我已经阅读了很多考虑这个问题的主题,但我仍然遇到同样的问题。我认为我无法理解逻辑。
所以我有一个图像存储在我的系统中的一个文件夹中,我也在我的数据库中注册了图像的路径。我只是想让用户将图像的标题插入搜索表单,然后按下OK,我希望显示特定图像。
到目前为止我找到的代码如下: 回声'';
他们可以为其他人工作,但不适合我
我的代码如下:
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("photoshare", $con);
$Title = $_POST['Title'];
$Creator = $_POST['Creator'];
$result = mysql_query("SELECT path FROM images WHERE Title = '$Title' OR Creator = '$Creator'");
echo '<img src="' . $result . '" />';
//some code
mysql_close($con);
?>
所以问题是没有显示图像。另一方面,正在显示损坏图像的图标。 如果我把它弄好了就会发生错误,因为我不会把我必须看到的HTTP或类似的东西放进去。我真的还没有看到它。
任何帮助将不胜感激:)
谢谢你们两位但同样的事情:/ 我的上传文件如下,我希望它有所帮助:
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("photoshare", $con);
$Image_Title = $_POST['Image_Title'];
$Image_Creator = $_POST['Image_Creator'];
$Image_Date = $_POST['Image_Date'];
$Image_Genre = $_POST['Image_Genre'];
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 50000000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
if (file_exists("../photo_album/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"../photo_album/" . $_FILES["file"]["name"]);
echo "Stored in: " . "../photo_album/" . $_FILES["file"]["name"];
$path = "photo_album/" . $_FILES["file"]["name"];
$query = "INSERT INTO images (title, creator, date, genre, path)
VALUES ('$Image_Title', '$Image_Creator', '$Image_Date', '$Image_Genre', '$path')";
}
}
}
else
{
echo "Invalid file";
}
if (!mysql_query($query, $con)) {
die("Error " . mysql_error());
}
?>
答案 0 :(得分:6)
您正在执行查询,但您还必须将结果检索为数组或对象。
<?php
mysql_select_db("photoshare", $con);
// Use mysql_real_escape_string to protect yourself from SQL injection
$Title = mysql_real_escape_string( $_POST['Title'] );
$Creator = mysql_real_escape_string( $_POST['Creator'] );
$result = mysql_query("SELECT path FROM images WHERE Title = '$Title' OR Creator = '$Creator'");
$row = mysql_fetch_assoc( $result );
echo '<img src="' . $row['path'] . '" />';
此外,您无法转移输入,这将使您了解CRITICAL安全漏洞。对任何用户提供的输入使用mysql_real_escape_string()以避免这种情况。
最后,不推荐使用mysql扩展,你应该避免使用它(PHP.net文档将其列为已弃用)。请考虑使用PDO。以下是使用PDO重写的代码:
<?php
$con = new PDO( 'mysql:host=localhost;dbname=photoshare', 'root', '' );
if ( ! $con ) {
die( 'Could not connect to the database' );
}
$stmt = $con->prepare( "SELECT path FROM images WHERE Title = :title OR Creator = :creator" );
$stmt->bindParam( ':title', $_POST['Title'] );
$stmt->bindParam( ':creator', $_POST['Creator'] );
$stmt->execute();
// Do this to output all found images
while ( $row = $stmt->fetch( PDO::FETCH_ASSOC ) ) {
echo '<img src="' . htmlentities( $row['path'] ) . '" />';
}
// OR do this to output only one image
$row = $stmt->fetch( PDO::FETCH_ASSOC );
echo '<img src="' . htmlentities( $row['path'] ) . '" />';
答案 1 :(得分:1)
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("photoshare", $con);
$Title = mysql_real_escape_string( $_POST['Title'] );
$Creator = mysql_real_escape_string( $_POST['Creator'] );
$result = mysql_query("SELECT path FROM images WHERE Title = '$Title' OR Creator = '$Creator'");
$row=mysql_fetch_assoc($result);
echo '<img src="' . $row['path'] . '" />';
//some code
mysql_close($con);
?>