我有一个表单将图像上传到我的服务器并将路径存储在MySQL中。 当我更新记录时,除非我在文件上传框中选择图像,否则从MySQL中删除上传图像的路径。我并不总是需要更新图像,所以如果在更新表单上没有选择文件,如何防止文件路径被删除?我也知道SQL注入,所以不需要告诉我请!
以下是更新表单字段
<fieldset id="info" class="auto-style1" style="height: 620px; width: 385px;">
<legend id="infoLegend">Member Information</legend>
<div id="InfoContent"> <table style="height: 598px; width: 383px;">
<tbody>
<tr class="firstname">
<td class="firstname" style="width: 58px">First Name</td>
<td class="firstname" style="width: 280px">
<input type="text" name="first_name" value="<?php echo $data2['first_name']?>" style="width: 170px"></td>
</tr>
<tr class="lastname">
<td class="label" style="width: 58px">Last Name</td>
<td class="field" style="width: 280px">
<input type="text" name="last_name" id="lastname" value="<?php echo $data2['last_name']?>" style="width: 171px">
</td></tr>
<tr class="teamname">
<td class="teamname" style="width: 58px">Team Name</td>
<td class="teamname" style="width: 280px">
<input type="text" name="team_name" id="teamname" value="<?php echo $data2['team_name']?>" style="width: 170px">
<br>
</td>
</tr>
<tr class="typeName">
<td class="label" style="width: 58px">Registration</td>
<td class="field" style="width: 280px">
<input type="text" name="registration" id="jerseybrand" value="<?php echo $data2['registration']?>" style="width: 170px">
</td>
</tr>
<tr class="paystatus">
<td class="paystatus" style="width: 58px">Payment Status</td>
<td class="paystatus" style="width: 280px">
<input type="text" name="pay_status" id="paystatus" value="<?php echo $data2['pay_status']?>" style="width: 170px">
<br>
</td>
</tr>
<tr class="physical">
<td class="physical" style="width: 58px">Physical</td>
<td class="physical" style="width: 290px">
<input type="text" name="physical" id="physical" value="<?php echo $data2['physical']?>">
</tr style="width: 170px">
<tr class="photo">
<td class="photo" style="width: 58px">Photo Taken</td>
<td class="photo" style="width: 290px">
<input type="text" name="photo" id="photo" value="<?php echo $data2['photo']?>">
</tr style="width: 170px">
<tr>
<td>
Notes
</td>
<td class="notes" style="width: 280px">
<textarea name="notes" id="notes" class="auto-style1" style="height: 35px; width: 215px"><?php echo $data2['notes']?></textarea>
<br><br>
</td></tr>
<tr class="teamlogo">
<td class="teamlogo" style="width: 58px">Team Logo</td>
<td class="teamlogo" style="width: 280px">
<img name="logo_image "src="<?php echo $data2['logo_src']?>" id="logoimage" height="100" width="100">
</td width="116">
<input type="hidden" name="logo_src" value="<?php echo $data2['logo_src']?>" id="logosrc"/>
</tr>
<tr class="logosrc">
<td class="logosrc" style="width: 58px">Change Logo</td>
<td class="logosrc" style="width: 280px">
<select name="team_name" id="dd" onChange="swapImage()" style="width: 150px">
<option value="" title="logos/cheerlogoleft.jpg">SELECT</option>
<option value="COUGARS" title="logos/cougars2013.jpg" >Cougars</option>
<option value="FALCONS" title="logos/falcons2013.jpg" >Falcons</option>
<option value="GREEN VALLEY KNIGHTS" title="logos/gvklogo2013.png">Green Valley Knights</option>
<option value="LONGHORNS" title="logos/longhorns2013.jpg">Longhorns</option>
<option value="MUSTANGS" title="logos/mustangs2013.jpg">Mustangs</option>
<option value="NW NINERS" title="logos/nwniners2013.jpg">NW Niners</option>
<option value="REBELS" title="logos/rebels2013.jpg">Rebels</option>
<option value="WILDCATS" title="logos/wildcats2013.jpg">Wildcats</option>
</select>
</td>
</tr>
<tr class="photo">
<td class="photo" style="width: 58px">Change Photo</td>
<td class="photo" style="width: 290px">
<input type="file" name="member_photo" "id="cheerphoto"/>
</tr style="width: 170px">
</tbody>
</table>
</div>
</fieldset>
</td><td id="righttdhw" style="width: 517px; height: 141px;">
<fieldset id="info" style="width: 260px; height: 183px">
<legend id="infoLegend">Member Photo</legend>
<div id="memberphoto">
<table style="height: 156px; width: 260px;">
<tbody>
<tr class="memberphoto">
<td class="field" style="width: 269px; height: 132px; text-align: center;">
<img name="member_photo" src="<?php echo $data2['member_photo']?>" id="memberphoto" height="150" width="250" >
</td>
</tr>
和process_edit.php文件
<?php
$id=$_POST['id'];
//This is the directory where images will be uploaded and saved
$target = "uploads/cheer/";
$target = $target . basename($_FILES['member_photo']['name']);
//This gets all the form data//
//----------MEMBER INFO----------//
$team_name=!empty($_POST['team_name'])? $_POST['team_name'] : '';
$first_name=!empty($_POST['first_name'])? $_POST['first_name'] : '';
$last_name=!empty($_POST['last_name'])? $_POST['last_name'] : '';
$registration=!empty($_POST['registration'])? $_POST['registration'] : '';
$pay_status=!empty($_POST['pay_status'])? $_POST['pay_status'] : '';
$physical=!empty($_POST['physical'])? $_POST['physical'] : '';
$photo=!empty($_POST['photo'])? $_POST['photo'] : '';
$notes=!empty($_POST['notes'])? $_POST['notes'] : '';
$logo_src=!empty($_POST['logo_src'])? $_POST['logo_src'] : '';
//----------IMAGES----------//
$pic=!empty($_FILES['member_photo']['name'])? $_FILES['member_photo']['name'] : '';
//----------CONNECT TO DATABASE----------//
include 'elite_connect.php';
//----------WRITES DATA TO DATABASE----------//
mysql_query("UPDATE cheer SET team_name='$team_name', first_name='$first_name', last_name='$last_name', registration='$registration', pay_status='$pay_status', physical='$physical', photo='$photo', logo_src='$logo_src', notes='$notes', member_photo='$target'
WHERE `id` = '$id'");
//----------DISPLAYS MYSQL ERRORS----------//
print_r($_POST);
echo mysql_error();
//----------WRITES PHOTO TO SERVER----------//
if(move_uploaded_file($_FILES['member_photo']['tmp_name'], $target))
{
//----------TELLS IF ALL IS OK----------//
echo "The file ". basename($_FILES['member_photo']['name']). "has been uploaded!";
}
else {
//----------GIVES AN ERROR IF IT'S NOT----------//
?><br/><?php
echo "Sorry, there was a problem uploading your image.";
}
?>
答案 0 :(得分:1)
您正在分配和插入$ target,无论它实际上是否被发送。在插入文件之前,您需要检查文件是否正在发送(就像您正在使用普通输入字段一样)。
http://php.net/manual/en/function.is-uploaded-file.php
从那里你可以做一个条件插入,一个插入包含一个不包含的文件,或者包含一个隐藏字段,该字段将url存储为值,如果图像尚未上传,则只需将其交换。
答案 1 :(得分:1)
请尝试这种方法。仅在文件正确上载时才会更新您的数据库:
//----------CONNECT TO DATABASE----------//
include 'elite_connect.php';
//----------WRITES DATA TO DATABASE----------//
mysql_query("UPDATE cheer SET team_name='$team_name', first_name='$first_name', last_name='$last_name', registration='$registration', pay_status='$pay_status', physical='$physical', photo='$photo', logo_src='$logo_src', notes='$notes'
WHERE `id` = '$id'");
//----------DISPLAYS MYSQL ERRORS----------//
print_r($_POST);
echo mysql_error();
//----------WRITES PHOTO TO SERVER----------//
if(move_uploaded_file($_FILES['member_photo']['tmp_name'], $target))
{
//----------TELLS IF ALL IS OK----------//
echo "The file ". basename($_FILES['member_photo']['name']). "has been uploaded!";
mysql_query("UPDATE cheer SET member_photo='$target'
WHERE `id` = '$id'");
}
else {
//----------GIVES AN ERROR IF IT'S NOT----------//
?><br/><?php
echo "Sorry, there was a problem uploading your image.";
}