无法使用PDO将文件名插入sql

时间:2014-11-27 02:40:00

标签: php mysql pdo

我创建了一个表单,在我的处理中将输入文本和文件名存储到sql我做多个图像重命名并保存到sql的路径,现在我的问题是当我处理表单而不添加图像输入文本存储到SQL,图像随机代码存储到SQL

当我添加图片并提交表单时,我没有收到错误,也没有数据转移到SQL

处理代码

    try {
#connection 
        $conn = new PDO('mysql:host=localhost;dbname=localtest', $db_username, $db_password);
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $data = $conn->prepare('INSERT INTO mobileadd (mcat, mtype, mtitle, files1, files2, files3, files4, files5, description, mmodel, modelnumber, alsoinclude, mcondition, price, youare, mname, email, phone, ylocation, ystreet) VALUES (:mcat, :mtype, :mtitle, :files1, :files2, :files3, :files4, :files5, :description, :mmodel, :modelnumber, :alsoinclude, :mcondition, :price, :youare, :mname, :email, :phone, :ylocation, :ystreet)');
        $mcat = filter_input(INPUT_POST, 'mcat', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $mtype = filter_input(INPUT_POST, 'mtype', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $mtitle = filter_input(INPUT_POST, 'mtitle', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $files1= filter_input(INPUT_POST, "$newname$file1", FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $files2= filter_input(INPUT_POST, "$newname$file2", FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $files3 = filter_input(INPUT_POST, "$newname$file3", FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $files4 = filter_input(INPUT_POST, "$newname$file4", FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $files5 =filter_input(INPUT_POST, "$newname$file5", FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $description = filter_input(INPUT_POST, 'description', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $mmodel = filter_input(INPUT_POST, 'mmodel', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $modelnumber = filter_input(INPUT_POST, 'modelnumber', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $alsoinclude = filter_input(INPUT_POST, 'alsoinclude', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $mcondition = filter_input(INPUT_POST, 'mcondition', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $price = filter_input(INPUT_POST, 'price', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $youare = filter_input(INPUT_POST, 'youare', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $mname = filter_input(INPUT_POST, 'mname', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $phone = filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $ylocation = filter_input(INPUT_POST, 'ylocation', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $ystreet = filter_input(INPUT_POST, 'ystreet', FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $data->execute(array(':mcat'=>$mcat, ':mtype'=>$mtype,':mtitle'=>$mtitle, ':files1' =>$files1, ':files2' =>$files2, ':files3' => $files3, ':files4' =>$files4, ':files5' => $files5, ':description'=>$description, ':mmodel'=>$mmodel, ':modelnumber'=>$modelnumber, ':alsoinclude'=>$alsoinclude, ':mcondition'=>$mcondition, ':price'=>$price, ':youare'=>$youare, ':mname'=>$mname, ':email'=>$email, ':phone'=>$phone, ':ylocation'=>$ylocation, ':ystreet'=>$ystreet));
#exception handiling
    } catch (PDOException $e) {
        echo $e->getMessage();
    }

1 个答案:

答案 0 :(得分:1)

从代码中删除这些行

        $files1= filter_input(INPUT_POST, "$newname$file1", FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $files2= filter_input(INPUT_POST, "$newname$file2", FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $files3 = filter_input(INPUT_POST, "$newname$file3", FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $files4 = filter_input(INPUT_POST, "$newname$file4", FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);
        $files5 =filter_input(INPUT_POST, "$newname$file5", FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP);`

并编辑数据像这样执行linle

$data->execute(array(':files1' => $newname.$file1))

一切都很完美