doumi1944 2014-09-06 11:33
浏览 18
已采纳

图片上传PHP问题

I'm having some trouble uploading an image to the server. The image should be uploaded to the directory IteamImages and the name should be in the format: $userid_$date.png

Two Problems:

The image doesnt seem to show up in the directory

The image name shows up as: upload/Array_20140906072547.png (instead of upload/4_20140906072547.png)

$UserId=$_POST['UserId']; 
$uploaddir = "IteamImages/";
$DateLastEdit = $UserID."_".date("YmdHis");
$dateCreates = date("Y-m-d H:i:s");
$file = $DateLastEdit.".png";
$uploadfile = $uploaddir . $file;

if ($_FILES["file"]["error"] > 0) {
  echo "Error: " . $_FILES["file"]["error"] . "<br>";
} else {
  echo "Upload: " . $_FILES["file"]["name"] . "<br>";
  echo "Type: " . $_FILES["file"]["type"] . "<br>";
  echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
  echo "Stored in: " . $_FILES["file"].$file;
}
if (file_exists("upload/" . $_FILES["file"]["name"])) {
      echo $_FILES["file"]["name"] . " already exists. ";
    } else {
      move_uploaded_file($_FILES["file"].$file,
      "upload/" . $_FILES["file"].$file);
      echo "Stored in: " . "upload/" . $_FILES["file"].$file;
    }

mysql_query("UPDATE ItemDetails SET ItemImage='$file' WHERE UserID ='$UserID' AND Id='$last'");

This is part of the html form:

<form action="manual-item-post.php" method="post" enctype="multipart/form-data">
UserId: <input type="text" name="UserId"><br>
<label for="file">Image Upload:</label><br>
<input type="file" name="file" id="file"><br>
<input type="submit">
</form>
  • 写回答

1条回答 默认 最新

  • doushen2154 2014-09-06 11:38
    关注

    $_FILES["file"] is an array and when you concatenate it echo "Stored in: " . "upload/" . $_FILES["file"].$file; PHP automatically converts it to string, resulting in Array.

    I suppose you wanted it to be echo "Stored in: " . "upload/" . $file;

    Also you might want to change move_uploaded_file($_FILES["file"].$file, "upload/" . $_FILES["file"].$file); to move_uploaded_file($_FILES["file"]['tmp_name'], $uploadfile); ($_FILES["file"]['tmp_name'] is the path of the uploaded temp file you want to move)

    And $DateLastEdit = $UserID."_".date("YmdHis"); will always result in "_DATE" as the variable is wrong (needs to be $DateLastEdit = (int)$UserId."_".date("YmdHis");)

    PS: I cast $UserId to integer, otherwise directory traversal is possible (e.g., post ../../something/ as UserId). And by directly passing user entered data to an SQL query, you also have a SQL injection.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 c程序不知道为什么得不到结果
  • ¥40 复杂的限制性的商函数处理
  • ¥15 程序不包含适用于入口点的静态Main方法
  • ¥15 素材场景中光线烘焙后灯光失效
  • ¥15 请教一下各位,为什么我这个没有实现模拟点击
  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置