PHP MySQL插入使用GET方法

时间:2013-08-02 18:06:37

标签: php mysql file-upload

我正在尝试管理面板工作。我下载了此示例管理面板设计:http://medialoot.com/item/html5-admin-template/

HTML结构:http://pastebin.ubuntu.com/5940949/

我尝试过PHP代码,

<?php
if(isset($_GET['submit'])){
    if($_FILES["carImage"]["error"] > 0){
    echo '<script type="text/javascript">alert('."File not upload" . $_FILES["carImage"]["error"].');</script>';
    }else{
        if(!is_dir("../inc/imj/cars")){
            mkdir("../inc/imj/cars");
        }
        $carImage_ = "../inc/imj/cars".$_FILES["carImage"]["name"];
        move_uploaded_file($_FILES["carImage"]["tmp_name"],$carImage_);

        mysql_query("

        INSERT INTO contents ('indexId','catId','carModelName','carCash','carImage','carAlt','carTitle','carKMH','carWeight','carWheelInch','carColur','info')
        VALUES (NULL,'".$_GET['catId']."','".$_GET['carModelName']."','".$_GET['carCash']."','".$carImage_."','".$_GET['carAlt']."','".$_GET['carTitle']."','".$_GET['carKMH']."','".$_GET['carWeight']."','".$_GET['carWheelInch']."','".$_GET['carColur']."','".$_GET['info']."')

        ");

    }
}       
?>

我尝试了其他查询代码,

mysql_query("

INSERT INTO contents ('indexId','catId','carModelName','carCash','carImage','carAlt','carTitle','carKMH','carWeight','carWheelInch','carColur','info')
VALUES (NULL,".$_GET['catId'].",".$_GET['carModelName'].",".$_GET['carCash'].",".$carImage_.",".$_GET['carAlt'].",".$_GET['carTitle'].",".$_GET['carKMH'].",".$_GET['carWeight'].",".$_GET['carWheelInch'].",".$_GET['carColur'].",".$_GET['info'].")

");

我猜文件没有上传。所以不行。

因为错误;

注意:未定义的索引:carImage in ..

注意:未定义的索引:bilgi in ..

注意:TABLE contents.indexId是主键和自动增量。

我们如何解决?

感谢您的关注。

更新

图片上传问题是;

<?php
$catId = isset($_GET['catId']) ? $_GET['catId'] : "";
$carModelName = isset($_GET['carModelName']) ? $_GET['carModelName'] : "";
$carCash = isset($_GET['carCash']) ? $_GET['carCash'] : "";
$carAlt = isset($_GET['carAlt']) ? $_GET['carAlt'] : "";
$carTitle = isset($_GET['carTitle']) ? $_GET['carTitle'] : "";
$carKMH = isset($_GET['carKMH']) ? $_GET['carKMH'] : "";
$carWeight = isset($_GET['carWeight']) ? $_GET['carWeight'] : "";
$carWheelInch = isset($_GET['carWheelInch']) ? $_GET['carWheelInch'] : "";
$carColur = isset($_GET['carColur']) ? $_GET['carColur'] : "";
$info = isset($_GET['info']) ? $_GET['info'] : "";
if(isset($_GET['submit'])){
    if($_FILES["carImage"]["error"] > 0){
    echo '<script type="text/javascript">alert('."File not upload" . $_FILES["carImage"]["error"].');</script>';
    }else{

        $carUrl_ = "../inc/imj/urun";
        if(!is_dir($carUrl_)){mkdir($carUrl_);}

        $carImage_ = $carUrl_.$_FILES["carImage"]["name"];
        $carUrlName = $_FILES["carImage"]["name"];
        move_uploaded_file($_FILES["carImage"]["tmp_name"],$carImage_);

        mysql_query("

        INSERT INTO contents ('indexId','catId','carModelName','carCash','carImage','carAlt','carTitle','carKMH','carWeight','carWheelInch','carColur','info')
        VALUES (".$catId.",".$_GET['carModelName'].",".$_GET['carCash'].",".$carUrlName.",".$carAlt.",".$carTitle.",".$carKMH.",".$carWeight.",".$carWheelInch.",".$carColur.",".$info.")

        ");

    }
}       
?>

更新2

<?php
$catId = isset($_GET['catId']) ? $_GET['catId'] : "";
$carModelName = isset($_GET['carModelName']) ? $_GET['carModelName'] : "";
$carCash = isset($_GET['carCash']) ? $_GET['carCash'] : "";
$carAlt = isset($_GET['carAlt']) ? $_GET['carAlt'] : "";
$carTitle = isset($_GET['carTitle']) ? $_GET['carTitle'] : "";
$carKMH = isset($_GET['carKMH']) ? $_GET['carKMH'] : "";
$carWeight = isset($_GET['carWeight']) ? $_GET['carWeight'] : "";
$carWheelInch = isset($_GET['carWheelInch']) ? $_GET['carWheelInch'] : "";
$carColur = isset($_GET['carColur']) ? $_GET['carColur'] : "";
$info = isset($_GET['info']) ? $_GET['info'] : "";
if(isset($_GET['submit'])){

        mysql_query("

        INSERT INTO contents ('indexId','catId','carModelName','carCash','carImage','carAlt','carTitle','carKMH','carWeight','carWheelInch','carColur','info')
        VALUES (".$catId.",".$_GET['carModelName'].",".$_GET['carCash'].",tryImg.png,".$carAlt.",".$carTitle.",".$carKMH.",".$carWeight.",".$carWheelInch.",".$carColur.",".$info.")

        ");

}       
?>

1 个答案:

答案 0 :(得分:1)

对于get中的每个变量,在mysql insert语句中使用它之前检查变量是否已设置。

$variable = (isset($_GET['variable'])) ? $_GET['variable'] : "";

不要插入indexId,它会自动递增,你可以从查询语句中删除它。

mysql_query("

INSERT INTO contents ('catId','carModelName','carCash','carImage','carAlt','carTitle','carKMH','carWeight','carWheelInch','carColur','info')
VALUES (".$_GET['catId'].",".$_GET['carModelName'].",".$_GET['carCash'].",".$carImage_.",".$_GET['carAlt'].",".$_GET['carTitle'].",".$_GET['carKMH'].",".$_GET['carWeight'].",".$_GET['carWheelInch'].",".$_GET['carColur'].",".$_GET['info'].")

");

<强>更新

当用户将字段留空时,

isset($_GET['that-field']) 

返回false,即未设置值。

else isset返回true,即用户设置该变量的值。

所以你不能使用$ _GET ['var']而不知道var是否给了某些值。 如果用户没有给出任何值,则必须在将其输入数据库之前自行设置。

所以使用,

if(isset($_GET['variable'])){
   $variable = $_GET['variable'];
} else{
   $variable = "";
}

在运行mysql查询之前,必须对所有变量执行此操作,并使用'$variable'而不是$_GET['variable']