我想将图片上传到一个数据库,在这个数据库中,只有当用户出现图像时它才会回显,但它不起作用,并且不会给我任何错误
<?php
session_start();
$pic = $_FILES['pic'];
$submit = $_POST['post'];
$user = $_SESSION['username'];
if($submit){
$connect = mysql_connect("localhost", "root", "123");
if($connect){
$database = mysql_select_db("phplogin");
if($database){
mysql_query("INSERT INTO images(image, user) VALUES ($pic, $user)");
$query = mysql_query("SELECT * FROM images WHERE user = '$user'");
$data2 = mysql_fetch_array($query);
header("Content-type: image/jpeg");
echo $data2['image'];
} else {
die("Couldn't connect to the database please try again, if you fail to connect again please contact me");
}
} else {
die("Couldn't connect to the database please try again, if you fail to connect again please contact me");
}
}
?>
答案 0 :(得分:1)
您需要先获取文件的内容,然后将其插入数据库。此外,您的查询不会以单引号关闭变量。
//Need to get contents then escape any characters that match
//mysql query elements like quotes etc.
$contents = mysql_real_escape_string( file_get_contents($_FILES['pic']['tmp_name']) );
$result = mysql_query("INSERT INTO images(image, user) VALUES ('$contents', '$user')");
if($result === FALSE){
//insert failed echo error and die
echo mysql_error();
die;
}
$query = mysql_query("SELECT * FROM images WHERE user = '$user'");
$data2 = mysql_fetch_array($query);
header("Content-type: image/jpeg");
echo $data2['image'];
请注意,您应该使用mysqli和prepared语句。 mysql_ *和mysql类是折旧的,使用预准备语句可以更好地防止注入攻击。
答案 1 :(得分:0)
您必须将图像名称保存在数据库表中。
$pic = $_FILES['pic']['name'];
您应该使用copy()php function
将图像保存在服务器的文件夹中copy($_FILES['pic']['tmp_name'],'path_to_folder/'.$_FILES['name']);