Question

我已经能够将图像上传到数据库中，但现在我还想在html表单下方显示上传的图像。我试图通过在php脚本中创建一个将在单独的PHP脚本中使用的数组来实现此目的。显而易见的错误是“不要直接访问超级全球$ _REQUEST”我该如何解决？

<?php

require 'connection';

$id = addslashes ($_REQUEST ['id']);

$image = mysql_query ("SELECT * FROM players WHERE id= $id");
$image2 = mysql_fetch_assoc($image);
$image3 = $image2 ['image'];


header ("content-type: image/jpeg");
echo $image3; 


<?php
require 'connection.php';

// file properties
$id = filter_input(INPUT_POST, 'playerid');
$name = filter_input(INPUT_POST, 'name');
$age = filter_input(INPUT_POST, 'age');
$position = filter_input(INPUT_POST, 'position');
$nationality = filter_input(INPUT_POST, 'nationality');
$file = $_FILES['image']['tmp_name'];

if (! isset($file)){
  echo "Please select an image.";  
}
else {
    $_id = mysql_real_escape_string( $id );
    $_name = mysql_real_escape_string( $name );
    $_age = mysql_real_escape_string( $age );
    $_position = mysql_real_escape_string( $position );
    $_nationality = mysql_real_escape_string( $nationality );
    $image = addslashes(file_get_contents($_FILES ['image']['tmp_name']));
    $image_name = addslashes($_FILES ['image']['name']);
    $image_size = getimagesize($_FILES ['image']['tmp_name']);

 if ($image_size == FALSE){
     echo "Thats not an image.";
 }   
 else{
     if(!$insert = mysql_query("INSERT INTO players  VALUES ( '$_id', '$_name', '$_age', '$_position', '$_nationality', '$image_name', '$image' )" )){
      echo "Problem uploading image.";  
     }
 else
 {
     $lastid = mysql_insert_id();
     echo "Profile photo uploaded.<p />Player photo:<p /><img src= getphoto.php?id=$lastid";
 }
 }
}

Answer 1

更改

../

要访问$id = addslashes ($_REQUEST ['id']);或$_POST，具体取决于您是否正在处理POST或GET请求：

$_GET

在网页上显示数据库中的图像

1 个答案: