我刚刚了解到,准备好的语句比以前弃用的方法更适合使用。
我尝试了最好的能力和在线教程来完成这项工作并找出问题,但我没有运气,所以我在这里寻求帮助。
<?php
$db = mysql_connect("localhost","root","Mylife2015") or die ("Couldn't
connect to SQL server");
mysql_select_db("i-neo") or die("Couldn't select DB");
session_start();
if (isset($_SESSION['user_login'])) {
$user = $_SESSION["user_login"];
}
else {
$user = "";
}
$d = date('Y-m-d h:i:s a', time());
if(isset($_POST['log'])){
$man = $_POST['artist_name'];
$an = $_POST['album_name'];
$sn = $_POST['song_name'];
foreach($_FILES['files']['tmp_name'] as $key => $name_tmp){
$name = $_FILES['files']['name'][$key];
$tmpnm = $_FILES['files']['tmp_name'][$key];
$type = $_FILES['files']['type'][$key];
$size = $_FILES['files']['size'][$key];
$dir = "uploads/".$name;
$move = move_uploaded_file($tmpnm,$dir);
if($move){
$msi = $query = "INSERT INTO music ($user, $man, $an, $sn, $name,
$type, $size, $dir, $d) VALUES (?,?,?,?,?,?,?,?,?)";
$stmt = $db->prepare($msi);
$stmt->bind_param("sssssssss", $user, $man, $an, $sn, $name,
$type, $size, $dir, $d);
$stmt->execute();
if($msi){
echo "<script>alert('Insert Successful')</script>";
} else {
echo "<script>alert('Upload Fail')</script>";
}
} else {
echo "<script>alert('Uploaded Successfully')</script>";
}
}
}
?>
这是我的表格:
<form action="" method="post" enctype="multipart/form-data">
<p>
<label> Song</label>
<input type="file" name="files[]" />
</p>
<p>
<label> Artist Name</label>
<input type="text" name="artist_name" />
</p>
<p>
<label> Album Name</label>
<input type="text" name="album_name" />
</p>
<p>
<label> Song Name</label>
<input type="text" name="song_name" />
</p>
<p>
<input type="submit" name="log" value="Upload" />
</p>
这是我的数据库表:
CREATE TABLE IF NOT EXISTS `music` (
`id` int(11) NOT NULL,
`user` varchar(255) NOT NULL,
`artist_name` varchar(255) NOT NULL,
`audio_name` varchar(255) NOT NULL,
`album_name` varchar(255) NOT NULL,
`name` varchar(225) NOT NULL,
`type` varchar(71) NOT NULL,
`size` double NOT NULL,
`directory` varchar(71) NOT NULL,
`date_uplaoded` datetime NOT NULL
) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1;
答案 0 :(得分:2)
您正在尝试将prepared statements与msql_一起使用而不支持它们,您需要通过以下方式建立连接:
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "yourdbname";
// Create connection
$db = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($db->connect_error) {
die("Connection failed: " . $db->connect_error);
}
// prepare and bind
$stmt = $db->prepare("INSERT INTO tablename (name, fatherame, add) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $name, $fathername, $add);
// set parameters and execute
$name = "Muneer Khan";
$fathername = "Shabbir Khan";
$add = "KingsStreet";
$stmt->execute();
$stmt->close();
?>
或者您也可以这样使用PDO:
<?php
$server = "localhost";
$user = "username";
$pass = "password";
$db = "yourdbname";
try {
$conn = new PDO("mysql:host=$server;dbname=$db", $user, $password);
// set the PDO error mode to exception
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// prepare sql and bind parameters
$stmt = $db->prepare("INSERT INTO tablename (name, fathername, add)
VALUES (:name, :fathername, :add)");
$stmt->bindParam(':name', $name);
$stmt->bindParam(':fathername', $fathername);
$stmt->bindParam(':add', $add);
$name = "Muneer Khan";
$fathername = "Shabbir Khan";
$add = "KingsStreet";
$stmt->execute();
}
catch(PDOException $e)
{
echo "Error: " . $e->getMessage();
}
$db = null;
?>