我在数据库中尝试插入表单值。如果用户已经登录,那么它会很好地插入数据库。但如果不先登录,我已将所有字段存储在cookie中,然后将其重定向到登录,然后在表单页面上返回后,所有内容都将完美插入,但我的文件不会移动到给定路径。请建议到目前为止给出的代码.. 在move_uploaded_file上显示错误($ cookie17,$ pat);
<?php
if(isset($_POST['submit'])
{
$ad_title=$mysqli->real_escape_string($_POST['ad_title']);
$category=$mysqli->real_escape_string($_POST['category']);
$sub_category=$mysqli->real_escape_string($_POST['sub_category']);
$description=$mysqli->real_escape_string($_POST['description']);
$rent_amount=$mysqli->real_escape_string($_POST['rent_amount']);
$rent_security=$mysqli->real_escape_string($_POST['rent_security']);
$contact=$mysqli->real_escape_string($_POST['contact']);
$email=$mysqli->real_escape_string($_POST['email']);
$city=$mysqli->real_escape_string($_POST['city']);
$state=$mysqli->real_escape_string($_POST['state']);
$area=$mysqli->real_escape_string($_POST['area']);
$buy=(isset($_POST['buy'])?1:0);
$sell=(isset($_POST['sell'])?1:0);
$rent=(isset($_POST['rent'])?1:0);
$manufacture=$mysqli->real_escape_string($_POST['company_name']);
$conditions=$mysqli->real_escape_string($_POST['condition']);
$rent_option=$mysqli->real_escape_string($_POST['rent_option']);
$a=$_FILES['file']['name'];
$path="image/product/$a";
$b=$_FILES['file2']['name'];
$path2="image/product/$b";
$c=$_FILES['file3']['name'];
$path3="image/product/$c";
$d=$_FILES['file4']['name'];
$path4="image/product/$c";
$e=$_FILES['file5']['name'];
$path5="image/product/$c";
if(isset($_SESSION['user_id'])){
$query=$mysqli->query("insert into ads(product_name,category,sub_category,description,image_1,image_2,image_3,image_4,image_5,city,state,rent_amount,rent_option,security_amount,contact_no,email,area,buy,sell,rent,user_id,manufacture,conditions)values('$ad_title','$category','$sub_category','$description','$a','$b','$c','$d','$e','$city','$state','$rent_amount','$rent_option','$rent_security','$contact','$email','$area','$buy','$sell','$rent','$user_id','$manufacture','$conditions')");
move_uploaded_file($_FILES['file']['tmp_name'],$path) & move_uploaded_file($_FILES['file2']['tmp_name'],$path2) & move_uploaded_file($_FILES['file3']['tmp_name'],$path3) & move_uploaded_file($_FILES['file4']['tmp_name'],$path4) & move_uploaded_file($_FILES['file5']['tmp_name'],$path5);
if($query)
{
echo "success";
}
}else{
$time = time() + 60;
setcookie('email',$email,$time);
setcookie('ad_title',$ad_title,$time);
setcookie('category',$category,$time);
setcookie('sub_category',$sub_category,$time);
setcookie('description',$description,$time);
setcookie('rent_amount',$rent_amount,$time);
setcookie('rent_security',$rent_security,$time);
setcookie('contact',$contact,$time);
setcookie('city',$city,$time);
setcookie('state',$state,$time);
setcookie('area',$area,$time);
setcookie('buy',$buy,$time);
setcookie('sell',$sell,$time);
setcookie('rent',$rent,$time);
setcookie('manufacture',$manufacture,$time);
setcookie('condition',$conditions,$time);
setcookie('rent_option',$rent_option,$time);
setcookie('file',$a,$time);
setcookie('file2',$b,$time);
setcookie('file3',$c,$time);
setcookie('file4',$d,$time);
setcookie('file5',$e,$time);
header("Location:product/login.php"); }
}
if(isset($_COOKIE['email'])){
$email =$_COOKIE['email'];
$cookie2 = $_COOKIE['ad_title'];
$cookie3 = $_COOKIE['category'];
$cookie4 = $_COOKIE['sub_category'];
$cookie5 = $_COOKIE['description'];
$cookie6 = $_COOKIE['rent_amount'];
$cookie7 = $_COOKIE['rent_security'];
$cookie8 = $_COOKIE['contact'];
$cookie9 = $_COOKIE['city'];
$cookie10 = $_COOKIE['state'];
$cookie11 = $_COOKIE['area'];
$cookie12 = $_COOKIE['buy'];
$cookie13 = $_COOKIE['sell'];
$cookie14 = $_COOKIE['rent'];
$cookie15 = $_COOKIE['manufacture'];
$cookie16 = $_COOKIE['condition'];
$cookie17 = $_COOKIE['file'];
$cookie18 = $_COOKIE['file2'];
$cookie19 = $_COOKIE['file3'];
$cookie20 = $_COOKIE['file4'];
$cookie21 = $_COOKIE['file5'];
$cookie22 = $_COOKIE['rent_option'];
$pat="image/product/$cookie17";
$pat2="image/product/$cookie18";
$pat3="image/product/$cookie19";
$pat4="image/product/$cookie20";
$pat5="image/product/$cookie21";
$query1=$mysqli->query("insert into ads(product_name,category,sub_category,description,image_1,image_2,image_3,image_4,image_5,city,state,rent_amount,rent_option,security_amount,contact_no,email,area,buy,sell,rent,user_id,manufacture,conditions)
values
('$cookie2','$cookie3','$cookie4','$cookie5','$cookie17','$cookie18','$cookie19','$cookie20','$cookie21',
'$cookie9','$cookie10','$cookie6','$cookie22','$cookie7','$cookie8',
'$email','$cookie11','$cookie12','$cookie13','$cookie14','$user_id','$cookie15','$cookie16')");
move_uploaded_file($cookie17,$pat)&
move_uploaded_file($cookie18,$pat2)&
move_uploaded_file($cookie19,$pat3)&
move_uploaded_file($cookie20,$pat4)&
move_uploaded_file($cookie21,$pat5);
if($query1){
echo "Succes";
}
else{
echo "Something went wrong.";
}
}
?>
答案 0 :(得分:1)
只有出于安全原因脚本结束,才会存储PHP临时上载。 因此,您需要先将文件保存在自己的某个临时位置,然后在用户登录后再重新移动,或者在一段时间后删除该文件。
但是您的代码在安全方面存在重大问题,您应该学习如何使用PHP PDO MySQL Queries,然后您需要正确应用它。目前你逃脱$ _POST,但不是cookie。 所以实际上你应该只在插入数据库时逃脱,目前它被转义并在某些情况下被写入cookie。后来重用了。除此之外,您应该验证输入数据和图像。总的来说,应该进行一些验证。见Easiest Form validation library for PHP?
<?php
$savePath = 'image/product/';
$temporarayPath = 'image/tempupload/';
if (isset($_POST['submit'])) {
$ad_title = $mysqli->real_escape_string($_POST['ad_title']);
$category = $mysqli->real_escape_string($_POST['category']);
$sub_category = $mysqli->real_escape_string($_POST['sub_category']);
$description = $mysqli->real_escape_string($_POST['description']);
$rent_amount = $mysqli->real_escape_string($_POST['rent_amount']);
$rent_security = $mysqli->real_escape_string($_POST['rent_security']);
$contact = $mysqli->real_escape_string($_POST['contact']);
$email = $mysqli->real_escape_string($_POST['email']);
$city = $mysqli->real_escape_string($_POST['city']);
$state = $mysqli->real_escape_string($_POST['state']);
$area = $mysqli->real_escape_string($_POST['area']);
$buy = (isset($_POST['buy']) ? 1 : 0);
$sell = (isset($_POST['sell']) ? 1 : 0);
$rent = (isset($_POST['rent']) ? 1 : 0);
$manufacture = $mysqli->real_escape_string($_POST['company_name']);
$conditions = $mysqli->real_escape_string($_POST['condition']);
$rent_option = $mysqli->real_escape_string($_POST['rent_option']);
$a = $_FILES['file']['name'];
$b = $_FILES['file2']['name'];
$c = $_FILES['file3']['name'];
$d = $_FILES['file4']['name'];
$e = $_FILES['file5']['name'];
if (isset($_SESSION['user_id'])) {
$query = $mysqli->query("insert into ads(product_name,category,sub_category,description,image_1,image_2,image_3,image_4,image_5,city,state,rent_amount,rent_option,security_amount,contact_no,email,area,buy,sell,rent,user_id,manufacture,conditions)
values('$ad_title','$category','$sub_category','$description','$a','$b','$c','$d','$e','$city','$state','$rent_amount','$rent_option','$rent_security','$contact','$email','$area','$buy','$sell','$rent','$user_id','$manufacture','$conditions')");
move_uploaded_file($_FILES['file']['tmp_name'], $savePath . $a);
move_uploaded_file($_FILES['file2']['tmp_name'], $savePath . $b);
move_uploaded_file($_FILES['file3']['tmp_name'], $savePath . $c);
move_uploaded_file($_FILES['file4']['tmp_name'], $savePath . $d);
move_uploaded_file($_FILES['file5']['tmp_name'], $savePath . $e);
if ($query) {
echo "success";
}
} else {
move_uploaded_file($_FILES['file']['tmp_name'], $temporarayPath . $a);
move_uploaded_file($_FILES['file2']['tmp_name'], $temporarayPath . $b);
move_uploaded_file($_FILES['file3']['tmp_name'], $temporarayPath . $c);
move_uploaded_file($_FILES['file4']['tmp_name'], $temporarayPath . $d);
move_uploaded_file($_FILES['file5']['tmp_name'], $temporarayPath . $e);
$time = time() + 60;
setcookie('email', $email, $time);
setcookie('ad_title', $ad_title, $time);
setcookie('category', $category, $time);
setcookie('sub_category', $sub_category, $time);
setcookie('description', $description, $time);
setcookie('rent_amount', $rent_amount, $time);
setcookie('rent_security', $rent_security, $time);
setcookie('contact', $contact, $time);
setcookie('city', $city, $time);
setcookie('state', $state, $time);
setcookie('area', $area, $time);
setcookie('buy', $buy, $time);
setcookie('sell', $sell, $time);
setcookie('rent', $rent, $time);
setcookie('manufacture', $manufacture, $time);
setcookie('condition', $conditions, $time);
setcookie('rent_option', $rent_option, $time);
setcookie('file', $a, $time);
setcookie('file2', $b, $time);
setcookie('file3', $c, $time);
setcookie('file4', $d, $time);
setcookie('file5', $e, $time);
header("Location:product/login.php");
}
}
if (isset($_COOKIE['email'])) {
$email = $_COOKIE['email'];
$cookie2 = $_COOKIE['ad_title'];
$cookie3 = $_COOKIE['category'];
$cookie4 = $_COOKIE['sub_category'];
$cookie5 = $_COOKIE['description'];
$cookie6 = $_COOKIE['rent_amount'];
$cookie7 = $_COOKIE['rent_security'];
$cookie8 = $_COOKIE['contact'];
$cookie9 = $_COOKIE['city'];
$cookie10 = $_COOKIE['state'];
$cookie11 = $_COOKIE['area'];
$cookie12 = $_COOKIE['buy'];
$cookie13 = $_COOKIE['sell'];
$cookie14 = $_COOKIE['rent'];
$cookie15 = $_COOKIE['manufacture'];
$cookie16 = $_COOKIE['condition'];
$cookie17 = $_COOKIE['file'];
$cookie18 = $_COOKIE['file2'];
$cookie19 = $_COOKIE['file3'];
$cookie20 = $_COOKIE['file4'];
$cookie21 = $_COOKIE['file5'];
$cookie22 = $_COOKIE['rent_option'];
$user_id = $_SESSION['user_id'];
$pat = $savePath . $cookie17;
$pat2 = $savePath . $cookie18;
$pat3 = $savePath . $cookie19;
$pat4 = $savePath . $cookie20;
$pat5 = $savePath . $cookie21;
$query1 = $mysqli->query("insert into ads(product_name,category,sub_category,description,image_1,image_2,image_3,image_4,image_5,city,state,rent_amount,rent_option,security_amount,contact_no,email,area,buy,sell,rent,user_id,manufacture,conditions)
values
('$cookie2','$cookie3','$cookie4','$cookie5','$cookie17','$cookie18','$cookie19','$cookie20','$cookie21',
'$cookie9','$cookie10','$cookie6','$cookie22','$cookie7','$cookie8',
'$email','$cookie11','$cookie12','$cookie13','$cookie14','$user_id','$cookie15','$cookie16')");
rename($temporarayPath . $cookie17, $pat);
rename($temporarayPath . $cookie18, $pat2);
rename($temporarayPath . $cookie19, $pat3);
rename($temporarayPath . $cookie20, $pat4);
rename($temporarayPath . $cookie21, $pat5);
if ($query1) {
echo "Succes";
} else {
echo "Something went wrong.";
}
}
?>