thread for more details: Increasing the maximum post size

Instead of the general-use text manipulating function addslashes you should use the escaping function matching your database system. In this case it is mysqli_real_escape_string. As PDF files contain binary data and no text, you shouldn't add and remove slashes on saving and after reading (text processing). Just escape the binary content blob using the adequate MySQL function when inserting the data into the database. A suitable column type for entire files is MEDIUMBLOB. It allows a data length of up to ~16 MB.

After having talked about the php side, a few more hints concerning MySQL. MySQL limits the length of data packets being sent to it. If you use a shared hosting platform (and no dedicated server), chances are high of being limited to only 1 MB. The relevant configuration option is max_allowed_packet. This setting will limit the ability to store documents in the database. See this thread for ideas on how to resolve this problem.

In my opinion it's a bad idea in most cases to store entire documents into a relational database. I usually put the file meta data (size, filename, MIME type, ...) into a database table and store the uploaded binary data in a normal file system directory that isn't readable to the public (e.g. /srv/uploads). Then your files can become as big as you want without sacrificing your database's performance.

于 2013-10-28T14:12:27.143 回答
0

您应该将其存储为二进制数据。所以列类型BLOB(或MEDIUMBLOB等等,取决于文件有多大 - 以及用户可以上传多少)。这样,几乎可以存储任何类型的文件内容。

此外,我认为您不应该在内容中添加斜杠并直接在查询中插入值,而是考虑使用参数。阅读 PHP 数据对象(PDO: http: //php.net/manual/en/book.pdo.php),这是一个非常好的和安全的(如果使用得当!)与数据库交互的扩展。

于 2013-10-28T14:01:21.780 回答