$conn = mysqli_connect("localhost","root","","vfssite");
if (isset($_POST['submit']))
{
$filetemp = $_FILES['file']['tmp_name'];
$filename = $filepath . basename($_FILES["fileToUpload"]["name"]);
$filepath = "uploads/galleryuploadwedding/".$filename;
$uploadOk = 1;
$imageFileType = pathinfo($filename,PATHINFO_EXTENSION);
move_uploaded_file($filetemp, $filepath);
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" )
{
echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
}
$sql = "INSERT INTO gallerywedding (imagename) values ('$filename')";
if ($result = mysqli_query($conn, $sql))
{
echo "<script type='text/javascript'>alert('submitted successfully!')</script>";
} else
echo "Error";
}
上传带有类型验证的图像文件时出错并保存在文件夹中并在数据库中保存路径
- 写回答
- 好问题 0 提建议
- 追加酬金
- 关注问题
分享- 邀请回答
-
1条回答 默认 最新
- dpu66046 2017-05-28 11:30关注
@Yuva Kishore here is the code which work. It is similar to your code and you can differentiate here. I have user PHP MYSQLI PREPARED STATEMENT AGAINST SQL INJECTION WHEN YOU ARE SEND DATA WITH INPUT FIELDS.
HTML CODE :
<form action="" method="post" enctype="multipart/form-data"> <input type="file" name="file" > <input type="submit" name="submit" > </form>PHP CODE TO UPLOAD IMAGE AND INSERT INTO DATABASE
<?php $servername = "localhost"; $username = "root"; $password = "admin"; $dbname = "demo"; // Create connection $conn = new mysqli($servername, $username, $password, $dbname); if(isset($_POST['submit'])){ $file_name = $_FILES['file']['name']; $filename_tmp = $_FILES['file']['tmp_name']; $path = 'uploads/galleryuploadwedding/'; $imageFileType = pathinfo($file_name,PATHINFO_EXTENSION); if($imageFileType == "jpg" || $imageFileType == "PNG" || $imageFileType == "jpeg" || $imageFileType == "gif") { //NOW MOVE UPLOADED FILE TO PATH if(move_uploaded_file($filename_tmp,$path.$file_name)){ echo "Success"; //NOW INSERT THE IMAGE NAME TO DATABASE //USER MYSQLI PREPARED STATEMENT AGAINST SQL INJECTION $sql = $conn->stmt_init(); $query = "INSERT INTO gallerywedding (imagename) VALUES (?)"; if($sql->prepare($query)){ $sql->bind_param('s',$file_name); if($sql->execute()){ echo "Successfuly inserted the image to database"; } } else { echo "Error".$conn->error; } } } else { echo $imageFileType."<br>"; echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed."; } } ?>Feel free to ask questions comment below my post
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏举报 分享
- 2017-05-28 10:39回答 1 已采纳 @Yuva Kishore here is the code which work. It is similar to your code and you can differentiate he
- 2016-12-01 03:43回答 3 已采纳 Looks like you have "country" in your schema and it is not nullable() and/or has no default(), and
- 2018-12-10 10:58回答 2 已采纳 For image uploading via ajax you have to manually append image to FormData so change your code lit
- 2020-02-03 10:40asdfgh0077的博客 因此,我正在使用一个将图像大量存储在数据库中的应用程序。 您对此有何看法? 我更喜欢将位置存储在文件系统中,而不是直接将其存储在数据库中。 您认为优点/缺点是什么?
- 2017-05-09 18:22回答 3 已采纳 In case someone is looking for an answer to this question, Now after two years of working as a dev
- 2017-06-04 20:40回答 1 已采纳 Based off your comment, you want ONLY VALID data to go into the file. But your PHP check is looki
- 2017-03-10 10:15回答 1 已采纳 I solved the problem using the below PHP Script. I did not use alias for the SQL output which is d
- 2022-02-19 13:08allway2的博客 将 REST API 添加到 MySQL/MariaDB、PostgreSQL、SQL Server 或 SQLite 数据库的单个文件 PHP 脚本。 注意:这是 PHP 中的TreeQL参考实现。 相关项目: JS-CRUD-API: PHP-CRUD-API API 的 JavaScript 客户端库 ...
- 2016-02-10 10:00回答 1 已采纳 There is nothing wrong with your code but the approach is wrong, you are using jQuery validation p
- 2010-12-23 09:37回答 2 已采纳 Your calling checklogin() before it gets a chance to actually connect to the database!
- 2019-06-14 14:05回答 1 已采纳 It appears that for some reason Edge seems to prefer having NTLM before Negotiate in the list. Don
- 2024-02-16 08:00未知百分百的博客 该靶场提供了丰富的漏洞场景和挑战,涵盖了常见的Web安全漏洞类型,包括但不限于SQL注入、XSS跨站脚本攻击、CSRF跨站请求伪造、文件上传漏洞等。 通过upload-labs,用户可以在真实的环境中进行漏洞挖掘和漏洞利用的...
- 2016-09-30 09:13回答 2 已采纳 You can use get-headers() to obtain information such as content type and filesize before actually
- 2023-07-10 00:51Afanbird的博客 文件上传漏洞是指用户通过界面上的上传功能上传了一个可执行的脚本文件,而WEB端的系统并未对其进行检测或者检测的逻辑做的不够好。
- 2023-03-17 11:10二零久八的博客 此指令描述了PHP注册GET, POST, Cookie, 环境 和 内置变量的顺序 (各自使用G, P, C, E 和 S , 一般使用 EGPCS 或 GPC). 注册使用从左往右的顺序, 新的值会覆盖旧的值.mysqli_connect()默认的端口号. 如果没有设置, ...
- 没有解决我的问题, 去提问
悬赏问题
- ¥15 #MATLAB仿真#车辆换道路径规划
- ¥15 java 操作 elasticsearch 8.1 实现 索引的重建
- ¥15 数据可视化Python
- ¥15 要给毕业设计添加扫码登录的功能!!有偿
- ¥15 kafka 分区副本增加会导致消息丢失或者不可用吗?
- ¥15 微信公众号自制会员卡没有收款渠道啊
- ¥100 Jenkins自动化部署—悬赏100元
- ¥15 关于#python#的问题:求帮写python代码
- ¥20 MATLAB画图图形出现上下震荡的线条
- ¥15 关于#windows#的问题:怎么用WIN 11系统的电脑 克隆WIN NT3.51-4.0系统的硬盘