dongpao1905 2012-12-26 04:49
浏览 51
已采纳

将文件上传到服务器,但文件名不保存到数据库

Here is the issue: The file name is not being saved into the database. Files are being uploaded to the server just fine, yet the file name will not save at all. I can echo the file name once the file is uploaded successfully but it does want to save the filename to the database for whatever reason. I'm sure this is an easy fix and I'm just missing something (I hope).

Thanks in advance.

(p.s. yes, I know I should be using mysqli)

HTML:

<form action="" name="loa" method="post" enctype="multipart/form-data">
    <input type="hidden" name="size" value="350000">
    <input type="file" name="loa"> 
    <input type="submit" name="loasub" value="Upload Letter of     Authorization">
</form>

PHP:

<?php
    if (!empty($_POST['loasub'])) {
        $target = "loa/";
        $target = $target . basename( $_FILES['loa']['name']);
        $theloa = ($_FILES['loa']['name']);
        mysql_connect("localhost", "user", "pass") or die(mysql_error()) ;
        mysql_select_db("mydb") or die(mysql_error()) ;

        //Writes the information to the database
        mysql_query("UPDATE customers SET loa='$theloa' WHERE id='30'") ;
        if(move_uploaded_file($_FILES['loa']['tmp_name'], $target))
        {
            echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
            echo $theloa;
        }
        else {
            echo "Sorry, there was a problem uploading your file.";
        }
    }
?>
  • 写回答

4条回答 默认 最新

  • douqiandai4327 2012-12-26 05:28
    关注

    A couple of things to consider:

    1. mysql_* functions are deprecated. Use mysqli or PDO instead.
    2. Your query can break if the variable $theloa has a single quote in it. Use prepared statements to prevent such errors and prevent (siren sounds and red lights flashing) SQL injection.

    Consider doing a var_dump($_FILES['loa']['name']) and pasting it in with your question for more clarity.

    Try using the following modified mysqli version of your file (you need to have the mysqli extension enabled in your PHP installation). It should (ideally) work.

    <?php
    if (!empty($_POST['loasub'])) {

        $theloa = ($_FILES['loa']['name']);
        $target = "loa/";
        $target = $target . basename($theloa);

        $mysqli = new mysqli("localhost", "user", "password", "mydb");
        if (mysqli_connect_errno()) {
            die(mysqli_connect_error());
        }


        //Writes the information to the database
        if ($preparedStatement = $mysqli->prepare("UPDATE customers SET loa=? WHERE id=30")) {
            $preparedStatement->bind_param("s", $theloa);
            $executionResult = $preparedStatement->execute();
            if (!$executionResult) {
                die("Query execution failed!");
            }
            //$preparedStatement->bind_result($sqlOutput); // bind mysql output to an output variable
            //$preparedStatement->fetch(); // fetch mysql output
            //var_dump($sqlOutput); // dump the sql output

            $preparedStatement->close();
        }
        $mysqli->close();

        if(move_uploaded_file($_FILES['loa']['tmp_name'], $target))
        {
            echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
            echo $theloa;
        }
        else {
            echo "Sorry, there was a problem uploading your file.";
        }
    }
?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 Matlab怎么求解含参的二重积分?
  • ¥15 苹果手机突然连不上wifi了?
  • ¥15 cgictest.cgi文件无法访问
  • ¥20 删除和修改功能无法调用
  • ¥15 kafka topic 所有分副本数修改
  • ¥15 小程序中fit格式等运动数据文件怎样实现可视化?(包含心率信息))
  • ¥15 如何利用mmdetection3d中的get_flops.py文件计算fcos3d方法的flops?
  • ¥40 串口调试助手打开串口后,keil5的代码就停止了
  • ¥15 电脑最近经常蓝屏,求大家看看哪的问题
  • ¥60 高价有偿求java辅导。工程量较大,价格你定,联系确定辅导后将采纳你的答案。希望能给出完整详细代码,并能解释回答我关于代码的疑问疑问,代码要求如下,联系我会发文档