我在脚本中遇到更新照片的问题。当我上传照片以更新特定用户时,它会使用我上传的照片更新mysql表格中的所有用户,并使用staff_id重命名。
根据我的脚本,它假设使用staff_id重命名照片,将其更新给用户并覆盖上传目录中该用户的任何照片。请问我做错了什么,我的片段如下:
<?php
$allowed_filetypes = array('.jpg','.pdf','.xlsx','.xls','.doc','.docx','.ppt','.pptx','.jpeg','.png','.gif','.pdf');
$max_filesize = 52428800; // max file size = 50MB
$target = "images/";
$pic=($_FILES['photo']['name']);
// get form data, making sure it is valid and also sanitize the inputs
$pic = mysql_real_escape_string(htmlspecialchars($_FILES['photo']['name']));
//This gets all the other information from the form
$pic=($_FILES['photo']['name']);
$file = $_FILES['photo']['name']; // Get the name of the file (including file extension).
$ext = substr($file, strpos($file,'.'), strlen($file)-1);
if(!in_array($ext,$allowed_filetypes))//check if file type is allowed
die('The file extension you attempted to upload is not allowed.'); //not allowed
if(filesize($_FILES['photo']['tmp_name']) > $max_filesize) //check that filesize is less than 50MB
die ('The file you attempted to upload is too large, compress it below 50MB.');
// Connects to your Database
mysql_connect("localhost", "root", "") or die(mysql_error()) ;
mysql_select_db("office") or die(mysql_error()) ;
$pic=($_FILES['photo']['name']);
$uploaddir = 'images/';
$uploadfile = $uploaddir . basename($_FILES['photo']['name']);
echo "<p>";
if (move_uploaded_file($_FILES['photo']['tmp_name'], $uploadfile)) {
//Writes the information to the database
mysql_query("UPDATE development SET photo='$pic' ");
$uploaddir = "images/" .mysql_insert_id() . $ext;
$staff_id = mysql_insert_id();
$new_file_name = mysql_insert_id() . $ext;
//I removed ,photo='$target' to display only id as picture name
mysql_query("UPDATE development SET photo='$new_file_name' WHERE staff_id=$staff_id");
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Upload failed";
}
echo "</p>";
echo '<pre>';
echo 'Here is some more debugging info:';
print_r($_FILES);
print "</pre>";
?>
答案 0 :(得分:0)
你读过你的代码吗?
你实际上是在运行
mysql_query("UPDATE development SET photo='$pic' ");
接下来几行,你运行
$staff_id = mysql_insert_id();
$new_file_name = mysql_insert_id() . $ext;
mysql_query("UPDATE development SET photo='$new_file_name' WHERE staff_id=$staff_id");
第一个查询显然会做你提到的问题。
答案 1 :(得分:0)
你的问题在于:
mysql_query("UPDATE development SET photo='$pic' ");
您应该WHERE类似staff_id条款(以及所有更新查询)
mysql_query("UPDATE development SET photo='$pic' WHERE staff_id = ".$staff_id);
*请注意mysql扩展名is now deprecated and will be removed sometime in the future。那是因为它古老,充满了不良做法,缺乏一些现代特色。不要用它来编写新代码。请改用PDO或mysqli_*。
这是你的查询的mysqli_等价物:
$query = "UPDATE development SET photo='$pic' WHERE staff_id = ".$staff_id
$link = mysqli_connect("[your_host]","[your_user]","[password]","[database]") or die("Error " . mysqli_error($link));
$result = $link->query($query);
答案 2 :(得分:0)
你是第一次更新整个表??? WHY ???
你的这段代码:
mysql_query("UPDATE development SET photo='$pic' ");
实际上正在更新它。
我认为您需要优化代码。
另外只检查扩展名上的文件是不好的,你可以通过在文件中添加错误的扩展名来愚弄。
编辑:
你需要从页面获取staff_id,从你收到更新照片的请求,或者你必须在你的会话或其他东西(因为我不知道它是如何工作)。
使用staff_if jus添加WHERE子句。
我不知道这2个更新语句在你的代码中做了什么?