在我的php脚本中,我试图在我的MySQL数据库中存储一个随机文件名。但是,当我调用变量时,没有任何内容发布到表中。如果我将$ filetest更改为字符串,即' image12462983764',它将按预期发布。有谁知道为什么我会遇到这个问题?请参阅以下代码:
<?php
//receive image data, convert from base64 to png, write to server
$rawimagedata = $_POST["varPOST"];
$rawimagedata = str_replace(' ', '+', $rawimagedata);
$decoded = base64_decode($rawimagedata);
$filerand ="image" . rand(0,999) . rand(0,999) . rand(0,999);
$filename =$filerand . ".png";
file_put_contents($filename , $decoded);
//receive device location data
$userlat = $_POST["latitude"];
$userlon = $_POST["longitude"];
echo $userlat;
echo $userlon;
echo $filename;
echo $filerand;
$con=mysqli_connect("localhost","myuser","mypassword","Mydatabase");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$filetest = mysqli_real_escape_string($filerand);
// Perform queries
mysqli_query($con,"INSERT INTO photos (username,lat,lon,photourl)
VALUES ('myusername',$userlat,$userlon,$filetest)");
mysqli_close($con);
?>
答案 0 :(得分:-1)
你应该使用引号:
mysqli_query($con,"INSERT INTO photos (username,lat,lon,photourl)
VALUES ('myusername',$userlat,$userlon,'$filetest')");
^ ^
顺便说一句,您的代码很容易受到SQL注入攻击。您应该使用prepared statement。