duannaiying9662
2018-12-20 19:31
浏览 51
已采纳

PHP MySqli如何使用数据库中的路径修复插入文件?

i'm inserting the path of the file (pdf) to the database and i'm saving the file to a folder ( files/contracts ). I'm doing something wrong since in my database (i'm using phpmyadmin ) under contracts it is showing like this: "files/contracts/TEST5.pdf" with the path to the folder. Also when i list it it is showing the path. Can you please help me?

This is the code i'm using for inserting:

$contract_path = mysqli_real_escape_string($conn, 'files/contracts/'.$_FILES['contractupload']['name']);

if (copy($_FILES['contractupload']['tmp_name'], $contract_path)){

$sql = "INSERT INTO addemployees (fname, lname, dob, embg, address, city, mobile, email, workplace, workposition, jobstartdate, contractfrom, contractto, healthbookfrom,
                                  healthbookto, contractupload, bankaccount, bank, workcode, gender, bloodtype, notes)
        VALUES ('$fname', '$lname', '$dob', '$embg', '$address', '$city', '$mobile', '$email', '$workplace', '$workposition', '$jobstartdate', '$contractfrom', '$contractto',
                '$healthbookfrom', '$healthbookto', '$contract_path', '$bankaccount', '$bank', '$workcode', '$gender', '$bloodtype', '$notes')";

This is all code:

<?php
$server = "localhost";
$user = "bale";
$pass = "blagojce";
$dbname = "employees";

// Create connection
$conn = mysqli_connect($server, $user, $pass, $dbname);

// Check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}

$fname = mysqli_real_escape_string($conn, $_POST['fname']);
$lname = mysqli_real_escape_string($conn, $_POST['lname']);
$dob = mysqli_real_escape_string($conn, $_POST['dob']);
$embg = mysqli_real_escape_string($conn, $_POST['embg']);
$address = mysqli_real_escape_string($conn, $_POST['address']);
$city = mysqli_real_escape_string($conn, $_POST['city']);
$mobile = mysqli_real_escape_string($conn, $_POST['mobile']);
$email = mysqli_real_escape_string($conn, $_POST['email']);
$workplace = mysqli_real_escape_string($conn, $_POST['workplace']);
$workposition = mysqli_real_escape_string($conn, $_POST['workposition']);
$jobstartdate = mysqli_real_escape_string($conn, $_POST['jobstartdate']);
$contractfrom = mysqli_real_escape_string($conn, $_POST['contractfrom']);
$contractto = mysqli_real_escape_string($conn, $_POST['contractto']);
$healthbookfrom = mysqli_real_escape_string($conn, $_POST['healthbookfrom']);
$healthbookto = mysqli_real_escape_string($conn, $_POST['healthbookto']);
$bankaccount = mysqli_real_escape_string($conn, $_POST['bankaccount']);
$bank = mysqli_real_escape_string($conn, $_POST['bank']);
$workcode = mysqli_real_escape_string($conn, $_POST['workcode']);
$gender = mysqli_real_escape_string($conn, $_POST['gender']);
$bloodtype = mysqli_real_escape_string($conn, $_POST['bloodtype']);
$notes = mysqli_real_escape_string($conn, $_POST['notes']);
$contract_path = mysqli_real_escape_string($conn, 'files/contracts/'.$_FILES['contractupload']['name']);

if (copy($_FILES['contractupload']['tmp_name'], $contract_path)){

$sql = "INSERT INTO addemployees (fname, lname, dob, embg, address, city, mobile, email, workplace, workposition, jobstartdate, contractfrom, contractto, healthbookfrom,
                                  healthbookto, contractupload, bankaccount, bank, workcode, gender, bloodtype, notes)
        VALUES ('$fname', '$lname', '$dob', '$embg', '$address', '$city', '$mobile', '$email', '$workplace', '$workposition', '$jobstartdate', '$contractfrom', '$contractto',
                '$healthbookfrom', '$healthbookto', '$contract_path', '$bankaccount', '$bank', '$workcode', '$gender', '$bloodtype', '$notes')";

if (mysqli_query($conn, $sql)) {
  header("location: employees.php");

} else {
    echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}

}
else {
    $_SERVER['message'] = 'File upload failed!';
}

//Close the connection
mysqli_close($conn);

?>
  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 邀请回答

1条回答 默认 最新

  • dongxia8656 2018-12-20 20:56
    最佳回答

    You told it to store $contract_path in the database, and on the previous line you set this to a path that begins with files/contracts.

    If you want to store just the filename, put that in a different variable:

    $contract_file = basename($_FILES['contractupload']['name']);
    $contract_path = "files/contracts/$contract_file";
    $contract_file = mysqli_real_escape_string($conn, $contract_file);
    

    Then use $contract_file instead of $contract_path in the INSERT query.

    BTW, it would be better to use parametrized queries instead of substituting variables into the query, even if you use mysqli_real_escape_string().

    评论
    解决 无用
    打赏 举报

相关推荐 更多相似问题