Question

我正在上传并请求ID以在上传图片后检索图片。但是，在我可以检索之前，我甚至可以将其插入我的MySQL数据库;

BTW问题出在第19行，即

"$query = "INSERT INTO profilepicture (`id`,`name`,`image`) VALUES ('','".$image_name."','".$image."')";"

这是我使用的代码

<?php
 $con = mysqli_connect('127.0.0.1', 'root', '', 'test');
$files = $_FILES['uploadProfilePicture']['tmp_name'];

 if(!isset($files)){
echo("wrong file");
 }else
 {
$image = file_get_contents($_FILES['uploadProfilePicture']['tmp_name']);
$image_name = $_FILES['uploadProfilePicture']['name'];
$image_size = getimagesize($_FILES['uploadProfilePicture']['tmp_name']);

if($image_size == false) 
{
    echo("Thats is not an image");
}else
{
    $query = "INSERT INTO profilepicture (`id`,`name`,`image`) VALUES ('','".$image_name."','".$image."')";
    if(!$insert = mysqli_query($con, $query))
    {
    echo("problem uploading");  
    }else
    {

        $lastid = mysql_insert_id();
        echo "image uploaded.</p> Your Image</p> <img src=getImage.php?id=".$lastid.">";
    }
}
 }
 ?>



<div class="loginCheck">
        <div class="profilePicture">
            <form action="ProfileImages/FileUpload.php" method="POST" enctype="multipart/form-data">
                <input  type="file" name="uploadProfilePicture"/> <input type="submit" value="Upload" />
            </form>



        </div>
    </div>

Answer 1

我打赌你这行有问题：

$image = file_get_contents($_FILES['uploadProfilePicture']['tmp_name']);

请改为尝试：

$image = mysql_real_escape_string(file_get_contents($_FILES['uploadProfilePicture']['tmp_name']));

您需要转义该字符串。它可能有一个引用。您应该考虑使用prepared statements。

Answer 2

这个字符串应该如何构建？

"$query = "INSERT INTO profilepicture (`id`,`name`,`image`) VALUES ('','".$image_name."','".$image."')";"

如上？或者：

$query = "INSERT INTO profilepicture (`id`,`name`,`image`) VALUES ('','".$image_name."','".$image."')";

请注意在$之前和结尾;之前删除了引用？

无法在MySQL中插入图像

2 个答案: