我目前正在处理一些代码。您应该能够上传文件并选择文件类型的文件。
我使用网址在上传页面上创建数据库条目,所以我的链接应该是
www.mydomain.domain?id=1&type=type
但是php只获取id,因为它使用了上一页的get。
所以看起来像这样
www.mydomain.domain?id=1&type=
所以我的问题是如何在网址中选择?
我用jQuery尝试过但我很沮丧; D。
我的表单代码:
<?php
$datetype = $_POST['dateiart'];
echo $datetype;
$ek = $_GET['id'];
?>
<form action="upload.php?id=<?php echo $ek; ?>&type=<?php echo $datetype;?>" target="_blank" method="post" enctype="multipart/form-data" id="dateiauswahl">
Datei zum hochladen auswählen
<input type="file" name="fileToUpload" id="fileToUpload"> <br>
<input onclick="myFunction()" type="submit" value="Datei hochladen" name="submit"><br><br>
<input type="hidden" value="<?php echo $ek?>" id="id" name="submit"><br><br>
<label>Dateiart:
<select name="dateiart" form="dateiauswahl" size="5">
<option value="EK-Rechnung">EK-Rechnung</option>
<option value="Kaufvertrag">Kaufvertrag</option>
<option value="VK-Rechnung">VK-Rechnung</option>
<option value="Datenblatt">Datenblatt</option>
<option value="Sonstige">Sonstige</option>
</select>
</label>
</div>
</form>
upload.php的
<?php
$pdo = new PDO('mysql:host=localhost;dbname=', '', '');
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
$ek = $_GET['id'];
$dateiart = $_GET['type'];
echo $dateiart;
// Check if file already exists
if (file_exists($target_file)) {
echo "Sorry, file already exists.";
$uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 50000000) {
echo "Sorry, your file is too large.";
$uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "pdf"
&& $imageFileType != "gif" ) {
echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
} else {
echo "Sorry, there was an error uploading your file.";
}
$statement = $pdo->prepare("INSERT INTO Dateien (Link, EKNR, Datei_Bezeichnung) VALUES (:Link, :EKNR, :Datei_Bezeichnung)");
$result = $statement->execute(array('Link' => $target_file, 'EKNR' => $ek, 'Datei_Bezeichnung' => $dateiart));
}
?>
答案 0 :(得分:1)
将参数作为隐藏输入传递,而不是将其打印在表单的操作URL的查询字符串中。使用htmlspecialchars功能可以防止出现安全问题。
<?php
if (!isset($_GET['id']) || !isset($_GET['type'])){
die('Missing parameters');
}
?>
<form action="upload.php" target="_blank" method="post" enctype="multipart/form-data" id="dateiauswahl">
Datei zum hochladen auswählen
<input type="hidden" name="id" value="<?php echo htmlspecialchars($_GET['id']) ?>">
<input type="hidden" name="type" value="<?php echo htmlspecialchars($_GET['type']) ?>">
....... other inputs
</form>
upload.php脚本中的文件来自$_POST superglobal。
$ek = $_POST['id'];
$dateiart = $_POST['type'];