我有一个创建员工的表单,我需要在我的数据库中存储图像(使用BLOB MySQL数据类型)。我使用此代码,我收到一个错误。它是关于这条线的吗?
$file=file_get_contents($_FILES["image"]["tmp_name"]);
这段代码有什么问题???
if (isset($_POST['submit']))
{
$name=mysqli_prep($_POST["name"]);
$family=mysqli_prep($_POST["family"]);
$id=$_POST["id"];
$staff_id=$_POST["staff_id"];
$account_number=$_POST["account_number"];
$sex=$_POST["sex"];
$number_of_children=$_POST["number_of_children"];
$tel=$_POST["tel"];
$address=$_POST["address"];
$no=$_POST["no"];
$working_record=$_POST["working_record"];
$marital_state=$_POST["marital_state"];
$employer_id=$_POST["employer_id"];
$file=file_get_contents($_FILES["image"]["tmp_name"]);
$query ="INSERT INTO Employee (";
$query .="Name,Family,ID,Staff_ID,Account_Number,Sex,Number_of_Children,";
$query .="Tel,Address,No,Working_Record,Marital_State,";
$query .="Employer_ID,Image)";
$query .=" VALUES (";
$query .="'{$name}','{$family}',{$id},{$staff_id},{$account_number},";
$query .="'{$sex}',{$number_of_children},{$tel},'{$address}',{$no},";
$query .="'{$working_record}','{$marital_state}',";
$query .="{$employer_id},'$file')";
$result =mysqli_query($connection, $query);
if(!$result){
$_SESSION["message"] ="There were some errors,fill each
section carefully";
redirect_to("creat_employee.php");
}
else{
$_SESSION["message"]="filling has been done !";
redirect_to("creat_employee.php");
}
}
答案 0 :(得分:0)
最后我找到答案,尝试使用addslashes函数(用于sqlinjection)并且令人惊讶的是它正常工作