<?php
include("database.php");
include("session.php");
if(isset($_POST['submit']))
{
$uploadpath = 'upload/'; // directory to store the uploaded files
$max_size = 2000; // maximum file size, in KiloBytes
$alwidth = 900; // maximum allowed width, in pixels
$alheight = 800; // maximum allowed height, in pixels
$allowtype = array('bmp', 'gif', 'jpg', 'jpe', 'jpeg', 'png'); // allowed extensions
if(isset($_FILES['fileup']) && strlen($_FILES['fileup']['name']) > 1) {
$timestamp = time();
$uploadpath = $uploadpath . $timestamp . basename( $_FILES['fileup']['name']); // gets the file name
$sepext = explode('.', strtolower($_FILES['fileup']['name']));
$type = end($sepext); // gets extension
list($width, $height) = getimagesize($_FILES['fileup']['tmp_name']); // gets image width and height
$err = ''; // to store the errors
// Checks if the file has allowed type, size, width and height (for images)
if(!in_array($type, $allowtype)) $err .= 'The file: <b>'. $_FILES['fileup']['name']. '</b> not has the allowed extension type.';
if($_FILES['fileup']['size'] > $max_size*1000) $err .= '<br/>Maximum file size must be: '. $max_size. ' KB.';
if(isset($width) && isset($height) && ($width >= $alwidth || $height >= $alheight)) $err .= '<br/>The maximum Width x Height must be: '. $alwidth. ' x '. $alheight;
// If no errors, upload the image, else, output the errors
if(is_uploaded_file($_FILES['fileup']['tmp_name']))
{
move_uploaded_file( $_FILES['fileup']['tmp_name'], $uploadpath) ;
$file=$uploadpath;
$caddress=$_POST["caddress"];
$username = $_SESSION["username"];
$result=mysql_query("insert into company(file,caddress,username)values('$file','$caddress','$username')");
echo "Inserted Successfully";
}
else
{
echo "There was an error uploading the data, please try again!";
}
}
}
?>
<center><b>Insert Company logo and Address</b></center><br>
<form name="form1" method="post" action="" onSubmit="submit" enctype="multipart/form-data">
<center><table style="width:250px">
<tr>
<td><b>Image</td> <td><input type="file" name="fileup" id="fileup" size="25" /></td>
</tr>
<tr>
<td><b>Address</td>
<td><textarea name="caddress" maxlength="600" cols="40" rows="10"></textarea></td></tr>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" name="submit" value="submit"/></td>
</tr>
</form
表单应该是第一次提交。如果我们从已经插入的agian警报数据提交,则只将表单提交一次到数据库中。 表格应该是第一次提交。如果我们从已插入的agian警报数据提交,则只将表格提交一次到数据库中。
答案 0 :(得分:0)
在提交headear之后使用insert query,它将解决问题
if(mysql_affected_rows()>0)//checking weather the query worked or not
{
header( 'Location: http://www.example.com/congratz.html');
}
//You can give any file name there after Location does not matter
同时检查此链接
此外,mysql已被弃用,学习mysqli或PDO
对于mysqli函数,请检查此链接http://php.net/manual/en/book.mysqli.php
对于PDO功能,请检查此链接http://php.net/manual/en/book.pdo.php
要了解标题,请查看此链接http://php.net/manual/en/function.header.php
答案 1 :(得分:0)
禁用点击事件
上的提交按钮答案 2 :(得分:0)
如果你不想避免在提交表格时,例如点击“刷新”或“后退”按钮,那么诀窍就是在表单中添加一个令牌:
<?php
$msg = null;
session_start();
if( isset($_POST['submit']) ) {
if( !isset($_POST['token'])
||!isset($_SESSION['formToken'])
|| $_POST['token'] !== $_SESSION['formToken']) {
$msg = 'The form was not submitted.';
} else {
// do stuff
$msg = 'The form was submitted successfully.';
}
}
$formToken = uniqid('', true);
$_SESSION['formToken'] = $formToken;
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title></title>
</head>
<body>
<?php if( $msg !== null) : ?>
<p><?= $msg; ?></p>
<?php endif; ?>
<form method="POST" action="">
<!-- stuff-->
<input type="hidden" name="token" value="<?= htmlspecialchars($formToken, ENT_QUOTES, 'UTF-8')?>" />
<button type="submit" name="submit" value="submit">Submit</button>
</form>
</body>
</html>
重新加载页面时,会再次提交已提交的相同表单输入。
这意味着如果您添加一个带有唯一ID(令牌)的输入字段,您就可以知道将提交相同的表单。
存储在会话变量中的值将保持与存储在文件或数据库记录中的值相同,而不是恢复为提交表单时的值。
您可以将令牌存储在会话变量中,并将其与从表单提交的令牌进行比较。如果它们不相等,这意味着再次提交表单,您可以忽略输入(您可以阻止插入数据库记录)。
这也会阻止表单spoofed form submissions。