我是php的新手并尝试上传文件并将当前登录的用户ID存储在已上传文件的数据库中,这是我的上传文件格式:
<?php
error_reporting(E_ALL ^ E_NOTICE);
session_start();
?>
<form method="post" enctype="multipart/form-data">
<table width="350" border="0" cellpadding="1"
cellspacing="1" class="box">
<tr>
<td>please select a file</td></tr>
<tr>
<td>
<input type="hidden" name="MAX_FILE_SIZE"
value="16000000">
<input name="pdf" type="file" id="pdf" accept="application/pdf">
</td>
<td width="80"><input name="upload"
type="submit" class="box" id="upload" value=" Upload "></td>
</tr>
</table>
</form>
</body>
</html>
<?php
if(isset($_POST['upload'])&&$_FILES['pdf']['size']>0)
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$filePath = $_FILES['userfile']['path'];
$fileType = $_FILES['userfile']['type'];
$fileType=(get_magic_quotes_gpc()==0 ? mysql_real_escape_string(
$_FILES['userfile']['type']) : mysql_real_escape_string(
stripslashes ($_FILES['userfile'])));
$fp = fopen($tmpName, 'r');
$content = fread($fp, filesize($tmpName));
$content = addslashes($content);
fclose($fp);
if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
}
$con = mysql_connect('localhost', 'root', '') or die(mysql_error());
$db = mysql_select_db('workflow', $con);
if($db){
$query = "INSERT INTO upload (name, size, type, path ) ".
"VALUES ('$fileName', '$fileSize', '$fileType', '$filePath')";
mysql_query($query) or die('Error, query failed');
mysql_close();
echo "<br>File $fileName uploaded<br>";
}else { echo "file upload failed"; }
}
?>
这是我的登录表单:
<?php
error_reporting(E_ALL ^ E_NOTICE);
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>LOGIN FORM</title>
</head>
<body>
<?php
$form= "<form action='login.php' method='post'>
<table>
<tr>
<td>username :</td>
<td><input type='text' name='user'/></td>
</tr>
<tr>
<td>Password :</td>
<td><input type='password' name='password'/></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='loginbtn' value='login' /></td>
</tr>
</table>
</form>";
if ($_POST['loginbtn']) {
$user = $_POST['user'];
$password = $_POST['password'];
if ($user) {
if ($password) {
require ("connect1.php");
$password= md5(md5("jdhbjdbj".$password."jdh645fdj"));
$query = mysql_query("SELECT * FROM users WHERE username='$user'");
$numrows = mysql_num_rows($query);
if ($numrows == 1) {
$row = mysql_fetch_assoc($query);
$dbid=$row['id'];
$dbuser=$row['username'];
$dbpass=$row['password'];
$dbactive=$row['active'];
if ($password == $dbpass) {
if ($dbactive == 1) {
$_SESSION['userid'] = $dbid;
$_SESSION['username'] = $dbuser;
echo "you have been logged in as <b>$dbuser</b>. <a href='insert1.php' >Click here</a> to go to the insertion page ";
}
else echo "you must activate your account to login .$form";
}
else echo "You didn't enter a password . $form";
}
else echo "the user name u entered wasn't found . $form";;
mysql_close();
}
else echo "You must enter your password .$form";
}
else echo "You must enter your username .$form";
}
else echo $form;
?>
</body>
</html>
我想获取当前用户ID并将其与我上传的文件一起存储,可以任何一个帮助???
答案 0 :(得分:2)
您需要在上传数据库中添加另一列,例如userid,如果您还没有,只需将其称为:
$query = "INSERT INTO upload (name, size, type, path, userid ) ".
"VALUES ('$fileName', '$fileSize', '$fileType', '$filePath', '".$_SESSION['userid']."')";
$ _ SESSION ['userid']&lt; = userid需要更改为包含持有用户ID的密钥。不要忘记调用session_start();
答案 1 :(得分:0)
这里有一些步骤和建议供您遵循: 建议首先:
使用mysqli_query instead of mysql_query:
Why mysqli?
mysql_real_escape_string()扩展名为deprecated 。请阅读this寻求帮助。
始终为数据库连接维护一个单独的文件,并将其保留在public_directory之外,以免黑客获取访问权限。How to do it?
现在,当您“ 想要获取当前用户ID并将其与文件存储 ”时: 要做到这一点,我会做这样的事情:
将文件存储在文件系统中:
if ( move_uploaded_file($_FILES['userfile']["tmp_name"],"Filesystem/here/$_FILES['userfile']['name']") )
{
// get the db connection
// get the user_id value from session
// store the user_id with path to file or whatever in database
}
希望它能在某种程度上对你有所帮助。祝你编码愉快: - )