我处于开发招标系统的早期阶段,用户可以插入他们想要出售的物品。以下是从临时路径复制图像并将图像路径存储到另一个文件夹的脚本。
define ("MAX_SIZE","10000");
//This function reads the extension of the file. It is used to determine if the file is an image by checking the extension.
function getExtension($str) {
$i = strrpos($str,".");
if (!$i) {
return "";
}
$l = strlen($str) - $i;
$ext = substr($str,$i+1,$l);
return $ext;
};
//This variable is used as a flag. The value is initialized with 0 (meaning no error found) and it will be changed to 1 if an errro occures. If the error occures the file will not be uploaded.
$errors = 0;
//Checks if the form has been submitted
if (isset($_POST['Submit']))
{
//Reads the name of the file the user submitted for uploading
$image=$_FILES['image']['name'];
//If it is not empty
if ($image)
{
//Get the original name of the file from the clients machine
$filename = stripslashes($_FILES['image']['name']);
//Get the extension of the file in a lower case format
$extension = getExtension($filename);
$extension = strtolower($extension);
//If it is not a known extension, we will suppose it is an error and will not upload the file, otherwize we will do more tests
if (($extension != "jpg") &&
($extension != "jpeg") &&
($extension != "png") &&
($extension != "gif"))
{
//Print error message
echo '<h1>Unknown extension!</h1>';
$errors=1;
}
else
{
//Get the size of the image in bytes
//$_FILES['image']['tmp_name'] is the temporary filename of the file in which the uploaded file was stored on the server
$size=filesize($_FILES['image']['tmp_name']);
//Compare the size with the maxim size we defined and print error if bigger
if ($size > MAX_SIZE*111111111111024)
{
echo '<h1>You have exceeded the size limit!</h1>';
$errors=1;
}
//We will give an unique name, for example the time in Unix time format
$image_name=time().'.'.$extension;
//The new name will be containing the full path where will be stored (images folder).
$imagepath='C:\\xampp\\htdocs\\biddingsystem\\Images\\' . $image_name;
//We verify if the image has been uploaded, and print an error instead
$copied = copy($_FILES['image']['tmp_name'], $imagepath);
if (!$copied)
{
echo '<h1>Picture upload failed!</h1>';
$errors=1;
}
}
}
}
//If no errors registred, print the success message
if(isset($_POST['Submit']) && !$errors && isset($_POST['image']))
{
echo "<h1>Picture Uploaded Successfully! Try again!</h1>";
}
然后,我使用下面的脚本将图像路径和其他数据一起插入到MySQL数据库中,并尝试使用表格将它们显示给用户。其他数据很好,但对于图像显示(图像路径),只显示图像的路径,而不是图像本身。
mysql_query("INSERT INTO items
(username, item, price, description, start_date, start_time, imagepath)
VALUES ('$username', '$_POST[item]', '$_POST[price]', '$_POST[description]','$_POST[start_date]', '$_POST[start_time]', '$imagepath') ")
or die ("Error - Couldn't add item");
echo "Item added successfully";
echo "<h1>You have added the following item:</h1>";
$sql = "SELECT item, price, description, start_time, start_date, imagepath FROM items WHERE username = '$username' AND item='$_POST[item]'";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
echo"<table border=2>
<tr><td>Item</td>
<td>Price</td><td>Description</td><td>Start time</td><td>Start date</td><td>Picture</td></tr>
<tr><td> $row[item]</td>
<td> $row[price]</td>
<td> $row[description]</td>
<td> $row[start_time]</td>
<td> $row[start_date]</td>
<td> $row[imagepath]</td>
</tr>
</table></br>";
我尝试使用<img src="<?php $imagepath ?>">
来显示图片,但无济于事。我甚至尝试使用BLOB类型将实际图像本身存储在数据库中。但是,结果是一个填充了奇怪字符的页面。我该如何解决这个问题?
答案 0 :(得分:1)
您混淆了文件系统路径和网络URL。您只需存储/biddingsystem/Images/
部分,甚至只需存储名称,并在显示时动态生成完整路径。
另请注意,您没有正确格式化数据,这会导致一些错误和安全漏洞。我在前面的回答中解释了格式规则,Stack Overflow问题 How to include a PHP variable inside a MySQL insert statement 。
答案 1 :(得分:0)
如果您想使用第一个解决方案,从路径显示,请确保您指向可访问路径中的图像。从您列出的代码中,看起来$ imagepath是一个file://路径。在Web服务器上,您必须将其映射到相对Web路径。
如果您决定使用BLOB,最好的方法是创建一个单独的页面来提供图像。您的输出图像标记应指向该标记,您需要更改图像服务页面标题中的内容类型。