在第121-122行,我有一个查询。它没有插入我的数据库。我的HTML表单中包含所有正确的名称=''和变量,我只是没有在这里包含它,因为它是PHP代码有问题。插入查询未插入。
<?php if (!$User) {
echo '
<div class="container">
<div class="panel panel-danger">
<div class="panel-heading">
<h3 class="panel-title">Error</h3>
</div>
<div class="panel-body">
Please log in to an account.
</div>
</div>
</div>
';
include $_SERVER["DOCUMENT_ROOT"]."/_INCLUDES/Footer.php";
exit;
}
$itemname = $db->real_escape_string(strip_tags(stripslashes($_POST['name'])));
$itemtype = $db->real_escape_string(strip_tags(stripslashes($_POST['type'])));
$itemprice = $db->real_escape_string(strip_tags(stripslashes($_POST['price'])));
$filename = $db->real_escape_string(strip_tags(stripslashes($_POST['filename'])));
$numbersold = $db->real_escape_string(strip_tags(stripslashes($_POST['numbersold'])));
$itemtype = $db->real_escape_string(strip_tags(stripslashes($_POST['itemtype'])));
$selectype = $db->real_escape_string(strip_tags(stripslashes($_POST['type1'])));
$ItemDesc = $db->real_escape_string(strip_tags(stripslashes($_POST['ItemDesc'])));
$ifsale = $db->real_escape_string(strip_tags(stripslashes($_POST['ifsale'])));
$timed = $db->real_escape_string(strip_tags(stripslashes($_POST['timed'])));
date_default_timezone_set('EDT');
$time = date("F jS, Y, g:i a");
$submit = $db->real_escape_string(strip_tags(stripslashes($_POST['submit'])));
if($submit) {
$itemname = filter($itemname);
if($itemprice <= 0) {
$itemprice = "0";
}
if(!is_numeric($itemprice))
{
$itemprice = "0";
}
if ($itemtype == "limited")
{
if ($numbersold < 1) {
echo "<b>Error, must be at least 1 in stock.</b>";
exit;
}
}
$target_dir = $_SERVER["DOCUMENT_ROOT"]."/Store/Dir/"; // Directory the file is being uploaded to.
$HashImg = hash('sha1',microtime()); // Hash image, prevents overwrite.
$target_file = $target_dir . $HashImg . '_' . basename($_FILES["fileToUpload"]["name"]); // Name of file when done.
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION); // Checks file type.
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
$check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
if($check !== false) {
echo '
<div class="container">
<div class="alert alert-success alert-dismissible" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>
<strong>Success</strong> Your item has been uploaded and is now awaiting moderation.
</div>
</div>
';
$uploadOk = 1;
} else {
/*
echo '
<div class="container">
<div class="alert alert-danger alert-dismissible" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>
<strong>Error</strong> File is not an image.
</div>
</div>';
*/
$uploadOk = 0;
}
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 31457280) { // 30 MB
echo '
<div class="container">
<div class="alert alert-danger alert-dismissible" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>
<strong>Error</strong> Your file is too large. Max file size is 30 MB.
</div>
</div>
';
$uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" ) {
echo '
<div class="container">
<div class="alert alert-danger alert-dismissible" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>
<strong>Error</strong> Only JPG, JPEG, PNG, and GIF files are allowed.
</div>
</div>
';
$uploadOk = 0;
}
else {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
// If file passes all checks, insert to moderation queue.
if ($itemtype == "timed") {
$istimed = "1";
}
else {
$istimed = "0";
}
error_reporting(E_ALL); ini_set('display_errors', 1);
mysqli_query($db, "INSERT INTO ItemsAwaitingModeration (Name, File, Type, Price, CreatorID, saletype, numbersales, numberstock, sell, Description, CreationTime, Timed, TimeLength)
VALUES ('$itemname','".$_FILES['uploaded']['name']."','$selectype','$itemprice','$client->ID','$itemtype','$numbersold','$numbersold','$ifsale','$ItemDesc','$now','$istimed','$timed')");
} else {
echo "Sorry, there was an error uploading your file.";
}
}
}
?>