我正在将图像存储到文件夹以及数据库的路径。它是成功的,但是我无法显示与登录用户相关的图像(不知道如何显示)。。我尝试使用* php
echo img src="'.$path.'" alt=""
但我无法获得
错误:“注意:未定义变量:path in ..”你们中的某人可以帮助我吗?
这是我的register.php代码:
<?php
// Include config file
require_once "config.php";
//the form has been submitted with post
if ($_SERVER["REQUEST_METHOD"] == "POST") {
//define other variables with submitted values from $_POST
$username = $mysqli->real_escape_string($_POST['username']);
$fullname = $mysqli->real_escape_string($_POST['fullname']);
//md5 hash password for security
// $password = md5($_POST['password']);
// $password = password_hash($password, PASSWORD_DEFAULT)
$password = password_hash($_POST['password'], PASSWORD_BCRYPT);
//path were our avatar image will be stored
$avatar_path = $mysqli->real_escape_string('images/avatars/'.$_FILES['avatar']['name']);
//make sure the file type is image
if (preg_match("!image!",$_FILES['avatar']['type'])) {
//copy image to images/ folder
if (copy($_FILES['avatar']['tmp_name'], $avatar_path)){
//set session variables to display on welcome page
$_SESSION['username'] = $username;
$_SESSION['avatar'] = $avatar_path;
//insert user data into database
$sql =
"INSERT INTO users (username, password, fullname, avatar) "
. "VALUES ('$username', '$password', '$fullname', '$avatar_path')";
//check if mysql query is successful
if ($mysqli->query($sql) === true){
$_SESSION['message'] = "Registration successful!"
. "Added $username to the database!";
//redirect the user to welcome.php
header("location: index.php");
}
else {
$_SESSION['message'] = 'User could not be added to the database!';
}
$mysqli->close();
}
else {
$_SESSION['message'] = 'File upload failed!';
}
}
else {
$_SESSION['message'] = 'Please only upload GIF, JPG or PNG images!';
}
}
?>
这是我要在用户登录后显示图像的地方:
<div class="logged-user"> <!-- ova klasa -->
<div class="d-flex align-items-center">
<ul class="list-unstyled list-inline">
<li class="list-inline-item py-2 align-middle">
<p class="avatar mb-2"><?php echo '<img src="'.$path.'" alt="" />'; ?></p>
</li>
<li class="list-inline-item py-2 align-middle mt-4">
<p class="nameofuser mb-2"><?php echo htmlspecialchars($_SESSION["fullname"]); ?></p> <p class="position mt-1">The position</p>
</li>
</ul>
</div>
</div>
更新:我发现了如何显示图片,我使用过:<img src="<?= $_SESSION['avatar'] ?>"
请让某人如此,并通过重新编写参数化语句来帮助我修改代码,以便我避免执行SQL注入攻击??谢谢大家
答案 0 :(得分:0)
我发现了如何显示图片,
<img src="<?= $_SESSION['avatar'] ?>"
非常感谢你们。
答案 1 :(得分:0)
<?php
// Include config file
require_once "config.php";
//the form has been submitted with post
if ($_SERVER["REQUEST_METHOD"] == "POST") {
//define other variables with submitted values from $_POST
$username = $_POST['username']; //remove mysqli_real_escape_string.its useless
$fullname = $_POST['fullname'];
// dont use MD5..Use this hash method
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
//YOUR DB QUERY
if($sql =$YourDbConnectionVariable->prepare("INSERT INTO users (username, password, fullname, avatar) VALUES ('?', '?', '?', '?')")){
$sql->bind_param('ssss', $username, $password, $fullname, $youravatarvariable);
$sql->execute();
$_SESSION['message'] = "Registration successful!"
. "Added $username to the database!";
//redirect the user to welcome.php
header("location: index.php");
}else{
code...
}
.
.
.
.
.
.