使用mssql php在SQL数据库中插入文件内容时出错

时间:2017-12-06 12:11:48

标签: php html sql-server database file

我正在尝试使用PHP和MSSQL将文件(pdf,图像)上传到数据库中。 

<form role="form" action="kyc.php" method="post" enctype="multipart/form-data">
    <div class="form-body">

        <div class="row">
            <div class="col-md-offset-1">    
                <div class="form-group">
                    <label for="aadhaar">Aadhaar Card</label>
                    <input type="file" name="aadhaar" id="aadhaar" accept="application/pdf,image/x-png,image/gif,image/jpeg" required>
                </div>
            </div>
        </div>

        <input type="hidden" value="<?php echo $client_id; ?>" name="clientCode">
    </div>
    <div class="form-actions">
        <button name="submit" type="submit" class="btn blue">Upload</button>
    </div>
</form>

这是在表单提交后执行的PHP代码:

$clientCode = $_POST['clientCode'];
$fileName=$_FILES["aadhaar"]["name"];
$fileType = $_FILES['aadhaar']['type'];

//Get the content of the image and then add slashes to it 
$fileTemp=addslashes(file_get_contents($_FILES['aadhaar']['tmp_name']));

//Insert the image name and image content in image_table
$query="INSERT INTO KYCSCANS (FIRMNUMBER, CLIENTCODE, FILENAME, FILETYPE, FILECONTENT, TIMESTAMP, CREATIONTIMESTAMP, ADDEDBY, FILERELATED) VALUES('Global','{$clientCode}', '{$fileName}', '{$fileType}', '{$fileTemp}', GETDATE(), GETDATE(), 'madWeb', 'temp')";

$insertQuery = sqlsrv_query($jarvisconnection, $query);

if(!$insertQuery) {
    die("Aadhaar Query Failed" . print_r(sqlsrv_errors(), true));
}

这是表结构 - 

SRNO - int
FIRMNUMBER - nchar(10)
CLIENTCODE - nvarchar(50)
FILENAME- nvarchar(50)
FILETYPE - nvarchar(50)
FILECONTENT - varbinary(MAX)
TIMESTAMP - datetime
CREATIONTIMESTAMP - datetime
ADDEDBY - nchar(15)
FILERELATED - nvarchar(50)

我尝试了很多东西,但我仍然遇到以下错误:

  

数组([0] =&gt;数组([0] =&gt; 42000 [SQLSTATE] =&gt; 42000 [1] =&gt; 0   [code] =&gt; 0 [2] =&gt; [Microsoft] [SQL Server的ODBC驱动程序11]语法   错误,权限违规或其他非特定错误[message] =&gt;   [Microsoft] [SQL Server的ODBC驱动程序11]语法错误,权限   违规或其他非特定错误))

1 个答案:

答案 0 :(得分:0)

它可能是任何数量的东西,但最有可能的罪魁祸首是文件中的二进制内容。使用适当的参数化来确保数据被清理,并提高安全性。您还应该对数据进行一些检查,以确保数据库列的数据不会太长,并根据需要截断或拒绝。

<?php
$clientCode = $_POST["clientCode"];
$fileName   = $_FILES["aadhaar"]["name"];
$fileType   = $_FILES["aadhaar"]["type"];
$fileTemp   = file_get_contents($_FILES["aadhaar"]["tmp_name"]);
$parameters = array(
    $clientCode,
    $fileName,
    $fileType,
    array($fileTemp, SQLSRV_PARAM_IN, SQLSRV_PHPTYPE_STRING, SQLSRV_SQLTYPE_BINARY)
);
$query      = <<<SQL
INSERT INTO KYCSCANS (
    FIRMNUMBER, CLIENTCODE, FILENAME, FILETYPE, FILECONTENT, 
    TIMESTAMP, CREATIONTIMESTAMP, ADDEDBY, FILERELATED
) 
VALUES (
    'Global', ?, ?, ?, ?, GETDATE(), GETDATE(), 'madWeb', 'temp'
)
SQL;

$insertQuery = sqlsrv_query($jarvisconnection, $query, $parameters);

if ($insertQuery === false) {
    die("Aadhaar Query Failed" . print_r(sqlsrv_errors(), true));
}
相关问题
最新问题