PHP使用if else语句从另一个文件中调用变量

时间:2019-06-28 01:08:06

标签: php

我使用此upload.php文件来验证/存储上传图像。然后,图像将转换为base64并存储到数据库中。在我的save.php文件中,我include "upload.php";并调用$hex_string并传递给全局变量$NewHexString。但是似乎在我的save.php中它返回一个空值。

p / s:从控制台upload.php可以看到$hex_string返回一个值。

upload.php 

$file = $_FILES['fileUpload'];	
$fileName = $_FILES['fileUpload']['name'];
$fileTmpName = $_FILES['fileUpload']['tmp_name'];  //directory location	
$fileSize = $_FILES['fileUpload']['size'];
$fileError = $_FILES['fileUpload']['error'];       //default 0 | 1 got error

print_r ($file);

$fileExt = explode('.', $fileName);           //split file name to get ext.
$fileActualExt = strtolower(end($fileExt));  	//change to lowercase for the extension file
$allowed = array('jpg','jpeg','png');	

//$hex_string = 90707;   
// if I hardcode the value here it able pass this value to database. 
// But when I put inside if..else statement, it will return null.

if(in_array($fileActualExt, $allowed)){
  if($fileError === 0){
    if($fileSize < 500000){

      $fileDestination = './uploads/'.$fileName;					
      move_uploaded_file($fileTmpName , $fileDestination); 

      $data = file_get_contents($fileTmpName);
      $hex_string = base64_encode($data);

      echo $hex_string;
      // print_r ($hex_string); 

    }else{
      echo "You files is too big!";
    }	
  }else{
    echo "Error occur when upload file!"; 
  }
}else{
  echo "You cannot upload files of this type!";
}

我用来调用$hex_string并传递给全局变量的

save.php 

<?
$propertyID = "1";
include($_SERVER['DOCUMENT_ROOT'] . '/PDOfile.php'); 
$ehorsObj = new TM();
$ehorsObj->TM_CONNECT($propertyID);

include "upload.php";
$NewHexString = $hex_string;   //<-- return a null value??

$method = $_POST['method'];
$method();

/** EDIT **/
function editPropertyMasterData() {
	global $ehorsObj;	
	global $NewHexString;
	
    $propertyID     = (isset($_POST['propertyID']) ? $_POST['propertyID'] : '');
    $propertyName   = (isset($_POST['propertyName']) ? $_POST['propertyName'] : '');
    $propertyColor   = (isset($_POST['propertyColor']) ? $_POST['propertyColor'] : '');
    $businessRegistrationNo   = (isset($_POST['businessRegistrationNo']) ? $_POST['businessRegistrationNo'] : '');
    $noOfRooms   = (isset($_POST['noOfRooms']) ? $_POST['noOfRooms'] : '');
    $active 		= (isset($_POST['active']) ? $_POST['active'] : '');

    $sqlUpdate = " UPDATE tblProperty
                      SET propertyName = '" . $propertyName . "',
                      propertyLogo = '" . $NewHexString . "',
                      propertyColor = '" . $propertyColor . "',
                      businessRegistrationNo = '" . $businessRegistrationNo . "',
                      noOfRooms = '" . $noOfRooms . "',
                      active = '" . $active . "'
                   WHERE propertyID = '" . $propertyID . "' ";
    $ehorsObj->ExecuteData($sqlUpdate, $ehorsObj->DEFAULT_PDO_CONNECTIONS);
}

?>

1 个答案:

答案 0 :(得分:0)

您可以从上传文件中返回数据数组:

if (!in_array($fileActualExt, $allowed)) {
    return ['error' => 'You cannot upload files of this type!'];
}

if ($fileError !== 0) {
    return ['error' => 'Error occur when upload file!'];
}

if ($fileSize > 500000) {
    return ['error' => 'Your file size is too big!'];
}

$fileDestination = './uploads/' . $fileName;                    
move_uploaded_file($fileTmpName, $fileDestination); 

$data = file_get_contents($fileTmpName);

return ['hexString' => base64_encode($data)];

现在,在您的save.php文件中,您可以像这样检查有效载荷:

$propertyID = "1";

include($_SERVER['DOCUMENT_ROOT'] . '/PDOfile.php'); 

$ehorsObj = new TM();
$ehorsObj->TM_CONNECT($propertyID);

$uploadPayload = require "upload.php";

if (isset($uploadPayload['error'])) {
    echo $uploadPayload['error']);
    // do something in case of error
}

$method = $_POST['method'];
$method($ehorsObj, $uploadPayload['hexString']);

/** EDIT **/
function editPropertyMasterData($ehorsObj, $NewHexString)
{
    $propertyID     = (isset($_POST['propertyID']) ? $_POST['propertyID'] : '');
    $propertyName   = (isset($_POST['propertyName']) ? $_POST['propertyName'] : '');
    $propertyColor   = (isset($_POST['propertyColor']) ? $_POST['propertyColor'] : '');
    $businessRegistrationNo   = (isset($_POST['businessRegistrationNo']) ? $_POST['businessRegistrationNo'] : '');
    $noOfRooms   = (isset($_POST['noOfRooms']) ? $_POST['noOfRooms'] : '');
    $active         = (isset($_POST['active']) ? $_POST['active'] : '');

    $sqlUpdate = " UPDATE tblProperty
                      SET propertyName = '" . $propertyName . "',
                      propertyLogo = '" . $NewHexString . "',
                      propertyColor = '" . $propertyColor . "',
                      businessRegistrationNo = '" . $businessRegistrationNo . "',
                      noOfRooms = '" . $noOfRooms . "',
                      active = '" . $active . "'
                   WHERE propertyID = '" . $propertyID . "' ";
    $ehorsObj->ExecuteData($sqlUpdate, $ehorsObj->DEFAULT_PDO_CONNECTIONS);
}

您应该考虑的事情:

  1. 避免使用全局变量
  2. 使用准备好的语句来避免SQL injections
相关问题
最新问题