我是PHP的新手。我想创建一个新文件夹,并在提交表单时将图像添加到该文件夹。用户名称中的新文件夹按预期创建,但图像不会插入特定文件夹。
附加php和表单以供审核。如果有人帮助我会非常有帮助
如果我将$ username更改为move_uploaded_file中的现有文件夹名称,则会插入图像。看起来我在映射路径时遗漏了一些东西。寻找解决方案。感谢。
<?php include("header.php");
error_reporting(0);
if(isset($_POST['add_menu_submit']))
{
$gid=$_REQUEST['id'];
$qry1="select * from users";
$exec1=mysql_query($qry1);
$num1=mysql_num_rows($exec1);
$img1=$_FILES['image1']['name'];
$img2=$_FILES['image2']['name'];
$img3=$_FILES['image3']['name'];
$username=$_POST['username'];
$cid=$_REQUEST['id'];
$sqd= "insert into users(username,vanity,image1,image2,image3)values
('$username','$_POST[vanity]','$img1','$img2','$img3')";
$exe=mysql_query($sqd);
$msg='Product Have been Added sucessfully!!!';
header("location:manage_collection.php");
if (!file_exists($username)) {
mkdir($username, 0777, true);
}
move_uploaded_file($_FILES['image1']['tmp_name'],$username/$_FILES['image1']['name']);
move_uploaded_file($_FILES['image2']['tmp_name'],$username/$_FILES['image2']['name']);
move_uploaded_file($_FILES['image3']['tmp_name'],$username/$_FILES['image3']['name']);
}
?>
<section id="main" class="column">
<div class="clear"></div>
<form action="add_collection.php" name="product" method="post" enctype="multipart/form-data">
<article class="module width_full">
<?php echo $msg; ?>
<header><h3>Add New Collection</h3></header>
<div class="module_content">
<div style="color:#FF0000"> <?php if(isset($error)) { echo $error; } ?> </div>
<fieldset>
<label>Pagename</label>
<input type="text" name="username" value="">
</fieldset>
<fieldset>
<label>Vanity</label>
<input type="text" name="vanity" value="">
</fieldset>
<fieldset>
<label>Image</label>
<input type="file" name="image1" id="image">
</fieldset>
<fieldset>
<label>Image</label>
<input type="file" name="image2" id="image">
</fieldset>
<fieldset>
<label>Image</label>
<input type="file" name="image3" id="image">
</fieldset>
<!--<fieldset>
<label>status</label>
<select name="status" id="status" size="1">
<option value="Active">Active</option>
<option value="Inactive">Inactive</option>
</select>
</fieldset>-->
<footer>
<div class="submit_link" style="float:inherit;" align="center">
<input type="submit" value="Submit" class="alt_btn" name="add_menu_submit">
<input type="reset" value="Reset" class="alt_btn1" >
</div>
</footer>
</div>
</article><!-- end of post new article -->
</form>
</section>
<?php include("footer.php"); ?>
答案 0 :(得分:0)
请使用一个move_uploaded_file:)
$a=move_uploaded_file($_FILES['image1']['tmp_name'],$username/$_FILES['image1']['name']);
$b=move_uploaded_file($_FILES['image2']['tmp_name'],$username/$_FILES['image2']['name']);
$c=move_uploaded_file($_FILES['image3']['tmp_name'],$username/$_FILES['image3']['name']);
答案 1 :(得分:0)
除了我之前关于使用move_uploaded_file(),使用$_POST['username']直接导入mkdir()和SQL注入漏洞的评论:
move_uploaded_file($_FILES['image1']['tmp_name'], $username . '/' . basename($_FILES['image1']['name']));
问题是$username/$_FILES['image1']['name']是一个除法,而不是字符串连接。
其次,您不应该使用客户端提供的完整路径;这就是我添加basename()来限制'../../../../etc/php.ini'等路径的原因。