我无法将上传到表单中的数据上传到数据库

时间:2017-07-31 21:04:39

标签: php mysql image-uploading

我试图让用户在网站上注册。但是,当用户输入其详细信息并按下提交按钮时,详细信息不会按原样插入到db表中。但是图像插入确实有效,但由于没有上传新的用户详细信息,因此图像与用户不匹配。任何帮助将不胜感激,因为我正在做的工作是在不到48小时内提交。

此错误不断出现

  

警告:move_uploaded_file():无法移动' / tmp / phpuRNmad'到' ../ images / 242167777kieran.jpeg'在第31行的/var/www/vhosts/kmoreland02.students.cs.qub.ac.uk/httpdocs/deals4students/index.php

这是表单代码

<div id="register">
                    <div class="container">
                        <div class="row">
                            <div class="col-md-12">
                                <div class="title">
                                    <h2 class="wow bounce">Become a Registered User!</h2>
                                    <p class="wow fadeIn" data-wow-delay="0.6s">Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy.</p>
                                </div>
                                <form  action="#" method="post" class="wow fadeInUp" data-wow-delay="0.9s" enctype="multipart/form-data" autocomplete="off">
                                    <div class="alert alert-error"></div>   
                                    <div class="col-md-3 col-sm-3"></div>
                                    <div class="col-md-4 col-sm-4">
                                        <input name="newforename" type="text" class="form-control" id="newforename" placeholder="Enter your forename" required>
                                        <input name="newsurname" type="text" class="form-control" id="newsurname" placeholder="Enter your surname" required >
                                        <input name="newemail" type="text" class="form-control" id="newemail" placeholder="Enter your email" required >
                                        <input name="newuniversity" type="text" class="form-control" id="newuniversity" placeholder="Enter your university/college/inst." required>
                                        <input name="newpassword" type="password" class="form-control" placeholder="Password" required />
                                       <label>Select your Profile Picture: </label> <input  name="uploads[]" type="file" multiple />
                                        <input name="create" type="submit" class="btn btn-block btn-success" value="Register"/>
                                    </div>


                            </div>
                            <div class="col-md-3 col-sm-3"></div>
                            </form>


                        </div>
                    </div>
                </div>

以下是用于将插入的数据上传到db

的代码 
<?php

include("conn.php");

if(isset($_POST["create"])){


    $getforename = mysqli_real_escape_string($conn, $_POST["newforename"]);
    $getsurname = mysqli_real_escape_string($conn, $_POST["newsurname"]);
    $getemail = mysqli_real_escape_string($conn, $_POST["newemail"]);
    $getuniversity = mysqli_real_escape_string($conn, $_POST["newuniversity"]);
    $getpassword = mysqli_real_escape_string($conn, $_POST["newpassword"]);


    $insertu = "INSERT INTO DealsUsers (id, Forename, Surname, Email, University/College, password) VALUES (NULL,'$getforename','$getsurname','$getemail','$getuniversity','$getpassword')";

    $result = mysqli_query($conn, $insertu);


    $last_id = mysqli_insert_id($conn);

    $total = count($_FILES['uploads']['name']);
    if($total >0){
        for($i=0; $i<$total; $i++){
        $tmppath = $_FILES['uploads']['tmp_name'][$i];
        $ran = rand();
        $newfilepath = "../images/".$ran.$_FILES['uploads']['name'][$i];
        $pathname = $ran.$_FILES['uploads']['name'][$i];

        move_uploaded_file($tmppath, $newfilepath);
        $insertpp = "INSERT INTO DealsUserImg(user_id, path)
                    VALUES('$last_id', '$pathname')";

        $resultpp = mysqli_query($conn, $insertpp) or die(mysqli_error($conn));;
        }
    }
}

1 个答案:

答案 0 :(得分:1)

经过一些研究,这对我在Windows机器上起作用了:

<?php

include("conn.php");

if (isset($_POST["create"])) {
    $getforename = mysqli_real_escape_string($conn, $_POST["newforename"]);
    $getsurname = mysqli_real_escape_string($conn, $_POST["newsurname"]);
    $getemail = mysqli_real_escape_string($conn, $_POST["newemail"]);
    $getuniversity = mysqli_real_escape_string($conn, $_POST["newuniversity"]);
    $getpassword = mysqli_real_escape_string($conn, $_POST["newpassword"]);

    $insertu = "INSERT INTO DealsUsers (`id`, `Forename`, `Surname`, `Email`, `University/College`, `password`) VALUES (NULL,'$getforename','$getsurname','$getemail','$getuniversity','$getpassword')";
    $result = mysqli_query($conn, $insertu) or die(mysqli_error($conn));
    $last_id = mysqli_insert_id($conn);

    $total = count($_FILES['uploads']['name']);
    if ($total > 0) {
        for ($i = 0; $i < $total; $i++) {
            $tmppath = $_FILES['uploads']['tmp_name'][$i];
            $ran = rand();
            $newfilepath = "../images/" . $ran . $_FILES['uploads']['name'][$i];
            $pathname = $ran . $_FILES['uploads']['name'][$i];

            move_uploaded_file($tmppath, $newfilepath);

            $insertpp = "INSERT INTO DealsUserImg (`user_id`, `path`) VALUES('$last_id', '$pathname')";
            $resultpp = mysqli_query($conn, $insertpp) or die(mysqli_error($conn));
        }
    }
}

你的错误是没有用反引号包围第一个语句中的列名,这导致了一个未处理的错误。您还可以删除MySQL语句中的id和相关性。即使它未包含在语句中,也会自动设置id。

接下来应该做什么:

  1. 在将密码保存到数据库之前,检查用户是否已存在并加密(password_hash()以对密码进行散列,并password_verify()将密码与普通密码进行核对)。
  2. 在将所有输入保存到数据库之前验证所有输入。使用HTML或JavaScript进行客户端验证是不够的!
  3. 添加验证码(与Google ReCaptcha一样),以防止您的脚本被新用户发送垃圾邮件。
  4. 看看PHP Prepared Statements
  5. 目前,未经您的许可,我们可以上传多个文件。从上传字段的名称和代码中的for循环中删除括号,该代码负责保存上传阵列中的所有文件。它只有一个头像,所以没有必要让潜在的垃圾邮件发送者有机会将他想要的图像上传到您的网站。
  6. 检查上传的文件是否真的是图像并且在特定文件大小内。目前,每个人都可以将所有尺寸的内容(直到upload_max_filesize点击)上传到您的网站,甚至可以执行它,如果他在图片文件夹中访问它。
相关问题
最新问题