上传脚本的问题

时间:2016-10-03 23:51:45

标签: php mysql

我有一个简单的脚本,可以在我的服务器上传文件并将详细信息插入数据库。

使用下面的代码,我收到两个错误..

  1. “注意:未定义的变量:sExt in”.. 我尝试用if语句解决问题,但没有成功..

  2. 如果上传文件为空,则将数字导入数字(1,2,3 ...)到Mysql中.... 我尝试使用下面的代码解决问题,但也没有成功..

    “如果($ _ FILES [ '文件'] [ '名称']!=” “)” ...

    3. 有什么建议吗?

    谢谢..

    我的代码:

    <?php

  include_once('db.php');

if (isset($_FILES['files'])) {
    $uploadedFiles = array();
    foreach ($_FILES['files']['tmp_name'] as $key => $tmp_name) {
        $errors = array();
        $file_name = md5(uniqid("") . time());
        $file_size = $_FILES['files']['size'][$key];
        $file_tmp = $_FILES['files']['tmp_name'][$key];
        $file_type = $_FILES['files']['type'][$key];

        if($file_type == "image/gif"){
            $sExt = ".gif";
        } elseif($file_type == "image/jpeg" || $file_type == "image/pjpeg"){
            $sExt = ".jpg";
        } elseif($file_type == "image/png" || $file_type == "image/x-png"){
            $sExt = ".png";
        }
        if (!in_array($sExt, array('.gif','.jpg','.png'))) {
            $errors[] = "Image types alowed are (.gif, .jpg, .png) only!";
        }


        if ($file_size > 2097152000) {
            $errors[] = 'File size must be less than 2 MB';
        }

        $query = "INSERT into user_pics (`person_id`,`pic_name`,`pic_type`) VALUES('1','$file_name','$sExt')";
        $result = mysqli_query($link,$query);

        $desired_dir = "user_data/";
        if (empty($errors)) {
            if (is_dir($desired_dir) == false) {
                mkdir("$desired_dir", 0700);     
            }
            if (move_uploaded_file($file_tmp, "$desired_dir/" . $file_name . $sExt)) {
                $uploadedFiles[$key] = array($file_name . $sExt, 1);
            } else {
                echo "Files Uploaded !" . $_FILES['files']['name'][$key];
                $uploadedFiles[$key] = array($_FILES['files']['name'][$key], 0);
            }
        } else {
            print_r($errors);
        }
    }

    foreach ($uploadedFiles as $key => $row) {
        if (!empty($row[1])) {
            $codestr = '$file' . ($key+1) . ' = $row[0];';
            eval ($codestr);
        } else {
            $codestr = '$file' . ($key+1) . ' = NULL;';
            eval ($codestr);
        }
    }

}

?>


<form action="" method="POST" enctype="multipart/form-data">
    <input type="file" name="files[]" accept="image/*"> <br/>
    <input type="file" name="files[]" accept="image/*"> <br/><br/>
    <input type="submit"/>
</form>

2 个答案:

答案 0 :(得分:1)

而不是

 if($file_type == "image/gif"){
        $sExt = ".gif";
    } elseif($file_type == "image/jpeg" || $file_type == "image/pjpeg"){
        $sExt = ".jpg";
    } elseif($file_type == "image/png" || $file_type == "image/x-png"){
        $sExt = ".png";
    }
    if (!in_array($sExt, array('.gif','.jpg','.png'))) {
        $errors[] = "Image types alowed are (.gif, .jpg, .png) only!";
    }

你应该做

   if($file_type == "image/gif"){
        $sExt = ".gif";
    } elseif($file_type == "image/jpeg" || $file_type == "image/pjpeg"){
        $sExt = ".jpg";
    } elseif($file_type == "image/png" || $file_type == "image/x-png"){
        $sExt = ".png";
    }else{
        $errors[] = "Image types alowed are (.gif, .jpg, .png) only!";
    }

检查您正在设置的扩展名是多余的,这可以通过提供默认值(使用else)来避免在未设置变量$sExt时出现错误。这应该给你想要的行为。

我也会移动这些行

    $query = "INSERT into user_pics (`person_id`,`pic_name`,`pic_type`) VALUES('1','$file_name','$sExt')";
    $result = mysqli_query($link,$query);

    $desired_dir = "user_data/";
    if (empty($errors)) {

到此代码块的内部

  if (empty($errors)) {
        $query = "INSERT into user_pics (`person_id`,`pic_name`,`pic_type`) VALUES('1','$file_name','$sExt')";
        $result = mysqli_query($link,$query);

        $desired_dir = "user_data/";

这样当你遇到错误时你就不会插入...

不确定此

的目的 
  foreach ($uploadedFiles as $key => $row) {
    if (!empty($row[1])) {
        $codestr = '$file' . ($key+1) . ' = $row[0];';
        eval ($codestr);
    } else {
        $codestr = '$file' . ($key+1) . ' = NULL;';
        eval ($codestr);
    }
}

但是eval可能非常糟糕,我建议采用另一种方式,例如使用数组,但这可能可以在第一个循环中完成。例如,nullfalse值可能位于empty($errors)检查的else部分中,因此如果出现错误,则会将其置于false状态。

  $files = array();
  foreach ($uploadedFiles as $key => $row) {
    if (!empty($row[1])) {
         $files['$file' . ($key+1)] = $row[0];
    } else {
       $files['$file' . ($key+1)]  = false; //id use false instead of null in an array
    }
  }

你也应该小心sql注入,虽然看起来你正在设置变量,但是为了防止后面的更改,使用准备好的查询仍然是明智的,这可能会让你受到SQL注入攻击。

答案 1 :(得分:0)

                                               // double slash
if (move_uploaded_file($file_tmp, "$desired_dir/" . $file_name . $sExt)) {
    // file was successfuly moved
    echo "Files Uploaded !" . $_FILES['files']['name'][$key];                
    $uploadedFiles[$key] = array($file_name . $sExt, 1);
} else {                
    $uploadedFiles[$key] = array($_FILES['files']['name'][$key], 0);
}

foreach ($uploadedFiles as $key => $row) {
    if ($row[1]) { // $row[1] is never empty
        ${'file' . ($key+1)} = $row[0];
    } else {
        ${'file' . ($key+1)} = NULL;
    }
}

更好的是:

if (move_uploaded_file($file_tmp, "$desired_dir/" . $file_name . $sExt)) {
    echo "Files Uploaded !" . $_FILES['files']['name'][$key];                
    $uploadedFiles[] = $file_name . $sExt;
}

//instead of variable $file1 etc..
foreach($uploadedFiles as $filename){

}
相关问题
最新问题