error snapshot
我多次收到这个错误。这个代码你发送的东西我测试了它。
在数据库中,我认为property_id为Integer类型,Property_img为varchar
<?php
if(isset($_POST['submit'],$_POST['property_id'],$_FILES['files'])){ // check that needed superglobals are set
$query="INSERT INTO img_tbl(`property_id`,`property_img`) VALUES(?,?)"; //'$property_id','$join_string')";
if($stmt=$conn->prepare($query)){
foreach($_FILES['files']['tmp_name'] as $key=>$tmp_name){
$property_img[]=$_FILES['files']['name'][$key];
$join_string=implode(' ',array_slice($_FILES['files']['name'][$key],0,5));
copy($tmp_name,'uploads/'.$join_string);
}
// I don't know the value type of $property_id. If integer, use i instead of s.
if(!$stmt->bind_param('is',$property_id,$join_string)){
echo "bind failed"; // $stmt->error; // do not echo when public
}elseif(!$stmt->execute()){
echo "execute failed"; // $stmt->error; // do not echo when public
}else{
header('location:listpro_img.php');
}
$stmt->close();
}else{
echo "prepare failed"; // $mysqli->error; // do not echo when public
}
$conn->close();
}else{
echo "insufficient data submitted";
}
?>
-----------这是用于一次上传n个图像的HTML代码------
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1">
<link rel="shortcut icon" href="img/favicon.png">
</head>
<script>
</script>
<body id="top">
<!-- begin:content -->
<div id="content">
<div class="container">
<div class="row">
<!-- Add form Code from Here -->
<form method="post" enctype="multipart/form-data">
<div class="col-sm-12">
<div class="col-sm-6"><label>Property Id:</label></div>
<div class="col-sm-6 btn btn-info">
<input type="text" name="property_id"/></div>
<div class="col-sm-6"><label>Property Image:</label></div>
<input id="fileupload" type="file" name="files[]" multiple /><br>
<div class="col-sm-12">
<input type="submit" name="submit">
</div>
</div>
</form>
<!--Form code Ends Here -->
</div>
</div>
</div>
</body>
</html>
答案 0 :(得分:0)
好的,我在我的一台服务器上运行了你的html,看看$_POST&amp;我正在处理的$_FILES数据。我上传了三个小jpgs并得到了这个:
$_POST=['property_id'=>'test','submit'=>'Submit'];
$_FILES=['files'=>[
'name'=>['4x4.jpg','catfish.jpg','calc.jpg'],
'type'=>['image/jpeg','image/jpeg','image/jpeg'],
'tmp_name'=>['/tmp/phps6I8zU','/tmp/phpgbmn2z','/tmp/phpo9wSgg'],
'error'=>[0,0,0],
'size'=>[14243,43314,36173]
]
];
*请注意,我需要删除btn btn-info类,以便我可以实际访问文本字段。
由此我意识到你是从implode()循环内部调用foreach()并且这会弄脏事情。每次迭代都会调用$join_string(每个上传的文件为1)。即使implode()收到一个数组(并且它不是),您每次都会覆盖$join_string。
这是我更新的代码 - 加载了错误检查,以帮助您隔离和清除任何遗留问题:
if(isset($_POST['submit'],$_POST['property_id'],$_FILES['files'])){ // check that needed superglobals are set
$query="INSERT INTO img_tbl(`property_id`,`property_img`) VALUES (?,?)";
if($stmt=$conn->prepare($query)){
foreach($_FILES['files']['tmp_name'] as $key=>$tmp_name){
if(!copy($tmp_name,"uploads/{$_FILES['files']['name'][$key]}")){ // // not move_uploaded_file() ?
echo "<div>copy error @ $tmp_name & uploads/{$_FILES['files']['name'][$key]}</div>";
}
}
if(!$stmt->bind_param('ss',$_POST['property_id'],implode(' ',$_FILES['files']['name']))){
echo "bind failed"; // $stmt->error; // do not echo when public
}elseif(!$stmt->execute()){
echo "execute failed"; // $stmt->error; // do not echo when public
}else{
header('location:listpro_img.php');
}
$stmt->close();
}else{
echo "prepare failed"; // $conn->error; // do not echo when public
}
$conn->close();
}else{
echo "insufficient data submitted";
}
我已将所有超全局检查写入单个isset()电话。此语法有效,如果您感到好奇,请参阅the manual。
您的原始流程在您的查询中使用了未经过清理的数据,这是不安全的。我已经为你实现了一个mysqli prepared statement占位符。我不知道$property_id的预期数据类型,因此我将其指定为字符串(s),但它可能是一个整数(i) - - 你必须在那里确定正确的声明。
确保property_img表格列中有足够的长度来接收以空格分隔的图像文件名的全长。如果上传了许多文件和/或其名称相对较长,则可能会在VARCHAR(255)字段中将其截断。
编辑:如果$propert_id是一个整数,则应该仅将输入字段限制为数值(有几种方法可以做到这一点)。然后在接收代码的表单中验证提交的值是否安全。如前所述,请在s来电中将i替换为bind。