dongtang6775
2016-05-20 18:20
浏览 53
已采纳

php上传脚本没有上传 - 但它正在添加到数据库?

A weird problem when i am trying to make a banner art upload system for user profiles.

I have searched for answers, but none have solved it.

It is not a permissions problem, my chmod is 755 on uploads folder and in the upload.php file.

code below:

if ($_POST && !empty($_FILES)) {
$formOk = true;

//Assign Variables
$path = $_FILES['image']['tmp_name'];
$name = $_FILES['image']['name'];
$size = $_FILES['image']['size'];
$type = $_FILES['image']['type'];

if ($_FILES['image']['error'] || !is_uploaded_file($path)) {
    $formOk = false;
    echo "Error: Error in uploading file. Please try again.";
}

//check file extension
if ($formOk && !in_array($type, array('image/png', 'image/x-png', 'image/jpeg', 'image/pjpeg', 'image/gif'))) {
    $formOk = false;
    echo "Error: Unsupported file extension. Supported extensions are JPG / PNG.";
}
// check for file size.
if ($formOk && filesize($path) > 500000) {
    $formOk = false;
    echo "Error: File size must be less than 3 MB.";
}

if ($formOk) {
    // read file contents
    $content = file_get_contents($path);

    //connect to mysql database
    if ($conn = mysqli_connect('localhost', 'hidden', 'hidden', 'hidden')) {
        $user_id = mysqli_real_escape_string($conn, $_POST['user_id']);
        $username = mysqli_real_escape_string($conn, $_POST['username']);
        $content = mysqli_real_escape_string($conn, $content);
    $sql = "insert into banners (user_id, username, name, size, type, content) values ('{$user_id}','{$username}','{$name}', '{$size}', '{$type}', '{$content}')";

        if (mysqli_query($conn, $sql)) {
            $uploadOk = true;
            $imageId = mysqli_insert_id($conn);
        } else {
            echo "Error: Could not save the data to mysql database. Please try again.";
        }

        mysqli_close($conn);
    } else {
        echo "Error: Could not connect to mysql database. Please try again.";
    }
}

And the form is:

        <form method="post" enctype="multipart/form-data" action="<?=$_SERVER['PHP_SELF']?>" >
      <div>
        <h3>Image Upload:</h3>
      </div>
      <div>
        <label>Image</label>
        <img src="<?php print_r($path); ?>"/>
        <?php print_r($_FILES); ?>
        <input type="text" name="user_id" value="<?php echo $user->data["user_id"]; ?>" readonly/>
        <br />
        <input type="text" name="username" value="<?php echo $user->data["username"]; ?>" readonly/>            
        <input type="hidden" name="MAX_FILE_SIZE" value="500000">
        <input type="file" name="image" />
        <input name="submit" type="submit" value="Upload">
      </div>
    </form>     

I have the form in the same file upload.php along with my include header and footer.

So basically it stores the data into the database, but just will not upload what so ever, i also checked the phpinfo and so on, and all is ok, it is turned on, and file limit in phpinfo is 64mb, so i don't get why it wont upload?

any help would be appreciated, thanks

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • doucong1268 2016-05-20 18:34
    已采纳

    Simple: You didn't move that file anywhere, as in move_uploaded_file().

    Base yourself on the following example taken from the manual:

    <?php
    // In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
    // of $_FILES.
    
    $uploaddir = '/var/www/uploads/';
    $uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
    
    echo '<pre>';
    if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
        echo "File is valid, and was successfully uploaded.
    ";
    } else {
        echo "Possible file upload attack!
    ";
    }
    
    echo 'Here is some more debugging info:';
    print_r($_FILES);
    
    print "</pre>";
    

    and check for errors too.

    点赞 打赏 评论
  • duanhu2414 2016-05-21 21:00

    I just wanted to post how i did it, thanks to Fred and some other comments others made :)

                    //Assign Variables
                $username = $user->data['username'];
                #mkdir("uploads/".$username,0755);
                $target_dir = "../uploads/$username-";
                $path = $target_dir . basename($_FILES['image']['tmp_name']);
                $name = $target_dir . basename($_FILES['image']['name'].$user_id);
                $size = $_FILES['image']['size'];
                $type = $_FILES['image']['type'];
    
    
    
                    if (move_uploaded_file($_FILES['image']['tmp_name'], $name)) {
                echo "<h2>Thank you for uploading your banner art - File is valid, and was successfully uploaded.
    </h2>";
            } else {
                echo "Possible file upload attack!
    ";
            }
    

    so I also made it so it now puts a username in front of the uploaded images name too.

    The form is pretty much the same, I now also made it so that the upload and update open in a nice fancy box :)

    https://gyazo.com/e12a03ce01d8f503b8fa2e79f5605809

    Thanks again everyone :)

    点赞 打赏 评论

相关推荐 更多相似问题