使用cookie移动上传文件时遇到一些麻烦

I have trying insert form values in database. If user already login then it goes inserted fine into database. But if not login first i have stored all fields in cookie then redirected it to login first then after returning it on form page everything is going perfect inserted also but my files is not moved to given path. Please suggest my code given so far .. Error showing on move_uploaded_file($cookie17,$pat);

<?php
 if(isset($_POST['submit'])
 { 
$ad_title=$mysqli->real_escape_string($_POST['ad_title']);
$category=$mysqli->real_escape_string($_POST['category']);
$sub_category=$mysqli->real_escape_string($_POST['sub_category']);
$description=$mysqli->real_escape_string($_POST['description']);
$rent_amount=$mysqli->real_escape_string($_POST['rent_amount']);
$rent_security=$mysqli->real_escape_string($_POST['rent_security']);
$contact=$mysqli->real_escape_string($_POST['contact']);
$email=$mysqli->real_escape_string($_POST['email']);
$city=$mysqli->real_escape_string($_POST['city']);
$state=$mysqli->real_escape_string($_POST['state']);
$area=$mysqli->real_escape_string($_POST['area']);
$buy=(isset($_POST['buy'])?1:0);
$sell=(isset($_POST['sell'])?1:0);
$rent=(isset($_POST['rent'])?1:0);
$manufacture=$mysqli->real_escape_string($_POST['company_name']);
$conditions=$mysqli->real_escape_string($_POST['condition']);

$rent_option=$mysqli->real_escape_string($_POST['rent_option']);

$a=$_FILES['file']['name'];
$path="image/product/$a";

$b=$_FILES['file2']['name'];
$path2="image/product/$b";

$c=$_FILES['file3']['name'];
$path3="image/product/$c";

$d=$_FILES['file4']['name'];
$path4="image/product/$c";

$e=$_FILES['file5']['name'];
$path5="image/product/$c";


if(isset($_SESSION['user_id'])){
$query=$mysqli->query("insert into ads(product_name,category,sub_category,description,image_1,image_2,image_3,image_4,image_5,city,state,rent_amount,rent_option,security_amount,contact_no,email,area,buy,sell,rent,user_id,manufacture,conditions)values('$ad_title','$category','$sub_category','$description','$a','$b','$c','$d','$e','$city','$state','$rent_amount','$rent_option','$rent_security','$contact','$email','$area','$buy','$sell','$rent','$user_id','$manufacture','$conditions')");
move_uploaded_file($_FILES['file']['tmp_name'],$path) & move_uploaded_file($_FILES['file2']['tmp_name'],$path2) & move_uploaded_file($_FILES['file3']['tmp_name'],$path3) & move_uploaded_file($_FILES['file4']['tmp_name'],$path4) & move_uploaded_file($_FILES['file5']['tmp_name'],$path5);
if($query)
{

echo "success";
}
}else{ 


  $time = time() + 60;
  setcookie('email',$email,$time);
  setcookie('ad_title',$ad_title,$time);
  setcookie('category',$category,$time);
  setcookie('sub_category',$sub_category,$time);
  setcookie('description',$description,$time);
  setcookie('rent_amount',$rent_amount,$time);
  setcookie('rent_security',$rent_security,$time);
  setcookie('contact',$contact,$time);
  setcookie('city',$city,$time);
  setcookie('state',$state,$time);
  setcookie('area',$area,$time);
  setcookie('buy',$buy,$time);
  setcookie('sell',$sell,$time);
  setcookie('rent',$rent,$time);
  setcookie('manufacture',$manufacture,$time);
  setcookie('condition',$conditions,$time);
  
  setcookie('rent_option',$rent_option,$time);
   
   setcookie('file',$a,$time);
   setcookie('file2',$b,$time);
   setcookie('file3',$c,$time);
   setcookie('file4',$d,$time);
   setcookie('file5',$e,$time);
   
header("Location:product/login.php"); }
}
 
 if(isset($_COOKIE['email'])){
     
     $email =$_COOKIE['email'];
     $cookie2 = $_COOKIE['ad_title']; 
     $cookie3 = $_COOKIE['category'];
     $cookie4 = $_COOKIE['sub_category'];
     $cookie5 = $_COOKIE['description'];
     $cookie6 = $_COOKIE['rent_amount'];
     $cookie7 = $_COOKIE['rent_security'];
     $cookie8 = $_COOKIE['contact'];
     $cookie9 = $_COOKIE['city'];
     $cookie10 = $_COOKIE['state'];
     $cookie11 = $_COOKIE['area'];
     $cookie12 = $_COOKIE['buy'];
     $cookie13 = $_COOKIE['sell'];
     $cookie14 = $_COOKIE['rent'];
     $cookie15 = $_COOKIE['manufacture'];
     $cookie16 = $_COOKIE['condition'];
     $cookie17 = $_COOKIE['file'];
     $cookie18 = $_COOKIE['file2'];
     $cookie19 = $_COOKIE['file3'];
     $cookie20 = $_COOKIE['file4'];
     $cookie21 = $_COOKIE['file5'];
     $cookie22 = $_COOKIE['rent_option'];
     
     
     
$pat="image/product/$cookie17";
$pat2="image/product/$cookie18";
$pat3="image/product/$cookie19";
$pat4="image/product/$cookie20";
$pat5="image/product/$cookie21";
  
     
     
     
     
$query1=$mysqli->query("insert into ads(product_name,category,sub_category,description,image_1,image_2,image_3,image_4,image_5,city,state,rent_amount,rent_option,security_amount,contact_no,email,area,buy,sell,rent,user_id,manufacture,conditions)
values
('$cookie2','$cookie3','$cookie4','$cookie5','$cookie17','$cookie18','$cookie19','$cookie20','$cookie21',
'$cookie9','$cookie10','$cookie6','$cookie22','$cookie7','$cookie8',
'$email','$cookie11','$cookie12','$cookie13','$cookie14','$user_id','$cookie15','$cookie16')");
move_uploaded_file($cookie17,$pat)& 
move_uploaded_file($cookie18,$pat2)& 
move_uploaded_file($cookie19,$pat3)& 
move_uploaded_file($cookie20,$pat4)& 
move_uploaded_file($cookie21,$pat5);
     
     
     if($query1){
         
         echo "Succes";
     }
     else{
         echo "Something went wrong.";
     }
     
     
     }
     
 ?>

</div>

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

douzhuang1900 2015-11-21 10:43

关注

PHP temporary uploads are only stored until the script ends for security reasons. So you need to save the file first in some temporary place of your own, then later after user login, move it again, or delete the file after a while..

But your code has major problems regarding security, you should learn how to use PHP PDO MySQL Queries, then you need to apply it correctly. Currently you escape the $_POST, but then not the cookies. So actually you should only escape when inserting into DB, currently it gets escaped and in some cases written into cookies. And later reused. Besides that you should validate the input data, and the image. Overall some validation should be done. See Easiest Form validation library for PHP?

<?php
$savePath = 'image/product/';
$temporarayPath = 'image/tempupload/';
if (isset($_POST['submit'])) {
    $ad_title = $mysqli->real_escape_string($_POST['ad_title']);
    $category = $mysqli->real_escape_string($_POST['category']);
    $sub_category = $mysqli->real_escape_string($_POST['sub_category']);
    $description = $mysqli->real_escape_string($_POST['description']);
    $rent_amount = $mysqli->real_escape_string($_POST['rent_amount']);
    $rent_security = $mysqli->real_escape_string($_POST['rent_security']);
    $contact = $mysqli->real_escape_string($_POST['contact']);
    $email = $mysqli->real_escape_string($_POST['email']);
    $city = $mysqli->real_escape_string($_POST['city']);
    $state = $mysqli->real_escape_string($_POST['state']);
    $area = $mysqli->real_escape_string($_POST['area']);
    $buy = (isset($_POST['buy']) ? 1 : 0);
    $sell = (isset($_POST['sell']) ? 1 : 0);
    $rent = (isset($_POST['rent']) ? 1 : 0);
    $manufacture = $mysqli->real_escape_string($_POST['company_name']);
    $conditions = $mysqli->real_escape_string($_POST['condition']);

    $rent_option = $mysqli->real_escape_string($_POST['rent_option']);


    $a = $_FILES['file']['name'];
    $b = $_FILES['file2']['name'];
    $c = $_FILES['file3']['name'];
    $d = $_FILES['file4']['name'];
    $e = $_FILES['file5']['name'];

    if (isset($_SESSION['user_id'])) {
        $query = $mysqli->query("insert into ads(product_name,category,sub_category,description,image_1,image_2,image_3,image_4,image_5,city,state,rent_amount,rent_option,security_amount,contact_no,email,area,buy,sell,rent,user_id,manufacture,conditions)
values('$ad_title','$category','$sub_category','$description','$a','$b','$c','$d','$e','$city','$state','$rent_amount','$rent_option','$rent_security','$contact','$email','$area','$buy','$sell','$rent','$user_id','$manufacture','$conditions')");
        move_uploaded_file($_FILES['file']['tmp_name'], $savePath . $a);
        move_uploaded_file($_FILES['file2']['tmp_name'], $savePath . $b);
        move_uploaded_file($_FILES['file3']['tmp_name'], $savePath . $c);
        move_uploaded_file($_FILES['file4']['tmp_name'], $savePath . $d);
        move_uploaded_file($_FILES['file5']['tmp_name'], $savePath . $e);

        if ($query) {
            echo "success";
        }
    } else {
        move_uploaded_file($_FILES['file']['tmp_name'], $temporarayPath . $a);
        move_uploaded_file($_FILES['file2']['tmp_name'], $temporarayPath . $b);
        move_uploaded_file($_FILES['file3']['tmp_name'], $temporarayPath . $c);
        move_uploaded_file($_FILES['file4']['tmp_name'], $temporarayPath . $d);
        move_uploaded_file($_FILES['file5']['tmp_name'], $temporarayPath . $e);
        $time = time() + 60;
        setcookie('email', $email, $time);
        setcookie('ad_title', $ad_title, $time);
        setcookie('category', $category, $time);
        setcookie('sub_category', $sub_category, $time);
        setcookie('description', $description, $time);
        setcookie('rent_amount', $rent_amount, $time);
        setcookie('rent_security', $rent_security, $time);
        setcookie('contact', $contact, $time);
        setcookie('city', $city, $time);
        setcookie('state', $state, $time);
        setcookie('area', $area, $time);
        setcookie('buy', $buy, $time);
        setcookie('sell', $sell, $time);
        setcookie('rent', $rent, $time);
        setcookie('manufacture', $manufacture, $time);
        setcookie('condition', $conditions, $time);

        setcookie('rent_option', $rent_option, $time);

        setcookie('file', $a, $time);
        setcookie('file2', $b, $time);
        setcookie('file3', $c, $time);
        setcookie('file4', $d, $time);
        setcookie('file5', $e, $time);

        header("Location:product/login.php");
    }
}

if (isset($_COOKIE['email'])) {

    $email = $_COOKIE['email'];
    $cookie2 = $_COOKIE['ad_title'];
    $cookie3 = $_COOKIE['category'];
    $cookie4 = $_COOKIE['sub_category'];
    $cookie5 = $_COOKIE['description'];
    $cookie6 = $_COOKIE['rent_amount'];
    $cookie7 = $_COOKIE['rent_security'];
    $cookie8 = $_COOKIE['contact'];
    $cookie9 = $_COOKIE['city'];
    $cookie10 = $_COOKIE['state'];
    $cookie11 = $_COOKIE['area'];
    $cookie12 = $_COOKIE['buy'];
    $cookie13 = $_COOKIE['sell'];
    $cookie14 = $_COOKIE['rent'];
    $cookie15 = $_COOKIE['manufacture'];
    $cookie16 = $_COOKIE['condition'];
    $cookie17 = $_COOKIE['file'];
    $cookie18 = $_COOKIE['file2'];
    $cookie19 = $_COOKIE['file3'];
    $cookie20 = $_COOKIE['file4'];
    $cookie21 = $_COOKIE['file5'];
    $cookie22 = $_COOKIE['rent_option'];
    $user_id = $_SESSION['user_id'];

    $pat = $savePath . $cookie17;
    $pat2 = $savePath . $cookie18;
    $pat3 = $savePath . $cookie19;
    $pat4 = $savePath . $cookie20;
    $pat5 = $savePath . $cookie21;


    $query1 = $mysqli->query("insert into ads(product_name,category,sub_category,description,image_1,image_2,image_3,image_4,image_5,city,state,rent_amount,rent_option,security_amount,contact_no,email,area,buy,sell,rent,user_id,manufacture,conditions)
values
('$cookie2','$cookie3','$cookie4','$cookie5','$cookie17','$cookie18','$cookie19','$cookie20','$cookie21',
'$cookie9','$cookie10','$cookie6','$cookie22','$cookie7','$cookie8',
'$email','$cookie11','$cookie12','$cookie13','$cookie14','$user_id','$cookie15','$cookie16')");

    rename($temporarayPath . $cookie17, $pat);
    rename($temporarayPath . $cookie18, $pat2);
    rename($temporarayPath . $cookie19, $pat3);
    rename($temporarayPath . $cookie20, $pat4);
    rename($temporarayPath . $cookie21, $pat5);

    if ($query1) {
        echo "Succes";
    } else {
        echo "Something went wrong.";
    }
}

?>

本回答被题主选为最佳回答 , 对您是否有帮助呢?

报告相同问题？

关注问题

使用cookie移动上传文件时遇到一些麻烦 mysql php
2015-11-21 10:24

回答 1 已采纳 PHP temporary uploads are only stored until the script ends for security reasons. So you need to s
servlet清空cookie时遇到的很奇怪的问题，求教 java
2018-10-28 07:30

回答 1 已采纳 https://blog.csdn.net/abc86319253/article/details/9212565
使用Yii2通过AJAX登录设置cookie时遇到问题 ajax php
2016-10-01 13:56

回答 1 已采纳 As I suspected (see my earlier comment) response might not be correctly generated in case of simpl
大数据之路：阿里巴巴大数据实践
2020-08-16 10:49

涛声依旧（竞涛）的博客阿里巴巴大数据系统体系架构主要分为数据采集、数据计算、数据服务和数据应用四大层次。第2章：日志采集阿里巴巴的日志采集体系方案包括两大体系：Aplus.JS是Web端（基于浏览器）日志采集技术方案：UserTrack是...
使用fetch（）发布时未设置Cookie javascript php
2018-06-08 19:42

回答 1 已采纳 By default, fetch does not have cookies enabled, you can do so by adding the credentials option an
关于使用cookie做用户以登陆校验。
2018-04-02 06:59

回答 7 已采纳一般都是固定key,像你说的第二种存多个用户的cookie 首先我想不到这么做有什么作用另外如果存多个cookie key都不一样发出请求的时候会把多个cookie都带上
python使用urllib2 批量下载文件，遇到校验怎么办？ python
2017-09-26 09:53

回答 5 已采纳截图里的链接不需要校验，直接就能打开的，可能是你要下载的文件网页中没有(或者文件类型不对)
理解Cookie和Session的区别及使用
2018-12-28 14:54

mackgao的博客原理解Cookie和Session的区别及使用 &lt;/div&gt; &lt;div class="operating"&gt; &lt;/div&gt; ...
提取的cookie使用出现问题开发语言扩展屏应用开发
2023-02-07 16:36

回答 1 已采纳你可以看下这个问题的回答https://ask.csdn.net/questions/7663008你也可以参考下这篇文章：Cookie跨域问题的解决
netfilx 如何提取cookie 和使用cookie和工具登录 idea
2021-06-19 01:56

回答 1 已采纳点击 [导出 cookie]，cookie将以 json 格式导出至剪贴板，此时新建一个 TXT 文本粘贴保存即可。
javaweb 设置的cookie在电脑浏览器可以使用，手机却无效 html java java-ee
2021-10-14 20:43

回答 1 已采纳 1
大数据学习总结+JAVA学习总结+大数据面试+java面试+大数据java异常总结
2020-09-28 13:49

悬鞀设鐸的博客浏览器禁用Cookie后的Session处理3.主从复制的流程[重要]5.redis的数据类型[重要]6.Junit测试的注解7、缓存问题二、项目中java模块的难点异常[重要]1.MultipartiFile图片从前台用Restfull到后台问题2.批量删除参数...
关于cookie缓存的一些问题 http 服务器
2017-06-05 07:47

回答 2 已采纳网页中的script脚本也可以操纵cookie的
一个小兔子的大数据见解1
2019-02-20 14:00

会武术的科学家的博客离线阶段刚去公司的时候，做数据的迁移，写sqoop脚本...这里我们使用是shell脚本的方式，写完以后提交到oozie或azkaban这种调度工具上定时执行。b.这里有技术的问题，实际上把数据放到hive中是放到了hadoop的hdfs...
《大数据之路：阿里巴巴大数据实践》
2019-11-22 15:49

不急吃口药的博客《大数据之路：阿里巴巴大数据实践》语录目录一、数据采集 1 ◆日志采集 1 ▼浏览器的页面日志采集 1 ▼无线客户端的日志采集 2 （1）页面事件 3 （2）控件点击事件 3 （3）其它事件 3 （4）特殊场景...
没有解决我的问题, 去提问

悬赏问题

¥15 关于#matlab#的问题：在模糊控制器中选出线路信息，在simulink中根据线路信息生成速度时间目标曲线（初速度为20m/s，15秒后减为0的速度时间图像）我想问线路信息是什么
¥15 banner广告展示设置多少时间不怎么会消耗用户价值
¥16 mybatis的代理对象无法通过@Autowired装填
¥15 可见光定位matlab仿真
¥15 arduino 四自由度机械臂
¥15 wordpress 产品图片 GIF 没法显示
¥15 求三国群英传pl国战时间的修改方法
¥15 matlab代码代写，需写出详细代码，代价私
¥15 ROS系统搭建请教（跨境电商用途）
¥15 AIC3204的示例代码有吗，想用AIC3204测量血氧，找不到相关的代码。

码龄粉丝数原力等级 --

使用cookie移动上传文件时遇到一些麻烦

1条回答默认最新

码龄粉丝数原力等级 --

悬赏问题

使用cookie移动上传文件时遇到一些麻烦

1条回答 默认 最新

悬赏问题

1条回答默认最新