在网页上破解的照片

时间:2014-05-20 04:35:05

标签: php mysql

我可以使用form_upload.php将项目添加到mysql服务器并在服务器文件夹上上传照片,但照片无法显示在view_data.php上。我已将文件权限设置为777,但仍然无效。

这是我的form_upload php和view_data.php:

<!DOCTYPE html>
<html>
<link href="style.css" rel="stylesheet" type="text/css">
<style type="text/css">
</style>
<title>Image Upload</title>
<body>
<div id="container">
    <div class="content">
        <form action="form_upload.php" method="post" enctype="multipart/form-data">
        <fieldset>
        <table width="350" border="0" align="center">
        <legend>Image Information Entry

          <tr><td><label>Title<span class="required">*</span></label></td>
          <td align="center"><input type="text" name="title" placeholder="title"></br></td></tr>

          <tr><td><label>Description<span class="required">*</span></label></td>
          <td align="center"><input type="text" name="description" placeholder="description"></br></td></tr>

          <tr><td><label>Username<span class="required">*</span></label></td>
          <td align="center"><input type="text" name="username" placeholder="username"></br></td></td>

          <tr><td><label>Mobile Number<span class="required">*</span></label></td>
          <td align="center"><input type="text" name="mobilenumber" class="input-small" placeholder="mobilenumber"></br></td></tr>

          <tr><td><label>Address<span class="required">*</span></label></td>
          <td align="center"><input type="text" name="address" class="input-xlarge" placeholder="address"></br></td></tr>

          <tr><td><label for="file">Upload Image:</label></td>
          <td align="right"><input type="file" name="file" id="file"><br></td></tr>  
          <tr><td>&nbsp;  </td></tr>
        <tr><td colspan="2" align="center"><button type="submit" name="submit" class="btn">Submit</button>
        <a href="view_data.php?o=0" class="btn btn-primary">View Gallery</a></td></tr>

<tr><td colspan="2"> &nbsp </td></tr>      
<tr><td colspan="2" align="center">        
<?php
if(isset($_REQUEST['submit']))
{
$con=mysqli_connect("local","user","pass","table");

        // Check connection
        if (mysqli_connect_errno())
          {
          echo "Failed to connect to MySQL: " . mysqli_connect_error();
          }
        $allowedExts = array("gif", "jpeg", "jpg", "png");
        $temp = explode(".", $_FILES["file"]["name"]);
        $extension = end($temp);
        $title=$_POST['title'];
        $description=$_POST['description'];
        $username=$_POST['username'];
        $mobilenumber=$_POST['mobilenumber'];
        $address=$_POST['address'];
        $file=$_FILES["file"]["name"];
        $size= $_FILES["file"]["size"];

if( empty($title) || empty($description) || empty($mobilenumber) || empty($address) || empty($file))
{
    echo "<label class='err'>All field is required</label>";
}
    elseif(!is_numeric($mobilenumber))
    {
    echo "<label class='err'>Mobile number must be numeric</label>";
    }
    elseif($size >40000)
    {
        echo "<label class='err'> Image size must not greater than 40kb </label>";
    }
        if ((($_FILES["file"]["type"] == "image/gif")
        || ($_FILES["file"]["type"] == "image/jpeg")
        || ($_FILES["file"]["type"] == "image/jpg")
        || ($_FILES["file"]["type"] == "image/pjpeg")
        || ($_FILES["file"]["type"] == "image/x-png")
        || ($_FILES["file"]["type"] == "image/png"))
        && ($_FILES["file"]["size"] < 40000)
        && in_array($extension, $allowedExts)) 
        {
          if ($_FILES["file"]["error"] > 0) 
          {
            echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
          } 

                if (file_exists("/test/upload" . $_FILES["file"]["name"])) 
                {
                  echo $_FILES["file"]["name"] . "Image upload already exist. ";
                } 
                else
                {
                  move_uploaded_file($_FILES["file"]["tmp_name"],
                  "/home/tz005/public_html/test/upload/" . $_FILES["file"]["name"]);
                  mysqli_query($con,"INSERT INTO item_image (title, description, username, mobilenumber, address, filename)
                    VALUES ('$title', '$description', '$username', '$mobilenumber', '$address', '$file')");
                echo "Image Information Successfully Saved!";
                }

        }
    mysqli_close($con);
}
?>
</td></tr>
        </legend>
        </table>
        </fieldset>
        </form>
    </div>
  <div class="footer"></div>
</div>
</body>
</html>

<!DOCTYPE html>
<html>
<link href="style.css" rel="stylesheet" type="text/css">
<style type="text/css">
</style>
<title>view image information</title>
<body>
<div id="container">
    <div class="con2">
    <?php
        $con=mysqli_connect("server","user","pass","table");

        if (is_numeric($_GET['o']))
        {
            $o=$_GET['o'];
        }else {
            $o=0;
            }

        if ($o >=1){
            $prev=$o-1;
            } else{
                $prev=0;
            }


        $query=mysqli_query($con,"SELECT * FROM item_image LIMIT $o, 1");
        $get_pic=mysqli_fetch_assoc($query);

        $query2=mysqli_query($con,"SELECT imageid FROM item_image");
        $get_pic2=mysqli_fetch_assoc($query2);
        $total=mysqli_num_rows($query2);

        if ($o <=$total){$next=$o+1;}

    ?>
    <?php do { ?>
    <table align="center" width="300" border=".5" bordercolor="#0B615E">
        <tr> <td colspan="2" align="center"><?php echo '<img src="/home/tz005/public_html/test/upload/filename' . $get_pic['filename'] . '" width="200" height="200"> '; ?></td></tr>
        <tr><td width="60"> Details: </td> <td align="left" bordercolor="#0B615E"> <?php echo $get_pic['title']; ?>  &nbsp
        <?php echo $get_pic['description'];?>  &nbsp
      <?php echo $get_pic['username'];?> </td></tr>
        <tr><td width="60"> Mobile number:</td> <td align="left"><?php echo $get_pic['mobilenumber']; ?></td></tr>
        <tr><td width="60"> Address: </td> <td align="left"><?php echo $get_pic['address']; ?></td></tr>
    <tr><td colspan="2" align="center"> 
    <?php
    } while ($get_pic=mysqli_fetch_assoc($query));
    ?>
    <?php if ($o>0){ ?>
    <span><a href="view_data.php?o=<?php echo $prev; ?>">Previous</a></span> 
    <?php } ?>
    <?php if ($o < ($total - 1)){ ?>
    <span><a href="view_data.php?o=<?php echo $next; ?>">Next</a></span>
    <?php } ?>

    <?php
        mysqli_close($con);
    ?>
    </td><tr>
    <tr><td colspan="2"> &nbsp </td></tr>
    <tr>
      <td colspan="2" align="center"><a href="form_upload.php"> Back to Image Information Entry</td></tr>
    </table>
    </div>

</div>
</body>
</html>

1 个答案:

答案 0 :(得分:1)

您的图片代码指向您的文件系统,需要指向一个网址:

<img src="/home/tz005/public_html/test/upload/filename' . $get_pic['filename'] . '"

您应该将其更改为:

<img src="/test/upload/'.$get_pic['filename'].'"