我正在创建一个PHP程序,它将产品信息及其图像作为输入并将信息存储在数据库中。我编写了以下代码,它将“产品信息”记录插入数据库,但没有在数据库中插入“图像记录”,并且还给出了一条错误消息。请检查并告诉我我在哪里犯了错误。 谢谢。
您的SQL语法有错误;检查与MySQL服务器版本对应的手册,以便在第1行的''附近使用正确的语法
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
</body>
</html>
<?php
global $current_id;
session_start();
if(isset($_SESSION['username']))
{
include 'connect.php';
$select_query= 'Select * from category';
$select_query_run = mysql_query($select_query);
echo "
<form action='insert_product.php' method='POST' enctype='multipart/form-data' ></br>
Product Name: <input type='text' name='product_name' /></br>
Price : <input type= 'text' name= 'price' /></br>
Description : <input type='text' name='description' />*Seperate by Comma</br>
File : <input type='file' name= 'image' >
";
/*------------------
Drop Down List Start
------------------*/
echo "<select name='category'>";
while ($select_query_array= mysql_fetch_array($select_query_run) )
{
echo "<option value='".$select_query_array['category_id']."' >".
htmlspecialchars($select_query_array["name"])."</option>";
}
$selectTag= "<input type='submit' value='Insert' /></select></form>";
echo $selectTag;
/*-----------------
Drop Down List End
------------------*/
if(isset($_POST['product_name']) && isset($_POST['price']) && isset($_POST['description']) )
{
$product_name = $_POST['product_name'];
$price = $_POST['price'];
$description = $_POST['description'];
$category = $_POST['category'];
$query= "insert into products (name, price, description, category_id )
VALUES( '$product_name', $price, '$description', $category )";
if($query_run= mysql_query($query) )
{
echo 'Data Inserted';
$current_id= mysql_insert_id();
}
else
{
'Error In SQL'.mysql_error();
}
}
else
{
echo 'Plesae fill all the Fields';
}
/*-------------------
IMAGE QUERY
---------------*/
$file =$_FILES['image']['tmp_name'];
if(!isset($file))
{
echo 'Please select an Image';
}
else
{
$image_check= getimagesize($_FILES['image']['tmp_name']);
if($image_check==false)
{
echo 'Not a Valid Image';
}
else
{
$image =file_get_contents ($_FILES['image']['tmp_name'] );
$image_name =$_FILES['image']['name'];
$image_query ="insert into product_images VALUES ($current_id, '$image_name', $image)";
// $image_query= "INSERT INTO `product_images` (`product_id`, `name`, `image`)
//VALUES ('1', '{$image_name}', '{$image}')";
if (mysql_query($image_query))
{
//if ($image_query =mysql_query (insert into product_images values
// ($current_id, $image_name, $image"))
// echo $current_id;
//echo 'Successfull';
}
else
{
echo "<br>". mysql_error();
}
}
}
/*-----------------
IMAGE QUERY END
---------------------*/
}
else
{
echo 'You Must Log in To View this Page!';
}
?>
答案 0 :(得分:1)
两个问题。
首先,您应该转义值以防止SQL注入,并且还要处理$image包含二进制数据的事实。
其次,您必须在SQL中引用$image。
试试这个:
$image =mysql_real_escape_string(file_get_contents ($_FILES['image']['tmp_name'] ));
$image_name =mysql_real_escape_string($_FILES['image']['name']);
$image_query ="insert into product_images VALUES ($current_id, '$image_name', '$image')";
答案 1 :(得分:0)
尝试以这种方式使用它来插入sql:
$query= "insert into products (name, price, description, category_id )
VALUES( '$product_name', '$price', '$description', $category )";
$ price也需要在报价范围内.....