无法在数据库中存储文件详细信息

时间:2013-07-24 06:33:17

标签: php html mysql database syntax-error

我正在尝试将上传的文件详细信息存储在我的数据库中。我编写了以下代码,但我无法理解为什么它不读取查询块。它不会生成任何MySQL错误消息或任何其他语法错误。请检查一下。

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<form action="file_upload_test2.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file"><br>
<input type="file" name="file2" id="file"><br>
<input type="file" name="file3" id="file"><br>
<input type="submit" name="submit" value="Submit">
</form>



</body>
</html>


<?php

include 'connect.php';

$allowedExts = array("gif", "jpeg", "jpg", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));


if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "image/x-png")
|| ($_FILES["file"]["type"] == "image/png"))
//&& ($_FILES["file"]["size"] < 200000)
&& in_array($extension, $allowedExts))
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
    }
  else
    {
    echo "Upload: " . $_FILES["file"]["name"] . "<br>";
    echo "Type: " . $_FILES["file"]["type"] . "<br>";
    echo "Size: " . ($_FILES["file"]["size"] / 200000) . " kB<br>";




        $image_name=        $_FILES["file"]["name"];  

        $path=              move_uploaded_file($_FILES["file"]["tmp_name"],
                                    "upload/" . rand().$_FILES["file"]["name"]);            

            echo "Stored in: " . "upload/" . $_FILES["file"]["name"];     

            if (mysql_query ("Insert into category_images (image_name,image_location) VALUES ('$image_name', '$path')"))
            {
                echo "successfull"; 
                } 
                else {
                    mysql_error();
                    } 
      }
    }

else
  {
  echo "Invalid file";
  }


?> 

1 个答案:

答案 0 :(得分:0)

    $sql = "INSERT INTO `category_images` (`image_name`,`image_location`) VALUES ('".$image_name."', '".$path."')";

    $result = mysql_query($sql);
    if ($result)
    {
          // Successful query execution
          echo "successfull"; 
    } 
    else {
          // Some error occured while executing query.
          // Show some useful information using echo/print.
          // Then stop execution after taking other necessary steps

          die(mysql_error());
    }

此外,您的数据库很容易受到SQL注入攻击,因为您没有清理输入。您应该使用至少mysql_real_escape_string()方法来确保不会发生这种情况。

如果上述方法无效,请尝试检查连接参数是否正常以及MySQL是否正在运行。