使用配置文件数据存储配置文件pic

时间:2014-09-23 22:38:09

标签: php file-upload mysqli

所以我现在有了这个代码,但它只将pic存储在文件夹中,并没有超出该步骤。 表单中输入的数据不会存储在db ....中:(

<?php 
$sub=0;
ini_set( "display_errors", 0);
if(isset($_REQUEST['submited'])) {

// your save code goes here

$allowedExts = array("jpg", "jpeg", "gif", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/png")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 2097152)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "";
if (file_exists("media/" . $_FILES["file"]["name"]))
{
echo "<font size='4' color='red'><b>We are sorry, the file you trying to upload already exists.</b></font>";
}

else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"media/" . $_FILES["file"]["name"]);
$sub= 1;
$mysqli = new mysqli("localhost", "root", "", "cms");

// TODO - Check that connection was successful.

$name = $_POST["name"];
$surname = $_POST["surname"];
$about = $_POST["about"];
$visible = $_POST["visible"];
$admin = $_POST["admin"];

$file_path = $_FILES['file']['name'];
$type = $_FILES['file']['type'];
$size = $_FILES['file']['size'];


$stmt = $mysqli->prepare("INSERT INTO schauspieler (
name, surname, about, visible, admin, date, file_path, photo_type, photo_size
) VALUES (
'$name', '$surname', '$about', $visible, $admin, '$file_path', '$type', '$size', CURRENT_TIMESTAMP,
)");

// TODO check that $stmt creation succeeded

// "s" means the database expects a string
$stmt->bind_param("s", $name, $surname, $about, $visible, $admin, $file_path, $type, $size);

$stmt->execute();

$stmt->close();

$mysqli->close();



echo "<font size='7' color='red'><b> Success! Your photo has been uploaded.</b></font>";
}

}
}
else
{
echo "<font size='4' color='red'><b>We are sorry, the file you trying to upload is not an image or it exceeds 2MB in size.</b></font><br><font color='blue'><i>Only images under size of 2MB are allowed</i></font>.";
}
}
?>

谁能告诉我我错过了什么?

Thanx家伙

干杯 克里斯

1 个答案:

答案 0 :(得分:1)

似乎你准备好的陈述有问题。

您想要prepare()的查询必须有问号(?)而不是值。当您执行$stmt->execute()时,这些将被带入查询中。它使您能够使用不同的值多次执行查询。

之后,在执行bind_param()时,您需要提供EACH变量的数据类型,而不仅仅是第一个或一般。

这是一些未经测试的代码,希望它有帮助...

$stmt = $mysqli->prepare("INSERT INTO `schauspieler` (
    `name`, `surname`, `about`, `visible`, `admin`, `date`, `file_path`, `photo_type`, `photo_size`
) VALUES (
    ?, ?, ?, ?, ?, CURRENT_TIMESTAMP, ?, ?, ?
)");

$stmt->bind_param("sssiissi", $name, $surname, $about, $visible, $admin, $file_path, $type, $size);

尝试告诉我它是否有效。

仔细看看mysqli-Reference on prepared statements;)

http://php.net/manual/de/mysqli.prepare.php