我创建了一个后端表单,允许我将图像和输入值上传到表单字段。如果任何表单字段为空,则在尝试上载图像时,空表单字段旁边应显示错误消息。在所有表单字段都包含值之前,图像不能上载。出于某种原因,错误消息在单击添加按钮之前不显示到字段。我不想要的唯一表单字段是链接表单字段。如果表单字段为空,如何停止上传图片?
这是index.php的代码:
<!DOCTYPE html>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
// define variables and set to empty values
$nameErr = $videoErr = $LinkErr = $captionErr = "";
$name = $video = $Link = $caption = "";
//if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
}
if (empty($_POST["video"])) {
$videoErr = "video is required";
} else {
$video = test_input($_POST["video"]);
}
if (empty($_POST["Link"])) {
$Link = "";
} else {
$Link = test_input($_POST["Link"]);
}
if (empty($_POST["caption"])) {
$captionErr = "caption is required";
} else {
$caption = test_input($_POST["caption"]);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h2>Upload porn thumbnail and video</h2>
<p><span class="error">* required field.</span></p>
<form enctype="multipart/form-data" method="post" action="insert.php">
<label for="video">Name:</label>
<input type="text" id="name" name="name" value="<?php if (!empty($name)) echo $name; ?>" />
<span class="error">* <?php echo $nameErr;?></span><br><br>
<label for="video">Video:</label>
<input type="text" id="video" name="video" value="<?php if (!empty($video)) echo $video; ?>" />
<span class="error">* <?php echo $videoErr;?></span><br><br>
<label for="Link">Link:</label>
<input type="text" id="Link" name="Link" value="<?php if (!empty($Link)) echo $Link; ?>" />
<span class="error"> <?php echo $LinkErr;?></span><br><br>
<label for="Caption">Caption:</label>
<input type="text" id="caption" name="caption" value="<?php if (!empty($caption)) echo $caption; ?>" />
<span class="error">* <?php echo $captionErr;?></span><br><br>
<label for="image">Image:</label>
<input type="file" id="image" name="image" />
<input type="submit" value="Add" name="submit" />
</form>
</body>
</html>
这是insert.php的代码:
<?php
require_once('appvars.php');
$servername = "localhost";
$username = "root";
$password = "";
// Create connection
$conn = mysqli_connect($servername, $username, $password);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
if(!mysqli_select_db($conn,'image_display'))
{
echo 'Database not selected';
}
@$name = mysqli_real_escape_string($conn, trim($_POST['name']));
$caption = mysqli_real_escape_string($conn, trim($_POST['caption']));
$Link = mysqli_real_escape_string($conn, trim($_POST['Link']));
$video = mysqli_real_escape_string($conn, trim($_POST['video']));
$image = mysqli_real_escape_string($conn, trim($_FILES['image']['name']));
$image_type = $_FILES['image']['type'];
$image_size = $_FILES['image']['size'];
if (!empty($caption) && !empty($image)) {
if ((($image_type == 'image/gif') || ($image_type == 'image/jpeg') || ($image_type == 'image/pjpeg') || ($image_type == 'image/png'))
&& ($image_size > 0) && ($image_size <= TN_MAXFILESIZE)) {
if ($_FILES['image']['error'] == 0) {
// Move the file to the target upload folder
$target = TN_UPLOADPATH . $image;
if (move_uploaded_file($_FILES['image']['tmp_name'], $target)) {
// Write the data to the database
@$query = "INSERT INTO table1(image1,name,imagelink,caption,video) VALUES ('$image', '$name', '$link', '$caption', '$video')";
mysqli_query($conn, $query);
// Confirm success with the user
echo '<p>Thanks for adding your new image</p>';
//echo '<p><strong>Name:</strong> ' . $name . '<br />';
//echo '<strong>Score:</strong> ' . $score . '<br />';
echo '<img src="' . TN_UPLOADPATH . $image . '" alt="" /></p>';
echo '<p><a href="index.php"><< Back to page</a></p>';
// Clear form
$name = "";
$caption = "";
$Link = "";
$video = "";
$image = "";
mysqli_close($conn);
}
else {
echo '<p class="error">Sorry, there was a problem uploading your screen shot image.</p>';
}
}
}
else {
echo '<p class="error">The screen shot must be a GIF, JPEG, or PNG image file no greater than ' . (TN_MAXFILESIZE / 1024) . ' file size is too big.</p>';
}
// Try to delete the temporary image file
@unlink($_FILES['image']['tmp_name']);
}
else {
echo '<p class="error">Please enter all of the information to add file.</p>';
}
?>
答案 0 :(得分:0)
您必须在insert.php中进行验证,在insert.php上移动验证代码,并且只有在验证正常时才上传。
<?php
// define variables and set to empty values
$nameErr = $videoErr = $LinkErr = $captionErr = "";
$name = $video = $Link = $caption = "";
//if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
}
if (empty($_POST["video"])) {
$videoErr = "video is required";
} else {
$video = test_input($_POST["video"]);
}
if (empty($_POST["Link"])) {
$Link = "";
} else {
$Link = test_input($_POST["Link"]);
}
if (empty($_POST["caption"])) {
$captionErr = "caption is required";
} else {
$caption = test_input($_POST["caption"]);
}
require_once('appvars.php');
$servername = "localhost";
$username = "root";
$password = "";
// Create connection
$conn = mysqli_connect($servername, $username, $password);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
if(!mysqli_select_db($conn,'image_display'))
{
echo 'Database not selected';
}
@$name = mysqli_real_escape_string($conn, trim($_POST['name']));
$caption = mysqli_real_escape_string($conn, trim($_POST['caption']));
$Link = mysqli_real_escape_string($conn, trim($_POST['Link']));
$video = mysqli_real_escape_string($conn, trim($_POST['video']));
$image = mysqli_real_escape_string($conn, trim($_FILES['image']['name']));
$image_type = $_FILES['image']['type'];
$image_size = $_FILES['image']['size'];
if (!empty($caption) && !empty($image)) {
if ((($image_type == 'image/gif') || ($image_type == 'image/jpeg') || ($image_type == 'image/pjpeg') || ($image_type == 'image/png'))
&& ($image_size > 0) && ($image_size <= TN_MAXFILESIZE)) {
if ($_FILES['image']['error'] == 0) {
// Move the file to the target upload folder
$target = TN_UPLOADPATH . $image;
if (move_uploaded_file($_FILES['image']['tmp_name'], $target)) {
// Write the data to the database
@$query = "INSERT INTO table1(image1,name,imagelink,caption,video) VALUES ('$image', '$name', '$link', '$caption', '$video')";
mysqli_query($conn, $query);
// Confirm success with the user
echo '<p>Thanks for adding your new image</p>';
//echo '<p><strong>Name:</strong> ' . $name . '<br />';
//echo '<strong>Score:</strong> ' . $score . '<br />';
echo '<img src="' . TN_UPLOADPATH . $image . '" alt="" /></p>';
echo '<p><a href="index.php"><< Back to page</a></p>';
// Clear form
$name = "";
$caption = "";
$Link = "";
$video = "";
$image = "";
mysqli_close($conn);
}
else {
echo '<p class="error">Sorry, there was a problem uploading your screen shot image.</p>';
}
}
}
else {
echo '<p class="error">The screen shot must be a GIF, JPEG, or PNG image file no greater than ' . (TN_MAXFILESIZE / 1024) . ' file size is too big.</p>';
}
// Try to delete the temporary image file
@unlink($_FILES['image']['tmp_name']);
}
else {
echo '<p class="error">Please enter all of the information to add file.</p>';
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>