我创建了一个文件上传文件,它将文件存储在mysql数据库中,并且除了PDF之外,它应该适用于所有文件类型。
MySQL数据库结构:
CREATE TABLE IF NOT EXISTS `pdfupload`
(
`id` int(12) NOT NULL,
`name` varchar(100) NOT NULL,
`type` varchar(100) NOT NULL,
`size` int(12) NOT NULL,
`content` longblob NOT NULL
)
这是我的文件上传代码
<!DOCTYPE html>
<body>
<form method="post" enctype="multipart/form-data">
<table width="350" border="0" cellpadding="1" cellspacing="1" class="box">
<tr>
<td width="246">
<input type="hidden" name="MAX_FILE_SIZE" value="20000000">
<input name="userfile" type="file" id="userfile">
</td>
<td width="80"><input name="upload" type="submit" class="box" id="upload"
value=" Upload "></td>
</tr>
</table>
</form>
<?php
include 'connect-db.php';
if(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0)
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$fp = fopen($tmpName, 'r');
$content = fread($fp, filesize($tmpName));
$content = addslashes($content);
fclose($fp);
if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
}
$query = "INSERT INTO pdfupload
(name, size, type, content )
VALUES ('$fileName', '$fileSize', '$fileType', '$content')";
mysql_query($query) or die('Error, query failed');
echo "<br>File $fileName uploaded<br>";
}
?>
</body>
</html>
任何人都可以发现任何问题或通知我这是否与PDF文档无关? 非常感谢提前。
答案 0 :(得分:1)
您可以尝试使用MySQL LOAD_FILE()语法将PDF文件加载到表content列中。
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
include 'connect-db.php';
if(isset($_POST['upload']) && $_FILES['userfile']['size'] > 0)
{
$message = '';
switch ($_FILES['userfile']['error']) {
case UPLOAD_ERR_INI_SIZE:
$message = "The uploaded file exceeds the upload_max_filesize directive in php.ini";
break;
case UPLOAD_ERR_FORM_SIZE:
$message = "The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form";
break;
case UPLOAD_ERR_PARTIAL:
$message = "The uploaded file was only partially uploaded";
break;
case UPLOAD_ERR_NO_FILE:
$message = "No file was uploaded";
break;
case UPLOAD_ERR_NO_TMP_DIR:
$message = "Missing a temporary folder";
break;
case UPLOAD_ERR_CANT_WRITE:
$message = "Failed to write file to disk";
break;
case UPLOAD_ERR_EXTENSION:
$message = "File upload stopped by extension";
break;
default:
$message = "Unknown upload error";
}
}
if ( $message != '' ) {
echo $message;
exit;
}
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$query = "INSERT INTO pdfupload
(name, size, type, content )
VALUES ( '$fileName',
'$fileSize',
'$fileType',
LOAD_FILE($tmpName)
)";
$res = mysql_query($query);
if ( ! $res ) {
echo 'Query failed with error : ' . mysql_error();
exit;
}
}
请参阅The documentation for LOAD_FILE关于权限等可能有点特别,但在Windows上你可能不应该有这个问题。
答案 1 :(得分:0)
使用mysql_real_escape_string
mysql_real_escape_string(fread($instr,filesize($fileName)));
而不是
addslashes($content);
addslashes会为通常令人不安的字符添加斜杠。 mysql_real_escape_string可以逃避MySQL需要转义的任何内容。这可能是比addslashes更多或更少的字符。
另外,mysql_real_escape_string不一定要添加斜杠来逃避。虽然我认为如果你这样做是有效的,但最新版本的MySQL通过将两个放在一起而不是在它之前放一个斜杠来逃避引用。
我相信你应该总是使用你的数据提供者的转义函数而不是addslashes,因为在你使用它时,addslashes可能会做太多或者没有足够的工作。另一方面,mysql_real_escape_string知道如何准备字符串以将其嵌入查询中。即使规范改变了如何逃避的东西,突然它不再是你应该使用的反斜杠,你的代码仍然会工作,因为mysql_real_escape_string会知道
答案 2 :(得分:0)
您可能需要库,例如http://www.pdfparser.org/。看看这个问题可能对你有帮助。