我正在尝试创建我的第一个准备好的声明。在执行此操作之前,我的大部分查询都正常工作,但是每个人都告诉我应该这样做以防止SQL注入。
我正在尝试将产品信息发送到我的数据库。包含在这些数据中,我正在尝试发送一个img文件并将其移动到我的数据库中。在尝试这个准备好的语句之前,我正在做一个简单的mysqli插入语句,我的查询中唯一不起作用的部分是获取img的文件名作为实际文件名显示在我的数据库中。它上传的方式是" array"或" 1"。我改变了一些事情,试图尽可能地使用程序声明。
我不太确定我在这个准备好的声明中上传img文件的尝试是否正确。原因是现在甚至没有发送到我的数据库。我的数据库连接没有任何错误。点击提交后,它就像发送一样,但没有任何内容出现。
我开始验证我输入数据库的内容。
<?php
//Validation
if(Input::exists()) {
if(Token::check(Input::get('token'))) {
$validate = new Validate();
$validation = $validate->check($_POST, array(
'product_id' => array(
'required' => true,
'min' => 1,
'max' => 50,
'unique' => 'products'
),
'name' => array (
'required' => true,
'min' => 2,
'max' => 50
),
'price' => array (
'required' => true,
'min' => 1,
'max' => 50
),
'saleprice' => array (
'min' => 1,
'max' => 50
),
'final_price' => array (
'required' => true,
'min' => 1,
'max' => 50
),
'shippingprice' => array (
'max' => 50
),
'category' => array (
'required' => true,
'min' => 2,
'max' => 50
),
'item_details' => array (
'required' => true,
'min' => 2,
'max' => 1550
),
'item_details2' => array (
'max' => 1550
),
'description' => array (
'required' => true,
'min' => 2,
'max' => 1550
)
)
);
然后我处理表单信息。我不确定我的$ file变量是否适合将文件名发送到db。
我在php错误信息上得到此错误.. 注意:未定义的索引:在第90行的/home4/pfarley1/public_html/addproduct.php中的img
//Create
$date = date('Y-m-d H:i:s');
if($validation->passed()) {
if(isset($_POST['create'])){
$product_id = trim( $_POST['product_id'] );
$name = trim( $_POST['name'] );
$price = trim( $_POST['price'] );
$saleprice = trim( $_POST['saleprice'] );
$final_price = trim( $_POST['final_price'] );
$shippingprice = trim( $_POST['shippingprice'] );
$category = trim( $_POST['category'] );
$item_details = trim( $_POST['item_details'] );
$item_details2 = trim( $_POST['item_details2'] );
$description = trim( $_POST['description'] );
$viewproduct_type = trim( $_POST['viewproduct_type'] );
$date = ( $_POST['date_created'] );
//line 90 $file = ($_POST ['img'] [move_uploaded_file($_FILES['file']['tmp_name'],"productpics/". $_FILES['file']['name'])] );
//Connection
$con = mysqli_connect("localhost","root","","bfb");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
/* create a prepared statement */
if ($stmt = mysqli_prepare($con, "INSERT INTO products ('product_id', 'name', 'price', 'saleprice', 'final_price', 'shippingprice', 'category', item_details', 'item_details2', 'description', 'viewproduct_type', 'date', 'img') VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) {
/* bind parameters for markers */
$stmt->bind_param('isiiiisssssis', $product_id, $name, $price, $saleprice, $final_price, $shippingprice, $category, $item_details, $item_details2, $description, $viewproduct_type, $date, $file);
/* execute query */
$stmt->execute();
/* bind result variables */ //Not sure what to put here?
$stmt->bind_result($district);
/* fetch value */ //or here??
$stmt->fetch();
/* close statement */
mysqli_stmt_close($stmt);
}
}
}
}
}
?>
表格
<form action="" method="POST" enctype="multipart/form-data">
<div class="field">
<label for="product_id">Product ID</label>
<input type="text" name="product_id" class="smallinputbar" required>
</div>
<div class="field">
<label for="name">Product Name</label>
<input type="text" class="inputbar" name="name" required>
</div>
<div class="field">
<label for="price">Product Price</label>
<input type="text" class="smallinputbar" name="price" required>
</div>
<div class="field">
<label for="saleprice">Sale Price</label>
<input type="text" class="smallinputbar" name="saleprice">
</div>
<div class="field">
<label for="final_price">Final Price</label>
<input type="text" class="smallinputbar" name="final_price" required>
</div>
<div class="field">
<label for="shippingprice">Shipping Price</label>
<input type="text" class="smallinputbar" name="shippingprice" required>
</div>
<div class="field">
<label for="category">Category</label>
<input type="text" class="inputbar" name="category" required>
</div>
<div class="field">
<label for="item_details">Item Details</label>
<input type="message" class="messageinput" name="item_details" required>
</div>
<div class="field">
<label for="item_details2">Item Details 2</label>
<input type="message" class="messageinput" name="item_details2">
</div>
<div class="field">
<label for="description">Description</label>
<input type="message" class="messageinput" name="description" required>
</div>
<div class="field">
<label for="viewproduct_type">View Product Type</label>
<select class="optionbar" name="viewproduct_type">
<option name="notSelected">Not Selected</option>
<option name="viewproduct_type" value="a href='./viewProduct.php?view_product=$id">Standard</option>
<option name="viewproduct_type" value="Option">Option</option>
</select>
</div>
<input type="hidden" name="token" value="<?php echo Token::generate(); ?>">
<label for="button">
<input type="submit" id="button" name="create" value="Create New Product">
</label>
<span class="floatright">
<input type="file" name="file" class="inputbarfile">
<input type="submit" name="create" id="signinButton" value="Upload">
</span>
</form>
我按照php手册和youtube的例子,但没有一个真的像我在做什么,尤其是添加img文件上传。
有人看到我准备好的陈述或我试图上传img文件的方式出错吗?我已经被困在img文件上传了很长时间,并尝试了一百万种不同的方式,我希望这种方式能够奏效,或者我是否可以获得指导以解决我的问题。我正在做。