使用PHP在MYSQL中存储图像路径

时间:2015-01-14 14:45:54

标签: php mysql

我的PHP文件需要将图像保存在服务器中并将图像路径存储在MYSQL数据库中。

我的数据库 imageid 包含表格 image_table ,如下所示:

create table image_table
(
ID     INT not null AUTO_INCREMENT,
path   varchar(256),
primary key (ID)
)

我的PHP代码如下。服务器中的图像保存工作正常,但在DB中存储图像路径时几乎没有错误。 运行以下PHP代码时出错:

Parse error: syntax error, unexpected '$conn' (T_VARIABLE) in   C:\xampp\htdocs\appinventor\postfile.php on line 7

以上错误的PHP代码:

   <?PHP
$servername = "localhost";
$username = "root";
$password = "basis123";
$database = "imageid"
// Create connection
$conn = new mysqli($servername, $username, $password);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
} 
echo "Connected successfully";  


@mysqli_select_db($database) or die( "Unable to select database");

 $query = "INSERT INTO image_table (path) VALUES('$_GET['filename']')");
//mysql_query($query);

//File Transfer Logic
$data = file_get_contents('php://input');

if (!(file_put_contents($_GET['filename'],$data) === FALSE)) echo "File xfer completed."; // file    could be empty, though
 else echo "File xfer failed.";

 // $_GET['filename'] has the file name . and C:\xampp\htdocs\myapp is the file path
 echo $_GET['filename']
 //mysql_close();   
 ?>

当我在php代码中删除数据库连接和SQLQuery时,连接成功。 删除了成功连接的代码行并记录为“已成功连接”

 @mysqli_select_db($database) or die( "Unable to select database");

 $query = "INSERT INTO image_table (path) VALUES('$_GET['filename']')");
 //mysql_query($query);

我哪里出错了?有什么建议吗?

3 个答案:

答案 0 :(得分:1)

主要问题:

$database = "imageid" 
                     ^----missing ;
$conn = new m

PHP字符串+数组101:除非使用{} - 扩展语法,否则不能在双引号字符串中使用带引号的数组键:

$foo = "$arr['key']"; // bad
$foo = "$arr[key]"; // ok
$foo = "{$arr['key']}"; // ok

所以:

 $query = "INSERT INTO image_table (path) VALUES('$_GET['filename']')");
                                                        ^--------^

是错误的,并且容易受到SQL注入攻击。

答案 1 :(得分:1)

之后你需要一个半结肠 
 $database = "imageid"

所以它应该是

$database = "imageid";

您也不希望将用户输入直接放入SQL中。 http://en.wikipedia.org/wiki/SQL_injection

答案 2 :(得分:1)

你在$ database =&#34; imageid&#34;

之后忘记了分号 
$database = "imageid";

你在这里有无关的括号:

$query = "INSERT INTO image_table (path) VALUES('$_GET['filename']')");

试试这个:

<?php


    $servername = "localhost";
    $username = "root";
    $password = "basis123";
    $database = "imageid";
    // Create connection
    $conn = new mysqli($servername, $username, $password,$database);

    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    }
    echo "Connected successfully";


    mysqli_select_db($conn,$database);

    $query = "INSERT INTO image_table (path) VALUES('".$_GET['filename']."')";//also this is unsafe
    //mysql_query($query);

    //File Transfer Logic
    $data = file_get_contents('php://input');

    if (!(file_put_contents($_GET['filename'],$data) === FALSE)) echo "File xfer completed."; // file    could be empty, though
    else echo "File xfer failed.";

    // $_GET['filename'] has the file name . and C:\xampp\htdocs\myapp is the file path
    echo $_GET['filename']
    //mysql_close();   
    ?>
相关问题
最新问题