我刚刚重写了一些PHP代码,以使其更安全,我遇到了问题。我的代码假设将用户个人资料图片保存在uploads文件夹中,然后将其保存到数据库中,然后显示给他们。但那并没有发生。唯一正在发生的事情是图片被保存在uploads文件夹中并且就是这样。我没有收到任何错误。有人可以帮我修改我的代码吗?
更新!!
我刚试过这段代码:
$username = isset($_SESSION['username']) ? $_SESSION['username'] : "";
$userPic = isset($_SESSION['userPic']) ? $_SESSION['userPic'] : "";
var_dump($userPic);
$info = date('Y-m-d_H-i-s');
if(!empty($username))
{
if (isset($_FILES['fileToUpload'])) {
$errors= array();
$file_name = $_FILES['fileToUpload']['name'];
$file_size = $_FILES['fileToUpload']['size'];
$width = 1500;
$height = 1500;
$file_tmp = $_FILES['fileToUpload']['tmp_name'];
$file_type = $_FILES['fileToUpload']['type'];
$tmp = explode('.',$_FILES['fileToUpload']['name']);
$file_ext=strtolower (end ($tmp));
$extensions= array("jpeg","jpg","png");
if(in_array($file_ext,$extensions)=== false){
$errors[]="extension not allowed, please choose a JPEG or PNG file.";
}
if ($file_size > 8097152) {
$errors[] = 'File size must be 2 MB';
}
if ($width > 1500 || $height > 1500) {
echo"File is to large";
}
if(empty($errors)==true)
{
move_uploaded_file($file_tmp,"uploads/".date('Y-m-d_H-i-s').$file_name);
$stmt = $conn->prepare("UPDATE users SET userPic=?, date_time=? WHERE username");
$stmt->bind_param('ss', $userPic, $date_time);
/* execute prepared statement */
$stmt->execute();
printf("%d Row inserted.\n", $conn->affected_rows);
/* close statement and connection */
}else{
print_r($errors);
echo"Couldn't upload picture";
}
}}
else
{
echo "Invalid Username";
}
这就是我得到的-1 Row inserted.
答案 0 :(得分:0)
试试这个
$stmt = $conn->prepare("UPDATE users SET userPic=?, date_time=? ");
$stmt->bind_param('ss', $userPic, $date_time);
$userPic = 'pic url';
$date_time = 'date';
/* execute prepared statement */
$stmt->execute();
printf("%d Row inserted.\n", $stmt->affected_rows);
/* close statement and connection */
$stmt->close();