这条线怎么样?
警告:copy():open_basedir限制生效。 File()不在允许的路径中:(/ xxx / xxx / xxx / xxx / php:/ tmp)在第85行的/home/xxxxxxxxxx/public_html/newsp.php中
这是我的代码:
<?php
session_start();
if (isset($_SESSION['password'])) {
$con=mysqli_connect("xxxxx","xxxxx","xxxxx","xxxxx");
// Check connection
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM News ORDER BY ID DESC LIMIT 1");
while($row = mysqli_fetch_array($result))
{
$ID = $row['ID'] + 1;
}
$title = $_POST['title'];
$content = $_POST['content'];
$type=$_POST['type'];
echo $title . "<br>";
echo $content . "<br>";
echo $type . "<br>";
echo $ID . "<br>";
$sql = 'INSERT INTO News '.'(Title, Content, Type) '.'VALUES ( $title, $content, $type)';
$result=mysqli_query($con,$sql);
//define a maxim size for the uploaded images in Kb
define ("MAX_SIZE","100");
//This function reads the extension of the file. It is used to determine if the file is an image by checking the extension.
function getExtension($str) {
$i = strrpos($str,".");
if (!$i) { return ""; }
$l = strlen($str) - $i;
$ext = substr($str,$i+1,$l);
return $ext;
}
//This variable is used as a flag. The value is initialized with 0 (meaning no error found)
//and it will be changed to 1 if an errro occures.
//If the error occures the file will not be uploaded.
$errors=0;
//checks if the form has been submitted
//reads the name of the file the user submitted for uploading
$image=$_FILES['file']['name'];
//if it is not empty
if ($image)
{
//get the original name of the file from the clients machine
$filename = stripslashes($_FILES['file']['name']);
//get the extension of the file in a lower case format
$extension = getExtension($filename);
$extension = strtolower($extension);
//if it is not a known extension, we will suppose it is an error and will not upload the file,
//otherwise we will do more tests
if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif"))
{
//print error message
echo '<h1>Unknown extension!</h1>';
$errors=1;
}
else
{
//get the size of the image in bytes
//$_FILES['image']['tmp_name'] is the temporary filename of the file
//in which the uploaded file was stored on the server
$size=filesize($_FILES['image']['tmp_name']);
//compare the size with the maxim size we defined and print error if bigger
if ($size > MAX_SIZE*1024)
{
echo '<h1>You have exceeded the size limit!</h1>';
$errors=1;
}
//we will give an unique name, for example the time in unix time format
$image_name= $ID.'.'.$extension;
//the new name will be containing the full path where will be stored (images folder)
$newname="NewsPic/".$image_name;
//we verify if the image has been uploaded, and print error instead
echo $image_name;
$copied = copy($_FILES['image']['tmp_name'], $newname);
if (!$copied)
{
echo '<h1>Copy unsuccessfull!</h1>';
$errors=1;
}
}
}
} else {
header("location:login.php");
}
?>
我想将图片上传到我的文件夹。
答案 0 :(得分:1)
尝试使用move_uploaded_file(param1,param2);功能
move_uploaded_file($_FILES['image']['tmp_name'],$newname)
注意:您的变量$ newname必须包含应保存文件夹的路径+文件名
为您的INSERT QUERY
尝试在声明应插入字段
时删除'.'
产生您的查询
$sql= "INSERT INTO News(Title, Content, Type)VALUES ( '$title', '$content', '$type')";
因为'.'使你的sql失败。