doumi1944 2014-09-06 11:33
浏览 18
已采纳

图片上传PHP问题

I'm having some trouble uploading an image to the server. The image should be uploaded to the directory IteamImages and the name should be in the format: $userid_$date.png

Two Problems:

The image doesnt seem to show up in the directory

The image name shows up as: upload/Array_20140906072547.png (instead of upload/4_20140906072547.png)

$UserId=$_POST['UserId']; 
$uploaddir = "IteamImages/";
$DateLastEdit = $UserID."_".date("YmdHis");
$dateCreates = date("Y-m-d H:i:s");
$file = $DateLastEdit.".png";
$uploadfile = $uploaddir . $file;

if ($_FILES["file"]["error"] > 0) {
  echo "Error: " . $_FILES["file"]["error"] . "<br>";
} else {
  echo "Upload: " . $_FILES["file"]["name"] . "<br>";
  echo "Type: " . $_FILES["file"]["type"] . "<br>";
  echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
  echo "Stored in: " . $_FILES["file"].$file;
}
if (file_exists("upload/" . $_FILES["file"]["name"])) {
      echo $_FILES["file"]["name"] . " already exists. ";
    } else {
      move_uploaded_file($_FILES["file"].$file,
      "upload/" . $_FILES["file"].$file);
      echo "Stored in: " . "upload/" . $_FILES["file"].$file;
    }

mysql_query("UPDATE ItemDetails SET ItemImage='$file' WHERE UserID ='$UserID' AND Id='$last'");

This is part of the html form:

<form action="manual-item-post.php" method="post" enctype="multipart/form-data">
UserId: <input type="text" name="UserId"><br>
<label for="file">Image Upload:</label><br>
<input type="file" name="file" id="file"><br>
<input type="submit">
</form>
  • 写回答

1条回答 默认 最新

  • doushen2154 2014-09-06 11:38
    关注

    $_FILES["file"] is an array and when you concatenate it echo "Stored in: " . "upload/" . $_FILES["file"].$file; PHP automatically converts it to string, resulting in Array.

    I suppose you wanted it to be echo "Stored in: " . "upload/" . $file;

    Also you might want to change move_uploaded_file($_FILES["file"].$file, "upload/" . $_FILES["file"].$file); to move_uploaded_file($_FILES["file"]['tmp_name'], $uploadfile); ($_FILES["file"]['tmp_name'] is the path of the uploaded temp file you want to move)

    And $DateLastEdit = $UserID."_".date("YmdHis"); will always result in "_DATE" as the variable is wrong (needs to be $DateLastEdit = (int)$UserId."_".date("YmdHis");)

    PS: I cast $UserId to integer, otherwise directory traversal is possible (e.g., post ../../something/ as UserId). And by directly passing user entered data to an SQL query, you also have a SQL injection.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥17 pro*C预编译“闪回查询”报错SCN不能识别
  • ¥15 微信会员卡接入微信支付商户号收款
  • ¥15 如何获取烟草零售终端数据
  • ¥15 数学建模招标中位数问题
  • ¥15 phython路径名过长报错 不知道什么问题
  • ¥15 深度学习中模型转换该怎么实现
  • ¥15 HLs设计手写数字识别程序编译通不过
  • ¥15 Stata外部命令安装问题求帮助!
  • ¥15 从键盘随机输入A-H中的一串字符串,用七段数码管方法进行绘制。提交代码及运行截图。
  • ¥15 TYPCE母转母,插入认方向