所以我现在有了这个代码,但它只将pic存储在文件夹中,并没有超出该步骤。 表单中输入的数据不会存储在db ....中:(
<?php
$sub=0;
ini_set( "display_errors", 0);
if(isset($_REQUEST['submited'])) {
// your save code goes here
$allowedExts = array("jpg", "jpeg", "gif", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/png")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 2097152)
&& in_array($extension, $allowedExts))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
}
else
{
echo "";
if (file_exists("media/" . $_FILES["file"]["name"]))
{
echo "<font size='4' color='red'><b>We are sorry, the file you trying to upload already exists.</b></font>";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"media/" . $_FILES["file"]["name"]);
$sub= 1;
$mysqli = new mysqli("localhost", "root", "", "cms");
// TODO - Check that connection was successful.
$name = $_POST["name"];
$surname = $_POST["surname"];
$about = $_POST["about"];
$visible = $_POST["visible"];
$admin = $_POST["admin"];
$file_path = $_FILES['file']['name'];
$type = $_FILES['file']['type'];
$size = $_FILES['file']['size'];
$stmt = $mysqli->prepare("INSERT INTO schauspieler (
name, surname, about, visible, admin, date, file_path, photo_type, photo_size
) VALUES (
'$name', '$surname', '$about', $visible, $admin, '$file_path', '$type', '$size', CURRENT_TIMESTAMP,
)");
// TODO check that $stmt creation succeeded
// "s" means the database expects a string
$stmt->bind_param("s", $name, $surname, $about, $visible, $admin, $file_path, $type, $size);
$stmt->execute();
$stmt->close();
$mysqli->close();
echo "<font size='7' color='red'><b> Success! Your photo has been uploaded.</b></font>";
}
}
}
else
{
echo "<font size='4' color='red'><b>We are sorry, the file you trying to upload is not an image or it exceeds 2MB in size.</b></font><br><font color='blue'><i>Only images under size of 2MB are allowed</i></font>.";
}
}
?>
谁能告诉我我错过了什么?
Thanx家伙
干杯 克里斯
答案 0 :(得分:1)
似乎你准备好的陈述有问题。
您想要prepare()
的查询必须有问号(?)而不是值。当您执行$stmt->execute()
时,这些将被带入查询中。它使您能够使用不同的值多次执行查询。
之后,在执行bind_param()
时,您需要提供EACH变量的数据类型,而不仅仅是第一个或一般。
这是一些未经测试的代码,希望它有帮助...
$stmt = $mysqli->prepare("INSERT INTO `schauspieler` (
`name`, `surname`, `about`, `visible`, `admin`, `date`, `file_path`, `photo_type`, `photo_size`
) VALUES (
?, ?, ?, ?, ?, CURRENT_TIMESTAMP, ?, ?, ?
)");
$stmt->bind_param("sssiissi", $name, $surname, $about, $visible, $admin, $file_path, $type, $size);
尝试告诉我它是否有效。
仔细看看mysqli-Reference on prepared statements;)