当从数据库获取beig时,我在链接生成中收到错误 image of error
这里是获取图片的代码
echo "<img src='uploads/$row[img].jpg' height='150px' width='300px'>";
下面是在数据库中上传和存储图像的文件代码
<?php
$servername = "localhost";
$dbUsername = "root";
$dbname = "property";
$dbPassword = "";
$location = $_POST["location"];
$street = $_POST["street"];
$city = $_POST["city"];
$province = $_POST["province"];
$type = $_POST["type"];
$price = $_POST["price"];
$beds = $_POST["beds"];
$isforsale = $_POST["isforsale"];
$flag = "";
$last_id="";
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
$check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
if($check !== false) {
echo "File is an image - " . $check["mime"] . ".";
$uploadOk = 1;
} else {
echo "File is not an image.";
$uploadOk = 0;
}
}
// Check if file already exists
if (file_exists($target_file)) {
echo "Sorry, file already exists.";
$uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 500000) {
echo "Sorry, your file is too large.";
$uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
$image=basename( $_FILES["fileToUpload"]["name"],".jpg");
$conn = new mysqli($servername, $dbUsername, $dbPassword, $dbname);
if ($isforsale=="false"){
$flag = 0;
}else{
$flag = 1;
}
$sql = "INSERT INTO Property (Location, Street, City, Province, PStatus, PType,isForSale,Price,Beds, img)VALUES ('$location','$street','$city','$province',0,'$type','$flag','$price','$beds',' $image')";
$retval = mysqli_query( $conn,$sql);
$last_id = mysqli_insert_id($conn);
session_start();
$userid = $_SESSION["id"];
if ($retval === TRUE){
$sql = "INSERT INTO OwnersProperty (PropertyNo,OwnerId) VALUES ('$last_id','$userid')";
$retval = mysqli_query( $conn,$sql);
if($retval === TRUE){
header("Location: dashboard.php");
exit;
}
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
} else {
echo "Sorry, there was an error uploading your file.";
}
}
?>
这是包含上传图像并将其保存到数据库中的代码的文件。
答案 0 :(得分:4)
这一行在单引号和变量名' $image'之间有一个空格所以当它存储在数据库中时,文件名将以空格%20开头
$sql = "INSERT INTO Property
(Location, Street, City, Province, PStatus,
PType,isForSale,Price,Beds, img)
VALUES ('$location','$street','$city','$province',0,
'$type','$flag','$price','$beds',' $image')";
^
^^^
^^^^^
删除它,一切都会好的。
您的脚本面临SQL Injection Attack的风险 看看Little Bobby Tables偶然发生了什么 if you are escaping inputs, its not safe! 使用prepared statement and parameterized queries
答案 1 :(得分:2)
你有一个&#34;%20&#34;在&#34;上传&#34;之后的图片网址中,这相当于网址中的空格。 您在以下查询中的图像名称之前获取了一个空格字符,通过该查询完成图像上传,因此您所有上传的图像名称在其名称的开头都包含空格字符。删除之前的空格。 $图片&#39; (也在下面的查询中显示)和那个。
$sql = "INSERT INTO Property
(Location, Street, City, Province, PStatus,
PType,isForSale,Price,Beds, img)
VALUES ('$location','$street','$city','$province',0,
'$type','$flag','$price','$beds',' $image')";
^
^^^
^^^^^