我在从函数返回值时遇到问题。我认为我已经设置它返回$ filename,但是当它返回时我没有得到空值。我在某个地方犯了错误吗?我将imageupload函数分配给变量$ newfilename,然后尝试插入到我的数据库中,并且在该记录的列中没有数据。
imageupload函数:
function imageupload()
{
$allowed_types=array(
'image/gif',
'image/jpeg',
'image/png',
'image/pjpeg',
);
if (($_FILES["picupload"]["size"] < 5500000))
{
if(in_array($_FILES["picupload"]["type"], $allowed_types))
{
if ($_FILES["picupload"]["error"] > 0)
{
throw new Exception('Invalid File - No Data In File');
}
else
{
$dirname = getcwd() . '/userpics/' . $_SESSION['username'];
if (!file_exists($dirname))
{
$thisdir = getcwd() . "/userpics/" . $_SESSION['username'];
if(mkdir($thisdir , 0777))
{
$filename = basename( $_FILES['picupload']['name']);
$ext = end(explode(".", $filename));
$thisdir = getcwd() . "/userpics/" . $_SESSION['username'] . "/profilepic." . $ext;
if(move_uploaded_file($_FILES['picupload']['tmp_name'], $thisdir))
{
return $ext;
}
else
{
throw new Exception('Could not upload file');
}
}
else
{
throw new Exception('Could not create directory');
}
}
else
{
$filename = basename( $_FILES['picupload']['name']);
$ext = end(explode(".", $filename));
$thisdir = getcwd() . "/userpics/" . $_SESSION['username'] . "/profilepic." . $ext;
if(move_uploaded_file($_FILES['picupload']['tmp_name'], $thisdir))
{
return $ext;
}
else
{
throw new Exception('Could not upload file');
}
}
}
}
else
{
throw new Exception('Invalid File Type');
}
}
else
{
throw new Exception('Invalid File Error, File Too Large');
}
}
代码调用Imageupload:
else if ($type == "update")
{
if($_POST['changeimage'] == 'true')
{
$newfilename = imageupload();
$sql="UPDATE users SET `FirstName`='$_POST[firstname]', `MiddleInt`='$_POST[middleint]', `LastName`='$_POST[lastname]', `emailAddress`='$_POST[emailaddress]', `website`='$_POST[website]', `Title`='$_POST[title]', `College`='$_POST[collegedropdown]', `Department`='$_POST[deptdropdown]', `Phone`='$_POST[phone]', `Photo`='$newfilename' WHERE `uid` = '$uid';";
}
else
{
$sql="UPDATE users SET `FirstName`='$_POST[firstname]', `MiddleInt`='$_POST[middleint]', `LastName`='$_POST[lastname]', `emailAddress`='$_POST[emailaddress]', `website`='$_POST[website]', `Title`='$_POST[title]', `College`='$_POST[collegedropdown]', `Department`='$_POST[deptdropdown]', `Phone`='$_POST[phone]' WHERE `uid` = '$uid';";
}
}
else
{
echo "Error, please contact the administrator";
}
$result = mysql_query($sql,$con);mysql_close($con);
//header("location: index.php");
}
答案 0 :(得分:0)
您的代码有很多问题。
首先,您引用了$_FILES['file']。但在此之后,您引用了$_FILES['picupload']。
其次,$allowed_types未定义。
此外,getcwd()通常不会返回斜杠。所以这个:
$thisdir = getcwd() . 'userpics/' . $_SESSION['username'];
......可能不会起作用。这样:
$ext = end(explode(".", $filename));
......是非法的。 end接受参考。因此,您无法将函数的结果传递给它。您应该首先将其存储在变量中。但是,这是实现相同目标的最佳方法是使用pathinfo。
在某些时候,你错误地做了file_exists($thisdir) 然后 mkdir($thisdir)。您之后也没有在目录中附加文件名。
您不必要地复制代码并使用if...else例外。你应该重构(它也会使调试更容易):
function imageupload()
{
// define $allowed_types
$allowed_types = array('image/png');
// use "picupload" here
if ($_FILES["picupload"]["size"] >= 5500000)
throw new Exception('Invalid File Error, File Too Large');
if (!in_array($_FILES["picupload"]["type"], $allowed_types))
throw new Exception('File type not allowed');
if ($_FILES["picupload"]["error"] > 0)
throw new Exception('Invalid File - No Data In File');
// fix the getcwd() expression
$thisdir = getcwd() . '/userpics/' . $_SESSION['username'];
// create the directory only if it doesn't exist
if (!file_exists($thisdir)) {
if (!mkdir($thisdir, 0777))
throw new Exception('Could not create directory');
}
$filename = basename($_FILES['picupload']['name']);
// fix the end(explode()) illegal call
$ext = pathinfo($filename, PATHINFO_EXTENSION);
// make sure this is actually a filename, and not a directory
$thisdir .= "/profilepic." . $ext;
if (!move_uploaded_file($_FILES['picupload']['tmp_name'], $thisdir))
throw new Exception('Could not upload file');
return $filename;
}
注意:如评论中所提到的,调用者代码也容易受到SQL注入的攻击。</ em>